For Publishers
DiscoveryMetadataPeer reviewHostingPublishing
For Researchers
JoinPublishReviewCollect
Register
Blog
About
Search
Advanced search
My ScienceOpen
Search
For Publishers
For Researchers
Blog
About
1,683
views
15
references
 Top references
cited by
1
    
0 reviews
 Review
0
comments
 Comment
0
recommends
+1 Recommend
1 collections
    4
    shares
      223
      similar
       All similar

      Celebrating 65 years of The Computer Journal - free-to-read perspectives - bcs.org/tcj65

      scite_
       
      • Record: found
      • Abstract: found
      • Conference Proceedings: found
      Is Open Access

      Assessing the Security of IEC 62351

      Published
      proceedings-article
      Author(s): , ,
      Publication date (Print):
      Conference name: 3rd International Symposium for ICS & SCADA Cyber Security Research 2015 (ICS-CSR 2015) (ICS-CSR)
      Conference theme: Industrial Control System & SCADA Cyber Security Research (ICS-CSR)
      Conference date: 17 - 18 September 2015
      Keywords: cyber security, IEC 62351, cyber security standard
      Bookmark

            Abstract

            IEC 62351 is an industry standard aimed at improving security in automation systems in the power system domain. It contains provisions to ensure the integrity, authenticity and confidentiality for different protocols used in power systems. In this paper we look at the different parts of IEC 62351 and assess to what extent the standard manages to improve security in automation systems. We also point out some incongruities in the algorithms or parameters chosen in parts of the standard. Overall, we conclude that the standard can significantly improve security in power systems if applied comprehensively, but we also note that the need to preserve (partial) backwards-compatibility has led to some design choices that provide less security than could have been achieved with a more ambitious approach.

            Content

            Author and article information

            Contributors
            Roman Schlegel
            Sebastian Obermeier
            Johannes Schneider
            Conference
            Publication date: September 2015
            Publication date (Print): September 2015
            Pages: 11-19
            Affiliations
            [0001]ABB Corporate Research

            Segelhofstr. 1K, Baden

            Switzerland
            Article
            DOI: 10.14236/ewic/ICS2015.2
            SO-VID: a50c986c-4c60-4364-aa14-378516f512c7
            Copyright © © Schlegel et al. Published by BCS Learning & Development Ltd. Proceedings of the 3 rd International Symposium for ICS & SCADA Cyber Security Research 2015
            License:

            This work is licensed under a Creative Commons Attribution 4.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/

            Conference name: 3rd International Symposium for ICS & SCADA Cyber Security Research 2015 (ICS-CSR 2015)
            Conference acronym: ICS-CSR
            Conference number: 3
            Conference location: Germany
            Conference date: 17 - 18 September 2015
            Conference sponsor: Electronic Workshops in Computing (eWiC)
            Conference theme: Industrial Control System & SCADA Cyber Security Research (ICS-CSR)
            History
            Product

            1477-9358 BCS Learning & Development

            Self URI (article page): https://www.scienceopen.com/hosted-document?doi=10.14236/ewic/ICS2015.2
            Self URI (journal page): https://ewic.bcs.org/
            Categories
            Series title: Electronic Workshops in Computing

            ScienceOpen disciplines: Applied computer science,Computer science,Security & Cryptology,Graphics & Multimedia design,General computer science,Human-computer-interaction
            Keywords: IEC 62351,cyber security,cyber security standard

            References

            1. 2013 On the security of RC4 in TLS Presented as Part of the 22nd USENIX Security Symposium (USENIX Security 13) Washington D.C 305 320

            2. 2010 security Economics and critical national infrastructure Economics of Information Security and Privacy Berlin, Germany Springer 55 66

            3. 1990 May Simple network management protocol (SNMP) RFC 1157 (Historic)

            4. 1996 Jan Introduction to community-based SNMPv2 RFC 1901 (Historic)

