BS PD IEC TR 62351-12-2016 Power systems management and associated information exchange Data and communications security Resilience and security recommendations for power systems ws.pdf

1、BSI Standards PublicationPower systems management and associated informationexchange Data and communications securityPart 12: Resilience and security recommendations for power systems with distributed energy resources (DER) cyber-physical systemsPD IEC/TR 62351-12:2016National forewordThis Published

2、 Document is the UK implementation of IEC/TR 62351-12:2016.The UK participation in its preparation was entrusted to TechnicalCommittee PEL/57, Power systems management and associated information exchange.A list of organizations represented on this committee can be obtained onrequest to its secretary

3、.This publication does not purport to include all the necessary provisions ofa contract. Users are responsible for its correct application. The British Standards Institution 2016.Published by BSI Standards Limited 2016ISBN 978 0 580 92310 4ICS 33.200Compliance with a British Standard cannot confer i

4、mmunity fromlegal obligations.This Published Document was published under the authority of theStandards Policy and Strategy Committee on 30 April 2016.Amendments/corrigenda issued since publicationDate Text affectedPUBLISHED DOCUMENTPD IEC/TR 62351-12:2016IEC TR 62351-12 Edition 1.0 2016-04 TECHNICA

5、L REPORT Power systems management and associated information exchange Data and communications security Part 12: Resilience and security recommendations for power systems with distributed energy resources (DER) cyber-physical systems INTERNATIONAL ELECTROTECHNICAL COMMISSION ICS 33.200 ISBN 978-2-832

6、2-3255-2 Registered trademark of the International Electrotechnical Commission Warning! Make sure that you obtained this publication from an authorized distributor. colourinsidePD IEC/TR 62351-12:2016 2 IEC TR 62351-12:2016 IEC 2016 CONTENTS FOREWORD . 6 INTRODUCTION . 8 1 Scope 10 2 Normative refer

7、ences. 10 3 Terms and definitions 11 4 Abbreviations and acronyms 12 5 DER architectures and DER cyber-physical concepts . 13 5.1 Resiliency challenge for power systems with DER systems 13 5.2 Five-level DER hierarchical architecture 14 5.3 DER system interfaces 17 5.4 Resilience at different DER ar

8、chitectural levels 18 5.5 DER Systems as cyber-physical systems . 19 5.5.1 Protecting cyber-physical DER systems 19 5.5.2 Cyber-physical threats . 20 5.5.3 Resilience measures for cyber-physical systems . 21 6 Threats, vulnerabilities, and impacts on power system resilience 23 6.1 Threats engineerin

9、g and cyber . 23 6.1.1 Physical and electrical threats mostly but not entirely inadvertent . 23 6.1.2 Cyber threats inadvertent and deliberate . 23 6.2 Vulnerabilities engineering and cyber vulnerabilities 26 6.2.1 General . 26 6.2.2 Power system vulnerabilities and attacks 26 6.2.3 Cyber security v

10、ulnerabilities and attacks . 28 6.3 Risk management and mitigation techniques 30 6.3.1 Risk handling . 30 6.3.2 Risk mitigation categories 31 6.4 Impacts on power system resilience . 33 6.4.1 Safety impacts . 33 6.4.2 Power outage impacts 34 6.4.3 Power quality impacts 35 6.4.4 Financial impacts . 3

11、5 6.4.5 Regulatory and legal impacts . 36 6.4.6 Environmental impacts . 36 6.4.7 Goodwill and other “soft” impacts . 36 6.5 DER stakeholders resilience responsibilities . 36 6.6 Resilience Measures for DER systems to counter threats . 37 6.6.1 General IT cyber security approach for DER systems 37 6.

12、6.2 Resilience by engineering designs and operational strategies . 38 7 Level 1 DER System resilience recommendations 38 7.1 General . 38 7.2 Level 1 DER system: architecture 38 7.3 Level 1 DER system: vulnerabilities . 40 7.3.1 General . 40 7.3.2 Cyber vulnerabilities . 40 7.3.3 Engineering design

13、and development vulnerabilities . 40 PD IEC/TR 62351-12:2016IEC TR 62351-12:2016 IEC 2016 3 7.3.4 Deployment and operational vulnerabilities . 41 7.4 Level 1 DER system: impacts 41 7.5 Level 1 DER system: resilience recommendations . 44 7.5.1 General . 44 7.5.2 Manufacturer: DER system design for re

14、silience recommendations . 44 7.5.3 Integrator and installer: DER setup for meeting resilience recommendations . 45 7.5.4 Testing personnel: resilient DER system interconnection testing recommendations . 47 7.5.5 DER user: access recommendations 48 7.5.6 ICT designers: requirements for local DER com

