X.500 Standard status
X.509 Related activities
How to be involved
Tutorial section 1
Tutorial section 2
X.509 at work
IEC Technical Committee 57 develops and maintains International Standards for power systems control equipment and systems including EMS (Energy Management Systems), SCADA (Supervisory Control And Data Acquisition).
Working Group 15 of this committee is responsible for security and has developed or has under development IEC 62351 consisting of multiple parts. This set of standards has references to PKI, Transport Layer Security (TLS) and Role-Based Access Control (RBAC). Both TLS and RBAC require a backbone PKI.
Provides an introduction to the remaining parts of the IEC 62351 series, primarily to introduce the reader to various aspects of information security as applied to power system operations. The scope of the IEC 62351 series is information security for power system control operations. Its primary objective is to undertake the development of standards for security of the communication protocols defined by IEC TC 57, specifically the IEC 60870-5 series, the IEC 60870-6 series, the IEC 61850 series, the IEC 61970 series, and the IEC 61968 series.
IEC 62351-2:2008 (E) covers the key terms used in the IEC 62351 series, and is not meant to be a definitive list. Most terms used for cyber security are formally defined by other standards organizations, and so are included here with references to where they were originally defined.
Specifies how to provide confidentiality, tamper detection, and message level authentication for SCADA and telecontrol protocols that make use of TCP/IP as a message transport layer.
Specifies procedures, protocol extensions, and algorithms to facilitate securing ISO 9506 - Manufacturing Message Specification (MMS) based applications. It is intended that this technical specification be referenced as a normative part of other IEC TC 57 standards that have the need for using MMS in a secure manner.
IEC/TS 62351-5:2009(E) specifies messages, procedures and algorithms for securing the operation of all protocols based on or derived from the standard IEC 60870-5: Telecontrol equipment and systems - Part 5: Transmission protocols. It more specifically applies to IEC 60870-5-101, IEC 60870-5-102, IEC 60870-5-103 and IEC 60870-5-104.
Specifies messages, procedures, and algorithms for securing the operation of all protocols based on or derived from the standard IEC 61850. Applies to at least those protocols of IEC 61850-8-1, IEC 61850-9-2 and IEC 61850-6.
IEC/TS 62351-7:2010(E) defines network and system management (NSM) data object models that are specific to power system operations. These NSM data objects are used to monitor the health of networks and systems, to detect possible security intrusions, and to manage the performance and reliability of the information infrastructure.
Power systems management and associated information exchange - Data and communications security - Part 8: Role-based access control
IEC/TS 62351-9 specifies how to generate, distribute, revoke and handle public-key certificates, cryptographic keys to protect digital data and communication.