|
US$1649.00 ยท In stock
Delivery: <= 10 days. True-PDF full-copy in English will be manually translated and delivered via email.
GBZ25320.1001-2023: Power systems management and associated information exchange - Data and communication security - Part 100-1: Conformance test cases for IEC 62351-5 and IEC TS 60870-5-7
Status: Valid
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | Status | PDF |
| GB/Z 25320.1001-2023 | English | 1649 |
Add to Cart
|
10 days [Need to translate]
|
Power systems management and associated information exchange - Data and communication security - Part 100-1: Conformance test cases for IEC 62351-5 and IEC TS 60870-5-7
| Valid |
GB/Z 25320.1001-2023
|
PDF similar to GBZ25320.1001-2023
Basic data | Standard ID | GB/Z 25320.1001-2023 (GB/Z25320.1001-2023) | | Description (Translated English) | Power systems management and associated information exchange - Data and communication security - Part 100-1: Conformance test cases for IEC 62351-5 and IEC TS 60870-5-7 | | Sector / Industry | National Standard | | Classification of Chinese Standard | F21 | | Classification of International Standard | 29.240.01 | | Word Count Estimation | 82,823 | | Date of Issue | 2023-12-28 | | Date of Implementation | 2024-07-01 | | Issuing agency(ies) | State Administration for Market Regulation, China National Standardization Administration | GBZ25320.1001-2023: Power systems management and associated information exchange - Data and communication security - Part 100-1: Conformance test cases for IEC 62351-5 and IEC TS 60870-5-7
---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
GB /Z 25320:1001-2023: Power system management and information exchange data and communication security Part 100-1: Conformance test cases for IEC 62351-5 and IEC TS 60870-5-7
ICS 29:240:01
CCSF21
National Standardization Guiding Technical Documents of the People's Republic of China
Power system management and information exchange
Data and communications security
Part 100-1: IEC 62351-5 and
Conformance test cases for IEC TS60870-5-7
testcasesforIEC 62351-5andIEC TS60870-5-7
(IEC TS62351-100-1:2018,MOD)
Published on 2023-12-28 and implemented on 2024-07-01
State Administration for Market Regulation
Released by the National Standardization Administration Committee
Table of contents
Preface V
Introduction VI
1 Scope 1
2 Normative references 1
3 Terms, definitions and abbreviations 2
3:1 Terms and Definitions 2
3:2 Abbreviations 3
4 Overview 4
4:1 Standards covered by this document 4
4:2 Conformance test structure 4
4:3 Conformance testing requirements 6
5 Configuration parameter verification 7
5:1 Overview 7
5:2 System Definition 7
5:3 Application Security Extensions 9
6 Communication verification 11
6:1 Overview 11
6:2 ASDU segmentation control 11
6:3 ASDUs verification 12
7 Process Verification 23
7:1 Overview 23
7:2 User management 23
7:3 Update key maintenance - symmetric algorithm 29
7:4 Update key maintenance-asymmetric algorithm 33
7:5 Session key maintenance 37
7:6 Challenge/Response Authentication 42
7:7 Active authentication mode 49
8 Test results table 53
8:1 Configuration parameter verification 53
8:2 Communication verification 54
8:3 Process verification 59
Reference 72
Figure 1 IEC 62351-5 security extension process 5
Table 1 Configuration Parameters: System Definition 7
Table 2 Configuration Parameters: Application Security Extension 9
Table 3 ASDU segmentation control 11
Table 4 User Management ASDUs 12
Table 5 Update key maintenance ASDUs 14
Table 6 Session Key Maintenance ASDUs 18
Table 7 Challenge/response and active authentication mode ASDUs 20
Table 8 Safety statistics ASDU 23
Table 9 User Management: Control Station Normal Process Test 24
Table 10 User Management: Resilience Test of Control Station 25
Table 11 User Management: Controlled Station Normal Process Test 25
Table 12 User Management: Controlled Station Resilience Test 26
Table 13 Update Key Maintenance - Symmetry: Control Station Trigger Condition 29
Table 14 Update Key Maintenance - Symmetry: Control Station Normal Process Test 29
Table 15 Update Key Maintenance - Symmetric: Control Station Resilience Test 30
Table 16 Update key maintenance-symmetric: controlled station normal process test 32
Table 17 Update Key Maintenance-Symmetric: Controlled Station Resilience Test 32
Table 18 Update Key Maintenance - Asymmetric: Control Station Trigger Condition 33
Table 19 Update Key Maintenance - Asymmetric: Control Station Normal Process Test 34
Table 20 Update Key Maintenance - Asymmetric: Control Station Resilience Test 35
Table 21 Update key maintenance-asymmetric: controlled station normal process test 36
Table 22 Update Key Maintenance-Asymmetric: Controlled Station Resilience Test 37
Table 23 Session Key Maintenance: Control Station Trigger Condition 38
Table 24 Session Key Maintenance: Control Station Normal Process Test 39
