IEC TC 57 has posted two new CDVs for public comments (for everybody to read the document for free):
57/2068/CDV
IEC 62351-3/AMD2 ED1: Amendment 2 - Power systems management and associated information exchange - Data and communications security -
Part 3: Communication network and system security - Profiles including TCP/IP
57/2069/CDV (67 pages)
IEC 62351-8 ED1: Power systems management and associated information exchange - Data and communications security -
Part 8: Role-based access control
57/2068/CDV
IEC 62351-3/AMD2 ED1: Amendment 2 - Power systems management and associated information exchange - Data and communications security -
Part 3: Communication network and system security - Profiles including TCP/IP
57/2069/CDV (67 pages)
IEC 62351-8 ED1: Power systems management and associated information exchange - Data and communications security -
Part 8: Role-based access control
This effort will transform the existing IEC TS 62351-8 ED1 from an IEC TS (Technical Specification) into an IS (International Standard) ED1
Excerpt from the Scope:
"The scope of this standard is to facilitate role-based access control (RBAC) for power system management. RBAC assigns human users, automated systems, and software applications (called “subjects” in this document) to specified “roles”, and restricts their access to only those resources, which the security policies identify as necessary for their roles.
As electric power systems become more automated and cyber security concerns become more prominent, it is becoming increasingly critical to ensure that access to data (read, write, control, etc.) is restricted. As in many aspects of security, RBAC is not just a technology; it is a way of running a business. RBAC is not a new concept; in fact, it is used by many operating systems to control access to system resources. Specifically, RBAC provides an alternative to the all-or-nothing super-user model in which all subjects have access to all data, including control commands. ..."
Be aware that RBAC is required in systems where multiple clients (in the sense of, e.g., IEC 61850) need to access a server. One use case is where multiple power market participants want to manage a power resource.