IEC TC 57 Published FDIS IEC 62351-11 Security for XML Documents

Have you ever seen a multi MegaByte XML file used for system or device configurations, COMTRADE, COMFEDE, or other purposes? I have big SCL files that represent real substation specifications. What happens if one (1) single character is removed or changed by somebody ...? A change of a single character can have very severe consequences!
In order to secure XML Files in the context of IEC and other standards organizations, IEC TC 57 just published the document:
57/1753/FDIS: Power systems management and associated information exchange – Data and communications security – IEC 62351-11: Security for XML Documents

Voting closes 2016-09-02

IEC 62351-11 specifies schema, procedures, and algorithms for securing XML documents that are used within the scope of the IEC as well as documents in other domains (e.g. IEEE, proprietary, etc.). This part is intended to be referenced by standards if secure exchanges are required, unless there is an agreement between parties in order to use other recognized secure exchange mechanisms. It utilizes well-known W3C standards for XML document security and provides profiling of these standards and additional extensions.

IEC 62351-11: Draft on Securing XML files

XML (a notation for structured documents) is used in many standards published by IEC TC 57 (Power systems management and associated information exchange). IEC 61850-6 (SCL) is one of these parts that rely on XML and XML schema.

A small change in an SCL file may have a crucial impact of the content of the whole file.  There is a need to secure such files.

IEC TC 57 just published the first CDV:

IEC 62351-11 Ed.1 (57/1562/CDV)

Power systems management and associated information exchange - Data and communications security -
Part 11: Security for XML files

The 62351-11 extensions provide the capability to provide:

• Header information: the header contains information relevant to the creation of the secured document such as the Date and Time of the when the IEC 62351-11 document was created.
• A choice of encapsulating the original XML document in an encrypted (Encrypted) or non-encrypted (nonEncrypted) format. If encryption is chosen, there is a mechanism provided to express the information required to actually perform encryption in an interoperable manner (EncryptionInfo).
• AccessControl: a mechanism to express access control information regarding information contained in the original XML document.
• Body: is used to contain the original XML document that is being encapsulated.
• Signature: a signature that can be used for the purposes of authentication and tamper detection.

What do you think about security? It is important! How many time and money have you and your colleagues or your management spent for making systems more secure? One Euro or 1000 Euro?

When it comes to costs – then people are behaving different.

Be more serious about security.

Security for XML based System and Device Configuration Information

Discussion on the protection of configuration information can be found HERE (just one blog post down). Please note that IEC TC 57 is working on a new part for series IEC 62351 (Data and communications security):

IEC 62351-11 Ed.1:
Power systems management and associated information exchange - Data and communications security – Part 11: Security for XML Files

The key objectives of this proposal are:

• Provide a mechanism to authenticate the source of the file.
• Provide a mechanism for tamper detection.
• Provide these security mechanisms in a manner that maintains as much compatibility with the current CIM, SCL, and other XML formats as possible.
• Provide a mechanism so that a source of data can identify what data may or may not be made available to other entities in addition to the initial receiving entity.

It is crucial for the whole industry to support these kinds of standardization projects. The user communities have to pay anyway: now or later.

We have that many good standards and draft material that should be implemented soon to make sure that we can keep control over a wide range of infrastructures.

Click HERE to download an White Paper on Security Standards in IEC TC57 written by Frances Cleveland, WG 15 Convenor [pdf].