Table 25 Session Key Maintenance: Control Station Resilience Test 40
Table 26 Session key maintenance: Controlled station invalidates session key 41
Table 27 Session key maintenance: Controlled station normal process test 42
Table 28 Session Key Maintenance: Controlled Station Resilience Test 42
Table 29 Challenge/Response Authentication: Control Station Trigger Condition 43
Table 30 Challenge/Response Authentication: Control Station Normal Process Test 43
Table 31 Challenge/Response Authentication: Control Station Resilience Test 44
Table 32 Challenge/Response Authentication: Controlled Station Normal Process Test 46
Table 33 Challenge/Response Authentication: Controlled Station Resilience Test 47
Table 34 Active Authentication Mode: Control Station Normal Process Test 49
Table 35 Active Authentication Mode: Control Station Resilience Test 50
Table 36 Active authentication mode: controlled station normal process test 51
Table 37 Active Authentication Mode: Controlled Station Resilience Test 51
Table 38 Test result table: configuration parameter 53
Table 39 Test results table: ASDU segment control 54
Table 40 Test results table: User management ASDUs 55
Table 41 Test results table: Update key maintenance ASDUs 56
Table 42 Test results table: Session key maintenance ASDUs 57
Table 43 Test results table: Challenge/response and active authentication mode ASDUs 58
Table 44 Test results table: Safety statistics ASDU 59
Table 45 Test results table: User management process-control station 60
Table 46 Test results table: User management process-controlled station 61
Table 47 Test results table: Update key maintenance-symmetric-control station 62
Table 48 Test results table: Update key maintenance-symmetric-controlled station 63
Table 49 Test results table: Update key maintenance-asymmetric-control station 64
Table 50 Test results table: Update key maintenance-asymmetric-controlled station 65
Table 51 Test results table: Session key maintenance - Control station 66
Table 52 Test results table: Session key maintenance-controlled station 67
Table 53 Test results table: Challenge/Response Authentication - Control Station 68
Table 54 Test results table: Challenge/response authentication-controlled station 69
Table 55 Test results table: Active authentication mode-control station 70
Table 56 Test results table: Active authentication mode-controlled station 71
Foreword
This document complies with the provisions of GB/T 1:1-2020 "Standardization Work Guidelines Part 1: Structure and Drafting Rules of Standardization Documents"
Drafting:
This document is Part 100-1 of GB/T (Z) 25320 "Power System Management and Information Exchange Data and Communication Security",
GB/T (Z)25320 has released the following parts:
---Part 1: Introduction to communication network and system security issues;
---Part 2: Terminology;
---Part 3: Communication network and system security including TCP/IP protocol set;
---Part 4: Protocol set including MMS;
---Part 5: Safety of GB/T 18657 and other standards and their derivatives;
---Part 6: Safety of IEC 61850;
---Part 7: Data Object Model for Network and System Management (NSM);
---Part 11: Security of XML files;
---Part 100-1: Conformance test cases for IEC 62351-5 and IEC TS60870-5-7;
---Part 100-3: Conformance test cases for IEC 62351-3 and secure communication extensions including the TCP/IP protocol set:
This document is modified to adopt IEC TS62351-100-1:2018 "Power system management and its information exchange data and communication security"
Part 100-1: Conformance test cases for IEC 62351-5 and IEC TS60870-5-7: The file type is adjusted from the IEC technical specification to
my country's national standardization guiding technical documents:
The technical differences and reasons between this document and IEC TS62351-100-1:2018 are as follows:
---References to the corresponding deleted content in IEC 62351-5:2023 have been deleted in "User Management" (see 7:2):
IEC TS62351-5:2013 has been updated to IEC 62351-5:2023: Part of the user management content has been deleted in the new version of the standard, including adding
Add, change and delete users:
---Deleted references to the corresponding deleted content in IEC 62351-5:2023 in "Updated Key Maintenance - Symmetric Algorithms" (see
7:3):
IEC TS62351-5:2013 has been updated to IEC 62351-5:2023: The symmetric algorithm update key part has been deleted in the new version of the standard:
---References to the corresponding deleted content in IEC 62351-5:2023 have been deleted in "Challenge/Response Certification" (see 7:6):
IEC TS62351-5:2023 is updated to IEC 62351-5:2023: The challenge/response authentication process and concept are deleted in the new version of the standard:
Please note that some content in this document may be subject to patents: The publisher of this document assumes no responsibility for identifying patents:
