IEC 62351 is a standard developed by WG15 of IEC TC57. This is developed for handling the security of TC 57 series of protocols including IEC 60870-5 series, IEC 60870-6 series, IEC 61850 series, IEC 61970 series & IEC 61968 series. The different security objectives include authentication of data transfer through digital signatures, ensuring only authenticated access, prevention of eavesdropping, prevention of playback and spoofing, and intrusion detection.

• IEC 62351-1 — Introduction to the standard
• IEC 62351-2 — Glossary of terms
• IEC 62351-3 — Security for any profiles including TCP/IP.
  • TLS Encryption
  • Node Authentication by means of X.509 certificates
  • Message Authentication
• IEC 62351-4 — Security for any profiles including MMS (e.g., ICCP-based IEC 60870-6, IEC 61850, etc.).
  • Authentication for MMS
  • TLS (RFC 2246)is inserted between RFC 1006 & RFC 793 to provide transport layer security
• IEC 62351-5 — Security for any profiles including IEC 60870-5 (e.g., DNP3 derivative)
  • TLS for TCP/IP profiles and encryption for serial profiles.
• IEC 62351-6 — Security for IEC 61850 profiles.
  • VLAN use is made as mandatory for GOOSE
  • RFC 2030 to be used for SNTP
• IEC 62351-7 — Security through network and system management.
  • Defines Management Information Base (MIBs) that are specific for the power industry, to handle network and system management through SNMP based methods.
• IEC 62351-8 — Role-based access control.
  • Covers the access control of users and automated agents to data objects in power systems by means of role-based access control (RBAC).
• IEC 62351-9 — Key Management
  • Describes the correct and safe usage of safety-critical parameters, e.g. passwords, encryption keys.
  • Covers the whole life cycle of cryptographic information (enrollment, creation, distribution, installation, usage, storage and removal).
  • Methods for algorithms using asymmetric cryptography
    • Handling of digital certificates (public / private key)
    • Setup of the PKI environment with X.509 certificates
    • Certificate enrollment by means of SCEP / CMP / EST
    • Certificate revocation by means of CRL / OCSP
  • A secure distribution mechanism based on GDOI and the IKEv2 protocol is presented for the usage of symmetric keys, e.g. session keys.
• IEC 62351-10 — Security Architecture
  • Explanation of security architectures for the entire IT infrastructure
  • Identifying critical points of the communication architecture, e.g. substation control center, substation automation
  • Appropriate mechanisms security requirements, e.g. data encryption, user authentication
  • Applicability of well-proven standards from the IT domain, e.g. VPN tunnel, secure FTP, HTTPS
• IEC 62351-11 — Security for XML Files
  • Embedding of the original XML content into an XML container
  • Date of issue and access control for XML data
  • X.509 signature for authenticity of XML data
  • Optional data encryption

• IEC TC 57
• List of IEC technical committees

• Application of the IEC 62351 at IPCOMM GmbH
• Report about the implementation of IEC 62351-7
• "IEC 62351" at International Electrotechnical Commission