IEC TS 62351-7:2010 pdf - Power systems management and associated information exchange -Data and communications security - Part 7: Network and system management(NSM) data object models

IEC TS 62351-7:2010 pdf – Power systems management and associated information exchange -Data and communications security – Part 7: Network and system management(NSM) data object models.
This statement is crucial to understanding the scope of this standard. Although some definitions of security Just include the protection of systems against the deliberate attacks of terrorists or cyber hackers, often more damage is done by carelessness, equipment failures and natural disasters than by those deliberate attacks. Therefore, in this standard, security covers all hazards, including deliberate attacks, inadvertent mistakes, equipment failures, software problems and natural disasters. For the security and reliability of power system operations. it does not matter whether a problem was caused by a deliberate attack or by an inadvertent achon.
In addition, many of the same measures that could be used against deliberate attacks can be used against inadvertent actions. Therefore, it is useful and cost-effective to address both types of security threats with the same types of security measures
5.1.2 End-to-end security measures
IEC!TS 62351.3 to IECITS 62351-6 address security measures for communication protocols, End-to-end security entails a much larger scope than just the authentication of users and the encryption of these protocols. End-to-end security involves security policies, access control mechanisms, key management, audit logs, and other critical infrastructure protection issues. It also entails secunng the information infrastructure itself.
As discussed in IECITS 62351-1, security threat agents include:
a) Inadvertent: Threat agents which may cause inadvertent attacks on systems:
• careless users,
• employees who bypass security;
• safety system failures:
• equipment failures:
• natural disasters.
b) Deliberate: Threat agents which undertake deliberate attacks:
• disgruntled employee,
• industrial espionage agents:
• vandals:
• cyber hackers;
• viruses and worms;
• thieves;
• terrorists,
The key point is that the overall security of power system operations is threatened not only by deliberate acts of terrorism but by many other, sometimes deliberate, sometimes Inadvertent threats that can ultimately have more devastating consequences than direct espionage.
As noted in IECITS 62351-1, securing protocols using IEC!TS 62351.3 to IECITS 62351-6 essentially provides authentication and (for some protocols) encryption over the communications link, covering 3 of the 4 security requirements: integrity, confidentiality and non-repudiation. These very important security measures still, however, leave serious gaps:
— First, they cover only the protocols over the commurncations link, and do not address the end users and end equipment. Masquerading users, equipment failures or undetected intrusions can disrupt operations even if the data exchanges are continuing correctly.
— Second, they do not address denial of service. Denial of service can take many forms. from slowed data exchanges, failures of equipment, faults in communication paths, sporadic or decreased availability, interference and theft,
Although the main objective of security measures may be to prevent security attacks, security measures cannot be entirely preventative. If only prevention were attempted, then when (there is always a when) an attacker does manage to penetrate a periphery, they would have complete freedom to do whatever damage they wanted to. Therefore, prevention of attacks should be viewed as both deterrence and delay of attacks. In addition, security protection needs to be provided to counter attacks that were not deterred.
5.1.3 Security purposes
The purposes for security protection are often described as 5 layers, with security measures addressing one or more of these layers:
• Deterrence and delay. to try to avoid attacks or at least delay them long enough for counter actions to be undertaken. This Is the primary defence, but should not be viewed as the only defence.
• Detection of attacks, primarily those that were not deterred, but could Include attempts at attacks. Detection Is crucial to any other security measures since it an attack Is not recognized, little can be done to prevent It. Intrusion detection capabilities can play a large role In this effort.
• Assessment of attacks, to determine the nature and severity of the attack. For instance, has the attack breached the confidentiality of private data, or is the attack more of a nuisance such as the printer not being available.
• Communication and notification, so that the appropriate authorities and/or computer systems can be made aware of the security attack In a timely manner. Network and system management can play a large role in this effort.
• Response to attacks, which includes actions by the appropriate authorities and computer systems to mitigate the effect of the attack In a timely manner. This response can then deter or delay a subsequent attack.
5.1.4 Role of networI and system management (NSM) in end.to-end security
End-to-end security involves far more than encryption or authentication, which are the primary security methods. As discussed In IEC/TS 62351.1 and shown In Figure 1, the entire Information Infrastructure must be made secure and reliable In order to provide security and reliability of power system operations. Figure 2 shows the management of both the power system Infrastructure and the information Infrastructure.