15、munications 48 7.5.7 Security managers: alarming, logging, and reporting cyber security recommendations . 50 7.5.8 Maintenance personnel: resilience recommendations for maintenance, updating and re-testing, systems 50 7.5.9 Recommended coping actions during an attack or failure 51 7.5.10 Recommended

16、 recovery and analysis actions after an attack or failure 52 8 Level 2: Facilities DER energy management (FDEMS) resilience recommendations 52 8.1 Level 2 FDEMS: architecture . 52 8.2 Level 2 FDEMS: Vulnerabilities 54 8.3 Level 2 FDEMS: Impacts . 54 8.4 Level 2 FDEMS: Resilience recommendations . 56

17、 8.4.1 General . 56 8.4.2 Manufacturer: Design of FDEMS resilience recommendations . 56 8.4.3 Integrators and installer: FDEMS implementation for meeting resilience recommendations . 57 8.4.4 Testing personnel: Resilient FDEMS testing recommendations 60 8.4.5 FDEMS users: Access recommendations 60 8

18、.4.6 FDEMS ICT designers: Resilience recommendations 61 8.4.7 Security managers: Alarming, logging, and reporting recommendations . 63 8.4.8 Maintenance personnel: Resilience recommendations for maintenance, updating and re-testing, systems 63 8.4.9 Recommended coping actions during an attack or fai

19、lure 64 8.4.10 Recommended recovery and analysis actions after an attack or failure 65 9 Level 3: Third parties: Retail energy provider or aggregators resilience recommendations 66 9.1 Level 3: Third parties: ICT architecture 66 9.2 Level 3: Third parties: ICT vulnerabilities . 67 9.3 Level 3: Third

20、 parties: ICT impacts 68 9.4 Level 3: Third parties ICT: Resilience recommendations 69 9.4.1 Third party ICT designers: Resilience recommendations . 69 9.4.2 ICT users: Access recommendations 71 10 Level 4: Distribution operations analysis resilience recommendations . 72 10.1 Level 4 DSO analysis: A

21、rchitecture 72 10.2 Level 4 DSO analysis: Vulnerabilities . 73 10.3 Level 4 DSO analysis: Impacts 74 10.4 Level 4 DSO analysis: Resilience recommendations 76 10.4.1 Resilient design of distribution grid equipment with DER systems 76 10.4.2 Resilience through DSO grid operations with DER systems . 76

22、 PD IEC/TR 62351-12:2016 4 IEC TR 62351-12:2016 IEC 2016 10.4.3 Resilience through power system analysis 77 10.4.4 Resilience by stakeholder training 78 Annex A (informative) NISTIR 7628 Smart Grid Catalog of Security Requirements 79 A.1 NISTIR 7628 families of security requirements . 79 A.2 Detaile

23、d NISTIR 7626 Catalogue of Smart Grid Security Requirements 80 Annex B (informative) IT security guidelines . 85 B.1 Overview of cyber security issues for DER systems . 85 B.2 Security guidelines and policies across organizational boundaries 85 B.3 User and device authentication 87 B.4 Good practice

24、s for specifying and implementing cryptography 89 B.5 Cryptographic methods . 90 B.6 Cryptography used for transport layer security on networks 91 B.7 Wireless cryptography . 92 B.8 Key management using Public Key Cryptography . 92 B.9 Multicast and group keys . 94 B.10 Device and platform integrity

25、 . 94 B.11 Resilient network configurations 94 B.12 Network and system management (NSM) . 95 B.13 Some additional cyber security techniques . 95 B.14 Security testing procedures . 95 B.15 Security interoperability . 96 Annex C (informative) Mapping between IEC 62443-3-3, NISTIR 7628, and IEC TR 6235

26、1-12 . 97 C.1 Mapping table . 97 C.2 IEC TR 62351-12 cyber security items not mapped to all guidelines . 103 Annex D (informative) Glossary of terms 106 Bibliography . 107 Figure 1 Smart grid resilience: intertwined IT cyber security and engineering strategies . 9 Figure 2 Smart Grid Architecture Mo

27、del (SGAM) . 15 Figure 3 Five-level hierarchical DER system architecture 16 Figure 4 Structure of use cases within the DER hierarchy . 19 Figure 5 Mitigations by engineering strategies and cyber security measures 21 Figure 6 Security requirements, threats, and possible attacks . 30 Figure 7 Level 1:

28、 Autonomous DER systems at smaller customer and utility sites 39 Figure 8 Level 2 FDEMS architecture . 53 Figure 9 DER third parties: Retail energy provider or aggregators architecture 67 Figure 10 Distribution operations architecture . 72 Table 1 Examples of mitigations by engineering strategies an

