1、 IEEE Standard for Intelligent Electronic Devices Cyber Security Capabilities Sponsored by the Substations Committee and the Transmission and Distribution Committee IEEE 3 Park Avenue New York, NY 10016-5997 USA IEEE Power and Energy Society IEEE Std 1686-2013 (Revision of IEEE Std 1686-2007) IEEE S
2、td 1686-2013 (Revision of IEEE Std 1686-2007) IEEE Standard for Intelligent Electronic Devices Cyber Security Capabilities Sponsor Substations Committee and the Transmission and Distribution Committee of the IEEE Power and Energy Society Approved 11 December 2013 IEEE-SA Standards Board Abstract: Th
3、e functions and features to be provided in intelligent electronic devices (IEDs) to accommodate critical infrastructure protection programs are defined in this standard. Security regarding the access, operation, configuration, firmware revision and data retrieval from an IED are addressed. Communica
4、tions for the purpose of power system protection (teleprotection) are not addressed in this standard. Keywords: CIP, critical infrastructure protection, cyber, IED, IEEE 1686, intelligent electronic device, security, substation. The Institute of Electrical and Electronics Engineers, Inc. 3 Park Aven
5、ue, New York, NY 10016-5997, USA Copyright 2013 by The Institute of Electrical and Electronics Engineers, Inc. All rights reserved. Published 13 January 2014. Printed in the United States of America. IEEE is a registered trademark in the U.S. Patent fitness for a particular purpose; non-infringement
6、; and quality, accuracy, effectiveness, currency, or completeness of material. In addition, IEEE disclaims any and all conditions relating to: results; and workmanlike effort. IEEE standards documents are supplied “AS IS” and “WITH ALL FAULTS.” Use of an IEEE standard is wholly voluntary. The existe
7、nce of an IEEE standard does not imply that there are no other ways to produce, test, measure, purchase, market, or provide other goods and services related to the scope of the IEEE standard. Furthermore, the viewpoint expressed at the time a standard is approved and issued is subject to change brou
8、ght about through developments in the state of the art and comments received from users of the standard. In publishing and making its standards available, IEEE is not suggesting or rendering professional or other services for, or on behalf of, any person or entity nor is IEEE undertaking to perform
9、any duty owed by any other person or entity to another. Any person utilizing any IEEE Standards document, should rely upon his or her own independent judgment in the exercise of reasonable care in any given circumstances or, as appropriate, seek the advice of a competent professional in determining
10、the appropriateness of a given IEEE standard. IN NO EVENT SHALL IEEE BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO: PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWE
11、VER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE PUBLICATION, USE OF, OR RELIANCE UPON ANY STANDARD, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE AND REGARDLESS OF WHETHER SUCH DAMAGE WAS
12、FORESEEABLE. Translations The IEEE consensus development process involves the review of documents in English only. In the event that an IEEE standard is translated, only the English version published by IEEE should be considered the approved IEEE standard. Official statements A statement, written or
13、 oral, that is not processed in accordance with the IEEE-SA Standards Board Operations Manual shall not be considered or inferred to be the official position of IEEE or any of its committees and shall not be considered to be, or be relied upon as, a formal position of IEEE. At lectures, symposia, se
14、minars, or educational courses, an individual presenting information on IEEE standards shall make it clear that his or her views should be considered the personal views of that individual rather than the formal position of IEEE. Comments on standards Comments for revision of IEEE Standards documents
15、 are welcome from any interested party, regardless of membership affiliation with IEEE. However, IEEE does not provide consulting information or advice pertaining to IEEE Standards documents. Suggestions for changes in documents should be in the form of a proposed change of text, together with appro
16、priate supporting comments. Since IEEE standards represent a consensus of concerned interests, it is important that any responses to comments and questions also receive the concurrence of a balance of interests. For this reason, IEEE and the members of its societies and Standards Coordinating Commit
17、tees are not able to provide an instant response to comments or questions except in those cases where the matter has previously been addressed. For the same reason, IEEE does not respond to interpretation requests. Any person who would like to participate in revisions to an IEEE standard is welcome
18、to join the relevant IEEE working group. Comments on standards should be submitted to the following address: Secretary, IEEE-SA Standards Board 445 Hoes Lane Piscataway, NJ 08854 USA Laws and regulations Users of IEEE Standards documents should consult all applicable laws and regulations. Compliance
19、 with the provisions of any IEEE Standards document does not imply compliance to any applicable regulatory requirements. Implementers of the standard are responsible for observing or referring to the applicable regulatory requirements. IEEE does not, by the publication of its standards, intend to ur
20、ge action that is not in compliance with applicable laws, and these documents may not be construed as doing so. Copyrights IEEE draft and approved standards are copyrighted by IEEE under U.S. and international copyright laws. They are made available by IEEE and are adopted for a wide variety of both
21、 public and private uses. These include both use, by reference, in laws and regulations, and use in private self-regulation, standardization, and the promotion of engineering practices and methods. By making these documents available for use and adoption by public authorities and private users, IEEE
22、 does not waive any rights in copyright to the documents. Photocopies Subject to payment of the appropriate fee, IEEE will grant users a limited, non-exclusive license to photocopy portions of any individual standard for company or organizational internal use or individual, non-commercial use only.
23、To arrange for payment of licensing fees, please contact Copyright Clearance Center, Customer Service, 222 Rosewood Drive, Danvers, MA 01923 USA; +1 978 750 8400. Permission to photocopy portions of any individual standard for educational classroom use can also be obtained through the Copyright Clea
24、rance Center. Updating of IEEE Standards documents Users of IEEE Standards documents should be aware that these documents may be superseded at any time by the issuance of new editions or may be amended from time to time through the issuance of amendments, corrigenda, or errata. An official IEEE docu
25、ment at any point in time consists of the current edition of the document together with any amendments, corrigenda, or errata then in effect. Every IEEE standard is subjected to review at least every ten years. When a document is more than ten years old and has not undergone a revision process, it i
26、s reasonable to conclude that its contents, although still of some value, do not wholly reflect the present state of the art. Users are cautioned to check to determine that they have the latest edition of any IEEE standard. In order to determine whether a given document is the current edition and wh
27、ether it has been amended through the issuance of amendments, corrigenda, or errata, visit the IEEE-SA Website at http:/ieeexplore.ieee.org/xpl/standards.jsp or contact IEEE at the address listed previously. For more information about the IEEE SA or IEEEs standards development process, visit the IEE
28、E-SA Website at http:/standards.ieee.org. Errata Errata, if any, for all IEEE standards can be accessed on the IEEE-SA Website at the following URL: http:/standards.ieee.org/findstds/errata/index.html. Users are encouraged to check this URL for errata periodically. Patents Attention is called to the
29、 possibility that implementation of this standard may require use of subject matter covered by patent rights. By publication of this standard, no position is taken by the IEEE with respect to the existence or validity of any patent rights in connection therewith. If a patent holder or patent applica
30、nt has filed a statement of assurance via an Accepted Letter of Assurance, then the statement is listed on the IEEE-SA Website at http:/standards.ieee.org/about/sasb/patcom/patents.html. Letters of Assurance may indicate whether the Submitter is willing or unwilling to grant licenses under patent ri
31、ghts without compensation or under reasonable rates, with reasonable terms and conditions that are demonstrably free of any unfair discrimination to applicants desiring to obtain such licenses. Essential Patent Claims may exist for which a Letter of Assurance has not been received. The IEEE is not r
32、esponsible for identifying Essential Patent Claims for which a license may be required, for conducting inquiries into the legal validity or scope of Patents Claims, or determining whether any licensing terms or conditions provided in connection with submission of a Letter of Assurance, if any, or in
33、 any licensing agreements are reasonable or non-discriminatory. Users of this standard are expressly advised that determination of the validity of any patent rights, and the risk of infringement of such rights, is entirely their own responsibility. Further information may be obtained from the IEEE S
34、tandards Association. Copyright 2014 IEEE. All rights reserved. vi Participants At the time this IEEE standard was completed, the Application of Computer-Based Systems Working Group had the following membership: Samuel Sciacca, Chair Marc LaCroix, Vice Chair Ed Cenzon Mason Clark Michael Dood Didier
35、 Giarratano Robert Haberman Chris Huntley Rick Liposchak Greg Luri Harsh Naik Craig Preuss John Tengdin Eric Thibodeau Stephen Thompson Tim Tibbals The following members of the individual balloting committee voted on this standard. Balloters may have voted for approval, disapproval, or abstention. W
36、illiam Ackerman Ali Al Awazi Steven Alexanderson John Banting Philip Beaumont Oscar Bolado James Bougie Chris Brooks Bill Brown Gustavo Brunello Paul Cardinal James Cornelison Michael Dood Ernest Duckworth Sourav Dutta Kenneth Fodero Fredric Friend Frank Gerleve Mietek Glinkowski Roman Graf Randall
37、Groves John Harauz Roger Hedding David Herrell Gary Heuston Werner Hoelzl Gary Hoffman Dennis Holstein Noriyuki Ikeuchi R. Jackson Brian Johnson Gerald Johnson Piotr Karocki Yuri Khersonsky Stanley Klein Jim Kulchisky Marc LaCroix Chung-Yiu Lam Greg Luri Ahmad Mahinfallah Wayne Manges Pierre Martin
38、Thomas McCarthy John McDonald Jerry Murphy R. Murphy Bruce Muschlitz Charles Ngethe Joe Nims Donald Parker Bansi Patel Donald Platts Ulrich Pohl Craig Preuss R. Ray Michael Roberts Robert Robinson Jeff Rockower Charles Rogers Steven Sano Sergio Santos Bartien Sayogo Thomas Schossig Samuel Sciacca Ha
39、mid Sharifnia Devki Sharma Mark Simon David Singleton John Spare Scott Sternfeld Gary Stoedter Eugene Stoudenmire Walter Struppler Chandrasekaran Subramaniam William Taylor John Tengdin David Tepen Eric Thibodeau Joe Uchiyama Dmitri Varsanofiev John Vergis Jane Verner Ilia Voloh Solveig Ward Kenneth
40、 White Francisc Zavoda Daidi Zhong Copyright 2014 IEEE. All rights reserved. viiWhen the IEEE-SA Standards Board approved this standard on 11 December 2013, it had the following membership: John Kulick, Chair David J. Law, Vice Chair Richard H. Hulett, Past Chair Konstantinos Karachalios, Secretary
41、Masayuki Ariyoshi Peter Balma Farooq Bari Ted Burse Stephen Dukes Jean-Philippe Faure Alexander Gelman Mark Halpin Gary Hoffman Paul Houz Jim Hughes Michael Janezic Joseph L. Koepfinger* Oleg Logvinov Ron Petersen Gary Robinson Jon Walter Rosdahl Adrian Stephens Peter Sutherland Yatin Trivedi Phil W
42、inston Yu Yuan *Member Emeritus Also included are the following nonvoting IEEE-SA Standards Board liaisons: Richard DeBlasio, DOE Representative Michael Janezic, NIST Representative Patrick Gibbons IEEE Standards Program Manager, Document Development Erin Spiewak IEEE Standards Program Manager, Tech
43、nical Program Development Krista Gluchoski IEEE Project Specialist, Professional ServicesCopyright 2014 IEEE. All rights reserved. viii Introduction This introduction is not part of IEEE Std 1686-2013, IEEE Standard for Intelligent Electronic Devices Cyber Security Capabilities. Critical infrastruct
44、ure protection (CIP) programs developed by utilities are highly dependent on the functionality and capabilities of intelligent electronic devices (IEDs) in regards to cyber security. This standard provides utilities that develop such programs the ability and assurance to procure, install, and commis
45、sion IEDs that do not compromise their programs. The standard also provides the required suite of functions and capabilities to the various vendors that will be required to incorporate these features in their product line for customers that cite this standard. Copyright 2014 IEEE. All rights reserve
46、d. ix Contents 1. Overview 1 1.1 Scope . 1 1.2 Purpose 1 1.3 Reason . 2 2. Normative references 2 3. NIST Cryptographic Toolkit acronyms 2 4. Use of this standard 3 4.1 General 3 4.2 Applicability 4 4.3 Implementing IED security 5 4.4 Proper use of this standard . 5 5. IED cyber security features 6
47、5.1 Electronic access control . 6 5.2 Audit trail . 8 5.3 Supervisory monitoring and control 9 5.4 IED cyber security features 11 5.5 IED configuration software 13 5.6 Communications port access 14 5.7 Firmware quality assurance 14 Annex A (informative) Table of Compliance (TOC) .15 Annex B (informa
48、tive) Bibliography17 Copyright 2014 IEEE. All rights reserved. 1 IEEE Standard for Intelligent Electronic Devices Cyber Security Capabilities IMPORTANT NOTICE: IEEE Standards documents are not intended to ensure safety, health, or environmental protection, or ensure against interference with or from
49、 other devices or networks. Implementers of IEEE Standards documents are responsible for determining and complying with all appropriate safety, security, environmental, health, and interference protection practices and all applicable laws and regulations. This IEEE document is made available for use subject to important notices and legal disclaimers. These notices and disclaimers appear in all publications containing this document and may be found under the heading “Important Notice” or “Important Notices and Disclaimers Concerning IEEE Documents.” They can also be obtai
