Draft of First Amendment to IEC 62351-3 (power system security) Published

Draft IEC 62351-3/AMD1 ED1 (57/1894/CDV)
Amendment 1 – Power systems management and associated information exchange – Data and communications security – Part 3: Communication network and system security – Profiles including TCP/IP
The crucial amendment has been prepared by IEC TC57 Working Group 15 in order to address the following:

1. Definition of additional security warnings for TLS versions 1.1 and 1.0
2. Alignment of handling of revoked or expired certificates for TLS session resumption and TLS session renegotiation
3. Clarification regarding session resumption and session renegotiation invocation based on session time.
4. Enhancement of session resumption approach with the option of session tickets to better align with the upcoming new version of TLS
5. Enhancement of the utilized public key methods for signing and key management with ECDSA based algorithms
6. Update of the requirements for referencing standards
7. Update of bibliograph

The CDV ballot ends 2017-11-03

What about security for SCADA systems?

Since the early 80s we have discussions on open systems. I remember well people saying in 1984: If you want open systems – you must be crazy. True! If you don’t shut the doors of the access and let only those in that are allowed to.

There are measures to secure the access – but they have to be implemented and used. There are a lot of concerns about embedded systems on the internet and security.

Read this up-to-date story – and you may not sleep tonight:

Journalists warned system owners and Norwegian NSA of 2500 critical data flaws

How two journalists set out on a mission to test the data security in the whole of Norway

Excerpt:

“Thus far, they have found:
• 290 vulnerable control systems, in banks, schools, nursing homes - and a military camp
• 2048 surveillance cameras in private homes, night clubs, shops and restaurants
• 2500 control systems connected to the Internet with minimal or no security
• 500 of these control industrial or critical infrastructure
• Thousands of data bases and servers that give away content without passwords

These are all found in Norway. Guess if it is any better in your country?”

Click HERE for the report.

And YOU? Become more serious about security!!! For the good of you and all of us – all over.

And do not blame IEC 61850 not providing security measures! It has: IEC 62351 shall be applied – but you gave to do it! Do it!

http://blog.iec61850.com/2015/02/standard-iec-62351-3-communication.html

Standard IEC 62351-3 “Communication network and system security - Profiles including TCP/IP” published

IEC TC 57 has published the crucial standard for security:

Standard IEC 62351-3
Power systems management and associated information exchange - Data and communications security -
Part 3: Communication network and system security - Profiles including TCP/IP

Partie 3: Sécurité des réseaux et des systèmes de communication – Profils comprenant TCP/IP

This part of IEC 62351 specifies how to secure TCP/IP-based protocols through constraints on the specification of the messages, procedures, and algorithms of Transport Layer Security (TLS) (defined in RFC 5246) so that they are applicable to the telecontrol environment of the IEC. TLS is applied to protect the TCP communication. It is intended that this standard be referenced as a normative part of other IEC standards (e.g., IEC 60870-5, IEC 60870-6, IEC 61850, IEC 61400-25, …) that have the need for providing security for their TCP/IP-based protocol.

Now it is up to the vendors and users to implement this standard or require it, respectively.

There is no accuse anymore that IEC 61850 has no security measures defined in form of a standard that can officially be referenced.

Click HERE for the preview of the new standard.

Approved for Publication as Standard: FDIS IEC 62351-3 Communication network and system security – Profiles including TCP/IP

The following document has been approved by 100 per cent of the IEC TC 57 national committees:

FDIS IEC 62351-3 (57/1498/FDIS):
Power systems management and associated information exchange – Data and
communications security – Part 3: Communication network and system security – Profiles including TCP/IP

Click HERE for some additional details.

Just published FDIS IEC 62351-3 Communication network and system security – Profiles including TCP/IP

Security is discussed all over. IEC TC 57 has just published the following Final Draft International Standard:

FDIS IEC 62351-3 (57/1498/FDIS):
Power systems management and associated information exchange – Data and
communications security – Part 3: Communication network and system security – Profiles including TCP/IP

This part 3 was a Technical Specification. The just published FDIS will – once approved as standard cancel and replace IEC TS 62351-3:2007.

The voting on the FDIS closes 2014-10-10. Please check with your TC 57 national mirror committee to get a copy of the draft for comments.

The standard will cover the following:

A crucial definition of this standard will be to require “TLS v1.2 as defined in RFC 5246 (sometimes referred to as SSL v3.3) or higher shall be supported.”

Be smart and build-in security measures like the ones defined in the IEC 62351-3 Standard! You have to ask for it if you are a user – or you must implement it if you are a manufacturer of smart devices.