This document is proposed by the China Electricity Council:
This document is under the jurisdiction of the National Electric Power System Management and Information Exchange Standardization Technical Committee (SAC/TC82):
This document was drafted by: State Grid Electric Power Research Institute Co:, Ltd:, Nanjing Nari Relay Electric Co:, Ltd:, State Grid Smart Grid Research
Institute Co:, Ltd:, Guodian Nari Energy Co:, Ltd:, State Grid Zhejiang Electric Power Co:, Ltd:, State Grid Zhejiang Electric Power Co:, Ltd: Electric Power Science Research Institute
Research Institute, Nanjing Normal University, State Grid Jiangsu Electric Power Co:, Ltd:, China Southern Power Grid Power Dispatch Control Center, State Grid Shanghai Electric Power Company
Division, State Grid Jilin Electric Power Co:, Ltd:, and China Southern Power Grid Digital Group Information and Communication Technology Co:, Ltd:
The main drafters of this document: Sun Dan, Wang Zhenzhen, Wang Tiantian, Wen Shufeng, Kong Honglei, Zhang Dan, Ji Guanglong, Li Guanghua, Sun Jun, Zhang Xiaojian,
Guo Wangyong, Yang Yu, Zhang Xiaofei, Zhao Ruohan, Zheng Luolin, Du Qiwei, Ruan Lixiang, Wang Qi, Tang Fangjian, Zhou Qiang, Yu Jing, Fu Rao, Wu Jinyu, Zhang Lei,
Hu Kewei, Chen Huajun, Jin Xueqi:
Introduction
GB/T (Z) 25320 "Power System Management and Information Exchange Data and Communication Security", which aims to reduce communication and computing as much as possible
In order to avoid the harm caused by malicious attacks in the computer network to the data and communication security of the power system, it is necessary to improve the communication protocols at all levels used in the power system:
discuss security vulnerabilities and improve the security management of power system information infrastructure: It is planned to consist of the following parts:
---Part 1: Introduction to communication network and system security security issues: The purpose is to introduce other parts of GB/T (Z)25320
It mainly introduces readers to all aspects of information security applied to power system operation:
---Part 2: Terminology: The purpose is to introduce the key terms used in GB/T (Z) 25320:
---Part 3: Communication Network and System Security includes the TCP/IP protocol set: The purpose is to specify how transmission is limited to
specifications of the messages, processes and algorithms of layer security protocols, and provide security protection for TCP/IP-based protocols so that these protocols can
Suitable for IEC TC57 telecontrol environment:
---Part 4: Contains the protocol set of MMS: The purpose is to stipulate the manufacturing message specifications based on GB/T 16720 (ISO 9506)
The process, protocol extensions and algorithms for security protection of MMS applications:
---Part 5: Security of GB/T 18657 and other standards and their derivatives: The purpose is to define the application configuration file
(a-profile) Secure communication mechanism that specifies the secure operation of all protocols based on or derived from IEC 60870-5
Protected messages, processes and algorithms:
---Part 6: Safety of IEC 61850: The purpose is to specify the operation of all protocols based on or derived from IEC 61850:
Messages, processes and algorithms for security protection:
---Part 7: Data Object Model for Network and System Management (NSM): The purpose is to define the characteristics unique to power system operation:
A data object model for network and systems management:
---Part 8: Role-based access control: The purpose is to provide role-based access control for power system management:
---Part 9: Network security key management of power system equipment: The purpose is to manage by specifying or restricting the keys to be used
Options to define requirements and technologies for achieving key management interoperability:
---Part 10: Security Architecture Guidelines: The purpose is to describe guidelines for a power system security architecture based on basic security controls:
---Part 11: Security of XML files: The purpose is to standardize the configuration file (XML file) in the communication process of smart substations
security:
---Part 12: Rapid recovery and security recommendations for distributed energy resources (DER) systems: The aim is to improve distributed energy
(DER) system security and reliability:
---Part 13: Guidance on safety topics covered in standards and specifications: The purpose is to provide standards and regulations for use in the power industry
What safety issues could or should be covered in the specification (IEC or other):
---Part 90-1: Guidelines for handling role-based access control in power systems: The purpose is to develop custom
A standardized approach to defining roles and role mapping:
---Part 90-2: Deep packet inspection of encrypted communications: The purpose is to describe the methods applied to communication channels protected by IEC 62351