            5. 2008 May Internet X.509 public key infrastructure certificate and certificate revocation list (CRL) profile RFC 5280 (Proposed Standard). Updated by RFC 6818

            6. , 2003 Performance comparison of message authentication code (MAC) algorithms for Internet protocol security (IPSEC) Proc. Newfoundland Electrical and Computer Engineering Conf

            7. 2008 Aug The transport layer security (TLS) protocol version 1.2. RFC 5246 (proposed standard) Updated by RFCs 5746, 5878, 6176, 7465

            8. 2011 Jan Transport layer Security (TLS) Extensions: Extension Definitions RFC 6066 (Proposed Standard)

            9. , 2010 May Enhancing IEC 62351 to Improve security for energy automation in smart grid environments Fifth International Conference Internet and Web Applications and Services (ICIW) 135 142

            10. 2011 Apr Security for the smart grid - enhancing IEC 62351 to improve security in energy automation control Int. J. Adv. Security 3 169 183

            11. 2010 The protection of substation communications Proceedings of SCADA Security Scientific Symposium

            12. 2012 Infrastructure and resilience Government Office for Science. Tech. Rep

            13. 2002 Dec An architecture for describing simple network management protocol (SNMP) management frameworks RFC 3411 (INTERNET STANDARD). Updated by RFCs 5343, 5590

            14. IEEE Standards Association 1815-2012 2012 IEEE standard for electric power systems communications-distributed network protocol (DNP3) Available from http://standards.ieee.org/ findstds/standard/1815-2012.html

            15. International Electrotechnical Commission IEC 61850 2010a Power utility automation Available from http://www.iec.ch/smartgrid/standards/

            16. International Electrotechnical Commission IEC 62351 2010b Security Availbale from http://www.iec.ch/smartgrid/standards/

            17. International Organization for Standardization ISO 9506 2014 Industrial automation systems manufacturing message specification Available from http://www.iso.org/iso/cataloguedetail.htm?csnumber=37079

            18. 2004 Key length Contribution to The Handbook of Information Security

            19. 2012 A survey of SCADA and critical infrastructure incidents Proceedings of the 1st Annual Conference on Research in Information Technology, RIIT ’12 New York, NY, USA 51 56

            20. National Institute of Standards and Technology (NIST) 2007 Mar Recommendation for key management - Part 1: general (revised) Available from http://csrc.nist.gov/publications/nistpubs/ 800-57/sp800-57-Part1-revised2 Mar08-2007.pdf

            21. CIP (Critical Infrastructure Protection) Standards 2015 North American Electric Reliability Corporation Available from http://www.nerc.com/pa/ Stand/Pages/CIPStandards.aspx

            22. 2015 Feb Prohibiting RC4 cipher suites RFC 7465 (Proposed Standard)

            23. 1981a Sept Internet protocol. RFC 791 (INTERNET STANDARD) Updated by RFCs 1349, 2474, 6864

            24. 1981b Sept Transmission control protocol. RFC 793 (INTERNET STANDARD) Updated by RFCs 1122, 3168, 6093, 6528

            25. 1987 May ISO transport service on top of the TCP version: 3. RFC 1006 (INTERNET STANDARD) Updated by RFC 2126

            26. 2013 New collision attacks on SHA-1 based on optimal joint local-collision analysis Advances in Cryptology–EUROCRYPT New York Springer 245 261

            27. 2011 SP 800-82 Guide to Industrial control systems (ICS) security: Supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and other control system configurations such as programmable logic controllers (PLC) Gaithersburg, MD, USA Tech. Rep

            28. ISA/IEC 62443 2014 The International Society of Automation (ISA) / International Electrotechnical Commission (IEC) Available from http://isa99.isa.org/ISA99%20Wiki/Home.aspx

            29. 2011 SSL/TLS & perfect forward secrecy Available from http://vincent.bernat.im/en/blog/2011-ssl-perfect-forward-secrecy.html

            Comments

            Comment on this article