29、d cyber security techniques 22 Table 2 Engineering and cyber security data for managing the resilience of DER systems 22 Table 3 Examples of mitigation categories for cyber-physical systems 32 Table 4 Level 1 impact severities due to attacks and failures of autonomous DER systems 43 PD IEC/TR 62351-

30、12:2016IEC TR 62351-12:2016 IEC 2016 5 Table 5 Level 2 impact severities due to malicious attacks and failures of FDEMS . 55 Table 6 Level 3 impact severities due to malicious attacks and failures of DER ICT . 69 Table 7 Level 4 impact severities due to malicious attacks and failures of DMS or DERMS

31、 75 Table A.1 NIST Smart Grid Security Requirements Families . 79 Table A.2 Detailed NIST Catalogue of Smart Grid Security Requirements . 80 Table C.1 Mapping between IEC 62443-3-3, NISTIR 7628, and IEC TR 62351-12 . 98 Table C.2 IEC 62351-12 cyber security items not mapped to all guidelines 104 PD

32、IEC/TR 62351-12:2016 6 IEC TR 62351-12:2016 IEC 2016 INTERNATIONAL ELECTROTECHNICAL COMMISSION _ POWER SYSTEMS MANAGEMENT AND ASSOCIATED INFORMATION EXCHANGE DATA AND COMMUNICATIONS SECURITY Part 12: Resilience and security recommendations for power systems with distributed energy resources (DER) cy

33、ber-physical systems FOREWORD 1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising all national electrotechnical committees (IEC National Committees). The object of IEC is to promote international co-operation on all questions concerning s

34、tandardization in the electrical and electronic fields. To this end and in addition to other activities, IEC publishes International Standards, Technical Specifications, Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC Publication(s)”). Their prepa

35、ration is entrusted to technical committees; any IEC National Committee interested in the subject dealt with may participate in this preparatory work. International, governmental and non-governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely w

36、ith the International Organization for Standardization (ISO) in accordance with conditions determined by agreement between the two organizations. 2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international consensus of opinion on the relevant su

37、bjects since each technical committee has representation from all interested IEC National Committees. 3) IEC Publications have the form of recommendations for international use and are accepted by IEC National Committees in that sense. While all reasonable efforts are made to ensure that the technic

38、al content of IEC Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any misinterpretation by any end user. 4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications transparently to the maximum extent

39、 possible in their national and regional publications. Any divergence between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in the latter. 5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide co

40、nformity assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any services carried out by independent certification bodies. 6) All users should ensure that they have the latest edition of this publication. 7) No liability shall attach to IEC or its di

41、rectors, employees, servants or agents including individual experts and members of its technical committees and IEC National Committees for any personal injury, property damage or other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and expenses aris

42、ing out of the publication, use of, or reliance upon, this IEC Publication or any other IEC Publications. 8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is indispensable for the correct application of this publication. 9) Attention is

43、drawn to the possibility that some of the elements of this IEC Publication may be the subject of patent rights. IEC shall not be held responsible for identifying any or all such patent rights. The main task of IEC technical committees is to prepare International Standards. However, a technical commi

44、ttee may propose the publication of a technical report when it has collected data of a different kind from that which is normally published as an International Standard, for example “state of the art“. IEC TR 62351-12, which is a technical report, has been prepared by IEC technical committee 57: Pow

45、er systems management and associated information exchange. PD IEC/TR 62351-12:2016IEC TR 62351-12:2016 IEC 2016 7 The text of this technical report is based on the following documents: Enquiry draft Report on voting 57/1637/DTR 57/1664/RVC Full information on the voting for the approval of this tech

46、nical report can be found in the report on voting indicated in the above table. This publication has been drafted in accordance with the ISO/IEC Directives, Part 2. A list of all parts of the IEC 62351 series, under the general title: Power systems management and associated information exchange Data

47、 and communications security, can be found on the IEC website. The committee has decided that the contents of this publication will remain unchanged until the stability date indicated on the IEC website under “http:/webstore.iec.ch“ in the data related to the specific publication. At this date, the

48、publication will be reconfirmed, withdrawn, replaced by a revised edition, or amended. A bilingual version of this publication may be issued at a later date. IMPORTANT The colour inside logo on the cover page of this publication indicates that it contains colours which are considered to be useful fo

49、r the correct understanding of its contents. Users should therefore print this document using a colour printer. PD IEC/TR 62351-12:2016 8 IEC TR 62351-12:2016 IEC 2016 INTRODUCTION Resilience and Cyber Security In the energy sector, two key phrases are becoming the focus of international and national policies: “grid resilience” and “cyber security of the cyber-physical grid”. Grid resilience responds to the overarching concern: “The critical infrastructure