Description

BS PD IEC/TR 61850-90-2:2016, which is a technical report, provides a comprehensive overview of thedifferent aspects that need to be considered while using IEC 61850 for information exchangebetween substations and control or maintenance centres or other system level applications. Inparticular, this technical report:

defines use cases and communication requirements that require an informationexchange between substations and control or maintenance centres
describes the usage of the configuration language of IEC 61850-6
gives guidelines for the selection of communication services and architecturescompatible with IEC 61850
describes the engineering workflow
introduces the use of a Proxy/Gateway concept
describes the links regarding the Specific Communication Service Mapping (SCSM)This technical report does not define constraints or limitations for specific deviceimplementations. There is no specific chapter for cyber security which is tackled when it isnecessary. The model, for IEC TR 61850-90-2, provides security functions based upon thesecurity threats and security functions found in IEC TS 62351-1 and IEC TS 62351-2. Thistechnical report touches several security aspects with the following basic assumptions:
Information authentication and integrity (e.g. the ability to provide tamper detection) isneeded
Confidentiality is optional

It shall be possible to provide information authentication and integrity in an end-to-endmethod, regardless of information hierarchies. The typical method to provide this securityfunction is through some type of information/message authentication code. IEC 62351-4:2007and IEC 62351-91 describe how authentication and integrity is achieved for IEC 61850-8-1. Alater version of IEC 62351-4 will provide means to ensure end-to-end data integrity throughProxy/Gateways.

Beneath information authentication and integrity, information availability is an importantaspect for telecontrol. This technical report provides redundancy architectures to enhance theavailability of information in control and maintenance centres.

The scheme shown in Figure 1 gives an overview of the connectivity and the communicationpaths. In particular it indicates the principle to access directly or indirectly – via theProxy/Gateway – to an IED. An application of security controls for substation to control centrecommunication can be found in IEC 62351-10:2012, 6.4.3. Thus, the substation automationsystem has to be considered inside a perimeter of cyber security. The access is totallychecked by security access points (this document does not describe such a security access point). The boundary of the electronic security perimeter is defined by the point, where the communication line leaves the perimeter of the substation over public ground. There might be more than one security access point, where separation of applications (e.g. control centre and maintenance centre) is required. When more than one client needs access to the same security access point information level access control, e.g. according to IEC TS 62351-8:2011, may be added. IEC TS 62351-8:2011 may also be used in other cases, where different access rights are required.

The majority of applications for which this technical report is applicable will use the servicesof MMS (ISO 9506) mapped to ISO/IEC 8802-3 frame formats, as described inIEC 61850-8-1:2011.

The primary application for the use of indirect access, as described in this technical report,will be for telecontrol applications. Nevertheless this technical report does not imply that theuse of a Proxy/Gateway is required for telecontrol applications. Direct access may also beused for telecontrol applications where applicable and accepted by the customer.

Cross References:
IEC 60870-4:1990
IEC 60870-5-103:1997
IEC 60870-5-104:2006
IEC 61158-6
IEC TS 61850-2:2003
IEC 61850-4:2011
IEC 61850-5:2013
IEC 61850-6:2009
IEC 61850-7-1:2011
IEC 61850-7-2:2010
IEC 61850-7-3:2010
IEC 61850-7-4:2010
IEC 61850-8-1:2011
ISO 9506-1
ISO 9506-2
IEC 61850-9-2:2011
IEC TS 61850-80-4
IEC 62056
IEC TR 61850-90-3
IEC TR 61850-90-5:2012
IEC TR 61850-90-12:2015
IEC 62056-6
IEC TS 62351-4:2007
IEC TS 62351-8:2011
IEC 62351-9
IEC TR 62351-10:2012
IEC 62351-11
IEC 81346-1:2009
IEC 81346-2:2009
IEEE 1815-2012
RFC 1122:1989
IEC TR 61850-7-500
IEC TR 61850-90-10
IEC TR 61850-90-11
IEC TR 61850-90-17