Saturday, February 20, 2016

Draft IEC 62351-13 TR - Guidelines on what security topics should be covered in standards and specifications

IEC TC 57 just published a very interesting draft technical report (57/1678/DTR):
IEC 62351-13 TR: Power systems management and associated information exchange -
Data and communications security -
Part 13: Guidelines on what security topics should be covered in standards and specifications
Voting terminates on 2016-04-15

The draft covers the following topics:


Excerpt from the document:
"1.2 Purpose of this Document
The security requirements for human users and software applications are different from the purely
technical security requirements found in many communication and device standards. For user security standards, more emphasis must be on “policy and procedures” and “roles and authorization” rather than “bits and bytes” cryptographic technologies that should be included in Information and Communications Technology (ICT). In addition, engineering practices and system configurations must be taken into account, since no cryptography can compensate for poor design."

As an excerpt not this single bullet: "Validation of information input for format and reasonability, including that the input is in the correct format, that values are within limits, that the values are not beyond the capabilities of the automation system."

There is always something to better understand!

No comments: