1、BSI Standards Publication Power systems management and associated information exchange Data and communications security Part 12: Resilience and security recommendations for power systems with distributed energy resources (DER) cyber-physical systems PD IEC/TR 62351-12:2016National foreword This Publ
2、ished Document is the UK implementation of IEC/TR 62351- 12:2016. The UK participation in its preparation was entrusted to Technical Committee PEL/57, Power systems management and associated information exchange. A list of organizations represented on this committee can be obtained on request to its
3、 secretary. This publication does not purport to include all the necessary provisions of a contract. Users are responsible for its correct application. The British Standards Institution 2016. Published by BSI Standards Limited 2016 ISBN 978 0 580 92310 4 ICS 33.200 Compliance with a British Standard
4、 cannot confer immunity from legal obligations. This Published Document was published under the authority of the Standards Policy and Strategy Committee on 30 April 2016. Amendments/corrigenda issued since publication Date Text affected PUBLISHED DOCUMENT PD IEC/TR 62351-12:2016 IEC TR 62351-12 Edit
5、ion 1.0 2016-04 TECHNICAL REPORT Power systems management and associated information exchange Data and communications security Part 12: Resilience and security recommendations for power systems with distributed energy resources (DER) cyber-physical systems INTERNATIONAL ELECTROTECHNICAL COMMISSION I
6、CS 33.200 ISBN 978-2-8322-3255-2 Registered trademark of the International Electrotechnical Commission Warning! Make sure that you obtained this publication from an authorized distributor. colour inside PD IEC/TR 62351-12:2016 2 IEC TR 62351-12:2016 IEC 2016 CONTENTS FOREWORD . 6 INTRODUCTION . 8 1
7、Scope 10 2 Normative references. 10 3 Terms and definitions 11 4 Abbreviations and acronyms 12 5 DER architectures and DER cyber-physical concepts . 13 5.1 Resiliency challenge for power systems with DER systems 13 5.2 Five-level DER hierarchical architecture 14 5.3 DER system interfaces 17 5.4 Resi
8、lience at different DER architectural levels 18 5.5 DER Systems as cyber-physical systems . 19 5.5.1 Protecting cyber-physical DER systems 19 5.5.2 Cyber-physical threats . 20 5.5.3 Resilience measures for cyber-physical systems . 21 6 Threats, vulnerabilities, and impacts on power system resilience
9、 23 6.1 Threats engineering and cyber . 23 6.1.1 Physical and electrical threats mostly but not entirely inadvertent . 23 6.1.2 Cyber threats inadvertent and deliberate . 23 6.2 Vulnerabilities engineering and cyber vulnerabilities 26 6.2.1 General . 26 6.2.2 Power system vulnerabilities and attacks
10、 26 6.2.3 Cyber security vulnerabilities and attacks . 28 6.3 Risk management and mitigation techniques 30 6.3.1 Risk handling . 30 6.3.2 Risk mitigation categories 31 6.4 Impacts on power system resilience . 33 6.4.1 Safety impacts . 33 6.4.2 Power outage impacts 34 6.4.3 Power quality impacts 35 6
11、.4.4 Financial impacts . 35 6.4.5 Regulatory and legal impacts . 36 6.4.6 Environmental impacts . 36 6.4.7 Goodwill and other “soft” impacts . 36 6.5 DER stakeholders resilience responsibilities . 36 6.6 Resilience Measures for DER systems to counter threats . 37 6.6.1 General IT cyber security appr
12、oach for DER systems 37 6.6.2 Resilience by engineering designs and operational strategies . 38 7 Level 1 DER System resilience recommendations 38 7.1 General . 38 7.2 Level 1 DER system: architecture 38 7.3 Level 1 DER system: vulnerabilities . 40 7.3.1 General . 40 7.3.2 Cyber vulnerabilities . 40
13、 7.3.3 Engineering design and development vulnerabilities . 40 PD IEC/TR 62351-12:2016IEC TR 62351-12:2016 IEC 2016 3 7.3.4 Deployment and operational vulnerabilities . 41 7.4 Level 1 DER system: impacts 41 7.5 Level 1 DER system: resilience recommendations . 44 7.5.1 General . 44 7.5.2 Manufacturer
14、: DER system design for resilience recommendations . 44 7.5.3 Integrator and installer: DER setup for meeting resilience recommendations . 45 7.5.4 Testing personnel: resilient DER system interconnection testing recommendations . 47 7.5.5 DER user: access recommendations 48 7.5.6 ICT designers: requ
15、irements for local DER communications 48 7.5.7 Security managers: alarming, logging, and reporting cyber security recommendations . 50 7.5.8 Maintenance personnel: resilience recommendations for maintenance, updating and re-testing, systems 50 7.5.9 Recommended coping actions during an attack or fai
16、lure 51 7.5.10 Recommended recovery and analysis actions after an attack or failure 52 8 Level 2: Facilities DER energy management (FDEMS) resilience recommendations 52 8.1 Level 2 FDEMS: architecture . 52 8.2 Level 2 FDEMS: Vulnerabilities 54 8.3 Level 2 FDEMS: Impacts . 54 8.4 Level 2 FDEMS: Resil
17、ience recommendations . 56 8.4.1 General . 56 8.4.2 Manufacturer: Design of FDEMS resilience recommendations . 56 8.4.3 Integrators and installer: FDEMS implementation for meeting resilience recommendations . 57 8.4.4 Testing personnel: Resilient FDEMS testing recommendations 60 8.4.5 FDEMS users: A
18、ccess recommendations 60 8.4.6 FDEMS ICT designers: Resilience recommendations 61 8.4.7 Security managers: Alarming, logging, and reporting recommendations . 63 8.4.8 Maintenance personnel: Resilience recommendations for maintenance, updating and re-testing, systems 63 8.4.9 Recommended coping actio
19、ns during an attack or failure 64 8.4.10 Recommended recovery and analysis actions after an attack or failure 65 9 Level 3: Third parties: Retail energy provider or aggregators resilience recommendations 66 9.1 Level 3: Third parties: ICT architecture 66 9.2 Level 3: Third parties: ICT vulnerabiliti
20、es . 67 9.3 Level 3: Third parties: ICT impacts 68 9.4 Level 3: Third parties ICT: Resilience recommendations 69 9.4.1 Third party ICT designers: Resilience recommendations . 69 9.4.2 ICT users: Access recommendations 71 10 Level 4: Distribution operations analysis resilience recommendations . 72 10
21、.1 Level 4 DSO analysis: Architecture 72 10.2 Level 4 DSO analysis: Vulnerabilities . 73 10.3 Level 4 DSO analysis: Impacts 74 10.4 Level 4 DSO analysis: Resilience recommendations 76 10.4.1 Resilient design of distribution grid equipment with DER systems 76 10.4.2 Resilience through DSO grid operat
22、ions with DER systems . 76 PD IEC/TR 62351-12:2016 4 IEC TR 62351-12:2016 IEC 2016 10.4.3 Resilience through power system analysis 77 10.4.4 Resilience by stakeholder training 78 Annex A (informative) NISTIR 7628 Smart Grid Catalog of Security Requirements 79 A.1 NISTIR 7628 families of security req
23、uirements . 79 A.2 Detailed NISTIR 7626 Catalogue of Smart Grid Security Requirements 80 Annex B (informative) IT security guidelines . 85 B.1 Overview of cyber security issues for DER systems . 85 B.2 Security guidelines and policies across organizational boundaries 85 B.3 User and device authentic
24、ation 87 B.4 Good practices for specifying and implementing cryptography 89 B.5 Cryptographic methods . 90 B.6 Cryptography used for transport layer security on networks 91 B.7 Wireless cryptography . 92 B.8 Key management using Public Key Cryptography . 92 B.9 Multicast and group keys . 94 B.10 Dev
25、ice and platform integrity . 94 B.11 Resilient network configurations 94 B.12 Network and system management (NSM) . 95 B.13 Some additional cyber security techniques . 95 B.14 Security testing procedures . 95 B.15 Security interoperability . 96 Annex C (informative) Mapping between IEC 62443-3-3, NI
26、STIR 7628, and IEC TR 62351-12 . 97 C.1 Mapping table . 97 C.2 IEC TR 62351-12 cyber security items not mapped to all guidelines . 103 Annex D (informative) Glossary of terms 106 Bibliography . 107 Figure 1 Smart grid resilience: intertwined IT cyber security and engineering strategies . 9 Figure 2
27、Smart Grid Architecture Model (SGAM) . 15 Figure 3 Five-level hierarchical DER system architecture 16 Figure 4 Structure of use cases within the DER hierarchy . 19 Figure 5 Mitigations by engineering strategies and cyber security measures 21 Figure 6 Security requirements, threats, and possible atta
28、cks . 30 Figure 7 Level 1: Autonomous DER systems at smaller customer and utility sites 39 Figure 8 Level 2 FDEMS architecture . 53 Figure 9 DER third parties: Retail energy provider or aggregators architecture 67 Figure 10 Distribution operations architecture . 72 Table 1 Examples of mitigations by
29、 engineering strategies and cyber security techniques 22 Table 2 Engineering and cyber security data for managing the resilience of DER systems 22 Table 3 Examples of mitigation categories for cyber-physical systems 32 Table 4 Level 1 impact severities due to attacks and failures of autonomous DER s
30、ystems 43 PD IEC/TR 62351-12:2016IEC TR 62351-12:2016 IEC 2016 5 Table 5 Level 2 impact severities due to malicious attacks and failures of FDEMS . 55 Table 6 Level 3 impact severities due to malicious attacks and failures of DER ICT . 69 Table 7 Level 4 impact severities due to malicious attacks an
31、d failures of DMS or DERMS 75 Table A.1 NIST Smart Grid Security Requirements Families . 79 Table A.2 Detailed NIST Catalogue of Smart Grid Security Requirements . 80 Table C.1 Mapping between IEC 62443-3-3, NISTIR 7628, and IEC TR 62351-12 . 98 Table C.2 IEC 62351-12 cyber security items not mapped
32、 to all guidelines 104 PD IEC/TR 62351-12:2016 6 IEC TR 62351-12:2016 IEC 2016 INTERNATIONAL ELECTROTECHNICAL COMMISSION _ POWER SYSTEMS MANAGEMENT AND ASSOCIATED INFORMATION EXCHANGE DATA AND COMMUNICATIONS SECURITY Part 12: Resilience and security recommendations for power systems with distributed
33、 energy resources (DER) cyber-physical systems FOREWORD 1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising all national electrotechnical committees (IEC National Committees). The object of IEC is to promote international co-operation on
34、all questions concerning standardization in the electrical and electronic fields. To this end and in addition to other activities, IEC publishes International Standards, Technical Specifications, Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC Pub
35、lication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested in the subject dealt with may participate in this preparatory work. International, governmental and non- governmental organizations liaising with the IEC also participate in this preparation.
36、 IEC collaborates closely with the International Organization for Standardization (ISO) in accordance with conditions determined by agreement between the two organizations. 2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international consensus of
37、 opinion on the relevant subjects since each technical committee has representation from all interested IEC National Committees. 3) IEC Publications have the form of recommendations for international use and are accepted by IEC National Committees in that sense. While all reasonable efforts are made
38、 to ensure that the technical content of IEC Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any misinterpretation by any end user. 4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications transpar
39、ently to the maximum extent possible in their national and regional publications. Any divergence between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in the latter. 5) IEC itself does not provide any attestation of conformity. Independent cert
40、ification bodies provide conformity assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any services carried out by independent certification bodies. 6) All users should ensure that they have the latest edition of this publication. 7) No liability sh
41、all attach to IEC or its directors, employees, servants or agents including individual experts and members of its technical committees and IEC National Committees for any personal injury, property damage or other damage of any nature whatsoever, whether direct or indirect, or for costs (including le
42、gal fees) and expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC Publications. 8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is indispensable for the correct application of this pu
43、blication. 9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of patent rights. IEC shall not be held responsible for identifying any or all such patent rights. The main task of IEC technical committees is to prepare International Standards.
44、 However, a technical committee may propose the publication of a technical report when it has collected data of a different kind from that which is normally published as an International Standard, for example “state of the art“. IEC TR 62351-12, which is a technical report, has been prepared by IEC
45、technical committee 57: Power systems management and associated information exchange. PD IEC/TR 62351-12:2016IEC TR 62351-12:2016 IEC 2016 7 The text of this technical report is based on the following documents: Enquiry draft Report on voting 57/1637/DTR 57/1664/RVC Full information on the voting fo
46、r the approval of this technical report can be found in the report on voting indicated in the above table. This publication has been drafted in accordance with the ISO/IEC Directives, Part 2. A list of all parts of the IEC 62351 series, under the general title: Power systems management and associate
47、d information exchange Data and communications security, can be found on the IEC website. The committee has decided that the contents of this publication will remain unchanged until the stability date indicated on the IEC website under “http:/webstore.iec.ch“ in the data related to the specific publ
48、ication. At this date, the publication will be reconfirmed, withdrawn, replaced by a revised edition, or amended. A bilingual version of this publication may be issued at a later date. IMPORTANT The colour inside logo on the cover page of this publication indicates that it contains colours which are
49、 considered to be useful for the correct understanding of its contents. Users should therefore print this document using a colour printer. PD IEC/TR 62351-12:2016 8 IEC TR 62351-12:2016 IEC 2016 INTRODUCTION Resilience and Cyber Security In the energy sector, two key phrases are becoming the focus of international and national policies: “grid resilience” and “cyber security of the cyber-physical grid”. Grid resilience responds to the overarching concern: “