DPI latest technology:
---Part 90-3: Network and System Administration Guide: The purpose is to provide guidelines for handling IT and OT data:
---Part 100-1: Conformance test cases for IEC 62351-5 and IEC TS60870-5-7: The purpose is to provide
Test cases for conformance and/or interoperability testing of IEC 62351-5:2023 and IEC TS60870-5-7:2013:
---Part 100-3: Conformance test cases for IEC 62351-3 and secure communication extensions including the TCP/IP protocol set: Purpose
It provides IEC 62351-3:2023 conformance test cases and verifies all aspects that affect security extensions and protocol behavior:
Configuration of parameters:
---Part 100-6: Network security conformance testing of IEC 61850-8-1 and IEC 61850-9-2: The purpose is to provide changes
Test cases for conformance testing of data and communication security interoperability of power plant automation systems and telecontrol systems:
GB/T (Z) 25320 "Power System Management and Information Exchange Data and Communication Security" defines power system-related communication protocols
(IEC 60870-5, IEC 60870-6, IEC 61850, IEC 61970 and IEC 61968 series) data and communication security: defines the pass
Security threats and security attacks that may be encountered during the communication process, as well as security countermeasures:
Power system management and information exchange
Data and communications security
Part 100-1: IEC 62351-5 and
Conformance test cases for IEC TS60870-5-7
1 Scope
This document provides data and communication security testing of telecontrol equipment, substation automation systems (SAS) and SCADA front-end computers:
Example:
This document provides a standard test method for protocol implementations to achieve interoperability to verify that devices meet standard requirements: meet the standard
Conformance does not guarantee interoperability between different devices, but it is expected that testing using this document will minimize the risk of non-interoperability: mutual
A basic condition for operability is that both devices should pass conformance testing:
This document specifies the general conformance and/or interoperability testing of IEC 62351-5:2023 and IEC TS60870-5-7:2013
Workable processes and definitions: The conformance test cases defined in this document focus on validating IEC 62351-5:2023 and IEC TS60870-5-
7: Consistent integration of underlying identity authentication specified in:2013 to protect data based on DL/T 634:5101-2022 and DL/T 634:5104-
Communications of:2009:
This document deals with data and communications security conformance testing and does not cover other requirements such as security or EMC: These requirements are contained in
other standards (if applicable) and proof of compliance for these subjects is completed in accordance with these standards:
2 Normative reference documents
The contents of the following documents constitute essential provisions of this document through normative references in the text: Among them, the dated quotations
For undated referenced documents, only the version corresponding to that date applies to this document; for undated referenced documents, the latest version (including all amendments) applies to
this document:
DL/T 634:56-2010 Telecontrol equipment and systems Part 5-6: IEC 60870-5 supporting standard conformance test guidelines
(IEC 60870-5-6:2006,IDT)
DL/T 634:5101-2022 Telecontrol equipment and systems Part 5-101: Transmission protocol basic telecontrol task supporting standards
(IEC 60870-5-101:2003,IDT)
DL/T 634:5104-2009 Telecontrol equipment and systems Part 5-104: Transmission protocol using standard transmission protocol set
IEC 60870-5-101 network access (IEC 60870-5-104:2006, IDT)
IEC TS60870-5-7:2013 Telecontrol equipment and systems Part 5-7: IEC 60870-5-101 standard and IEC 60870-5-
IEC TS60870-5-601:2015 Telecontrol equipment and systems IEC 60870-5-101 supporting standard conformance test cases (Tele-
Note: DL/T 634:5601-2016 Telecontrol equipment and systems IEC 60870-5-101 supporting standard conformance test cases (IEC TS60870-5-601:
2006,MOD)
IEC TS60870-5-604:2016 Telecontrol equipment and systems Part 5-604: Consistency of supporting standards of IEC 60870-5-104
Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GBZ25320.1001-2023_English be delivered?Answer: Upon your order, we will start to translate GBZ25320.1001-2023_English as soon as possible, and keep you informed of the progress. The lead time is typically 6 ~ 10 working days. The lengthier the document the longer the lead time. Question 2: Can I share the purchased PDF of GBZ25320.1001-2023_English with my colleagues?Answer: Yes. The purchased PDF of GBZ25320.1001-2023_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet. Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to [email protected]. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.
|