IEC TR 62210:2003 pdf free download

IEC TR 62210:2003 pdf free download Power system control and associated communications – Data and communication security
Scope and object
This Technical Report applies to computerised supervision, control,metering, and protectionsystems in electrical utilities. lt deals with security aspects related to communication protocolsused within and between such systems, the access to, and use of the systems.
NOTE This report does not include recommendations or criteria development associated with physical securityissues.
Realistic threats to the system and its operation are discussed.The vulnerability and theconsequences of intrusion are exemplified. Actions and countermeasures to improvethe current situation are discussed but solutions are to be considered issues for futurework items.
2 overview
Safety, security, and reliability have always been important issues in the design and operationof systems in electrical utilities. Supervision，protection，and control system have beendesigned with the highest possible level of safety, security, and reliability.The communicationprotocols have been developed with a residual error rate approaching zero. All thesemeasures have been taken to minimise the risk of danger for personnel and equipment and topromote an efficient operation of the power network.
Physical threats on vulnerable objects have been handled in the classical ways by lockedbuidings, fences and guards but the quite possible terrorist threat of tripping a critical breakerby a faked SCADA command on a tapped communication link has been neglected.There isno function in the currently used protocols that ensure that the control command comes froman authorised source.
The deregulated electricity market has imposed new threats: knowledge of the assets of acompetitor and the operation of his system can be beneficial and acquisition of suchinformation is a possible reality.
The communication protocols and systems need protection from advertent and inadvertentintruders, the more the protocols are open and standardised and the more the communicationsystem is integrated in the corporate and world-wide communication network.
This Technical Report discusses the security process of the electrical utility. The securityprocess involves the corporate security policy, the communication network security，,and the(end-to-end) application security.
The security of the total system depends on secure network devices, i.e. the security of anydevice that can communicate. A secure network device has to be capable of performing ‘safe’communication and of authenticating the access level of the user. Intrusive attacks have to beefficiently detected, recorded and prosecuted as part of an active audit system.
The threats are analysed based on possible consequences to a system, i.e. what is the worstthat could happen if an illicit intruder has ambition and resources? The vulnerability of a utilityand its assets are analysed together with the threats.