Tuesday, March 31, 2015

IEC 62351-9: Cyber Security Key Management for Power System Equipment

IEC TC 57 has published the following draft standard:

IEC 62351-9 Ed.1 (57/1565/CD):
Power systems management and associated information exchange – Data and communications security – Part 9: Cyber security key management for power system equipment

Closing date for comments is 2015-07-03.

IEC 62351-9 specifies how to generate, distribute, revoke, and handle digital certificates and cryptographic keys to protect digital data and its communication. Included in the scope is the handling of asymmetric keys (e.g. private keys and X.509 certificates), as well as symmetric keys (e.g. session keys).
This part assumes that other standards have already chosen the type of keys and cryptography that will be utilized, since the cryptography algorithms and key materials chosen will be typically mandated by an organization’s own local security policies and by the need to be compliant with other international standards. This document therefore specifies only the management techniques for these selected key and cryptography infrastructures. The objective is to define requirements and technologies to achieve interoperability of key management.

Data and communications security are very crucial for the future power delivery system – take the various documents of the series IEC 62351 very serious!

No comments: