GB/T 25320.6-2023 English PDFUS$624.00 ยท In stock
Delivery: <= 6 days. True-PDF full-copy in English will be manually translated and delivered via email. GB/T 25320.6-2023: Power systems management and associated information exchange - Data and communications security - Part 6: Security for IEC 61850 Status: Valid
Basic dataStandard ID: GB/T 25320.6-2023 (GB/T25320.6-2023)Description (Translated English): Power systems management and associated information exchange - Data and communications security - Part 6: Security for IEC 61850 Sector / Industry: National Standard (Recommended) Classification of Chinese Standard: F21 Classification of International Standard: 29.240.01 Word Count Estimation: 34,333 Date of Issue: 2023-12-28 Date of Implementation: 2024-07-01 Older Standard (superseded by this standard): GB/Z 25320.6-2011 Issuing agency(ies): State Administration for Market Regulation, China National Standardization Administration GB/T 25320.6-2023: Power systems management and associated information exchange - Data and communications security - Part 6: Security for IEC 61850---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order. ICS 29:240:01 CSSF21 National Standards of People's Republic of China Replace GB /Z 25320:6-2011 Power system management and information exchange Data and communications security Part 6: Safety of IEC 61850 Part 6:SecurityforIEC 61850 (IEC 62351-6:2020,IDT) Published on 2023-12-28 and implemented on 2024-07-01 State Administration for Market Regulation Released by the National Standardization Administration Committee Table of contentsPreface III Introduction V 1 Scope and purpose 1 1:1 Scope 1 1:2 Namespace names and versions 1 1:3 Code component release 1 2 Normative references 2 3 Terms, definitions and abbreviations 3 3:1 Terms and definitions 3 3:2 Abbreviations 3 4 Security issues addressed by this document 4 4:1 Operational issues affecting security option selection 4 4:2 Security threats to deal with 4 4:3 Attack methods to deal with 4 5 Relevance between parts of IEC 61850 and various parts of IEC 62351 4 5:1 Overview 4 5:2 IEC 61850-8-1 Client/Server Communication Protocol Set 5 5:3 IEC 61850 security using VLANID specification 6 5:4 IEC 61850-8-2 Protocol set for client/server communication 6 5:5 Publisher ID 6 for client/server services 6 Multicast Association Protocol 6 6:1 Overview 6 6:2 Anti-replay attacks (ReplayProtection) 7 7 SNTP Security 13 8 Introduction to Layer 2 Security of IEC 61850-8-1 GOOSE and IEC 61850-9-2 Sampled Values 13 8:1 Ethertype overview (informative) 13 8:2 Extended PDU 13 9 Substation Configuration Language Extension 18 9:1 Service capabilities18 9:2 Security-enabled publishing 19 9:3 Use of Simulation 19 10 Extensions for LGOS and LSVS 19 11 Consistency20 11:1 Conformance overview 20 11:2 Declaration of conformance to IEC 61850-8-1 ISO 9506 (application protocol set) security implementation20 11:3 Declaring the consistency of VLAN protocol set security implementations 22 11:4 Declaring the consistency of the security implementation of the SNTP protocol suite 24 Reference 25 Figure 2 GOOSE anti-replay attack state machine 7 Figure 3 SV anti-replay attack state machine 11 Figure 4 General format of extended PDU13 Figure 5 Reserved1 definition 14 Figure 6 MAC calculation domain 15 Figure 7 Application of AES-GCM in Layer 2 GOOSE/SV messages16 Table 1 Standard application scope 1 Table 2 Excerpt from IEC 61850-9-2 (informative) 10 Table 3 Extensions 19 of LGOS classes Table 4 Extensions 20 of the LSVS class Table 5 Consistency Table 20 Table 6 PICS 21 of IEC 61850-8-1 ISO 9506 (Application Protocol Set) Table 7 PICS 21 using ACSE certified TLSIEC 61850-8-1 client/server Table 8 VLAN protocol set for PICS 22 Table 9 IEC 61850-8-12 Layer GOOSE Security 22 Table 10 IEC 61850-9-22 Layer SV Security 23 Table 11 IEC 61850-8-1 routable GOOSE 23 Table 12 IEC 61850-9-2 routable SMV 24 Table 13 PICS 24 of the SNTP protocol setForewordThis document complies with the provisions of GB/T 1:1-2020 "Standardization Work Guidelines Part 1: Structure and Drafting Rules of Standardization Documents" Drafting: This document is Part 6 of GB/T (Z) 25320 "Power System Management and Information Exchange Data and Communication Security", GB/T (Z) 25320 The following sections have been published: ---Part 1: Introduction to communication network and system security issues; ---Part 2: Terminology; ---Part 3: Communication network and system security including TCP/IP protocol set; ---Part 4: Protocol set including MMS; ---Part 5: Safety of GB/T 18657 and other standards and their derivatives; ---Part 6: Safety of IEC 61850; ---Part 7: Data Object Model for Network and System Management (NSM); ---Part 11: Security of XML files; ---Part 100-1: Conformance test cases for IEC TS62351-5 and IEC TS60870-5-7; ---Part 100-3: Conformance test cases for IEC 62351-3 and secure communication extensions including the TCP/IP protocol set: This document replaces GB /Z 25320:6-2011 "Power System Management and Information Exchange Data and Communication Security Part 6: "Safety of IEC 61850", compared with GB /Z 25320:6-2011, in addition to structural adjustments and editorial changes, the main technical changes are as follows: a) Changed the scope (see Chapter 1, Chapter 1 of the:2011 edition); b) Changed the overview of the relevance of IEC 61850 part to IEC 62351 part (see 5:1, 5:1:1 of the:2011 edition); c) Added terms, definitions and abbreviations (see Chapter 3); d) Change the response time of GOOSE and SV from less than 4ms to less than 3ms (see 4:1,:2011 version of 4:1); e) Added IEC 61850-8-2 client/server communication protocol set (see 5:4); f) Added publisher ID for client/server services (see 5:5); g) Added multicast association protocol (see Chapter 6); h) Added MAC (see 8:2:2:2); i) Added version, this version is 1 (see 8:2:3:2); j) Added the current key time (see 8:2:3:3); k) The next key time is added (see 8:2:3:4); l) Added initialization vector (see 8:2:3:5); m) Added key ID (see 8:2:3:6); n) Added substation configuration language extension (see Chapter 9); o) Substation Configuration Language (SCL) has been deleted (see 7:2:3 of the:2011 version); p) Added extensions for LGOS and LSVS (see Chapter 10); q) Added support for IEC 61850-8-2 and support for the security consistency of routable GOOSE and SV (see 11:1 Table 5); r) Added TLS using ACSE certification (see Table 7 in 11:1); s) Added IEC 61850-8-1L2GOOSE safety conformance (see 11:1 Table 9); t) Added IEC 61850-8-1L2SV safety conformance (see 11:1 Table 10); u) Added IEC 61850-8-1L2GOOSE routable security consistency (see 11:1 Table 11); v) Added IEC 61850-8-1L2SV routable safety conformance (see 11:1 Table 12): This document is equivalent to IEC 62351-6:2020 "Power system management and its information exchange data and communication security Part 6: Safety of IEC 61850": Please note that some content in this document may be subject to patents: The publisher of this document assumes no responsibility for identifying patents: This document is proposed by the China Electricity Council: This document is under the jurisdiction of the National Electric Power System Management and Information Exchange Standardization Technical Committee (SAC/TC82): This document was drafted by: State Grid Electric Power Research Institute Co:, Ltd:, State Grid Nanjing Automation Co:, Ltd:, Southeast University, State Grid Network Co:, Ltd:, Guodian Nari Energy Co:, Ltd:, Nanjing Nari Relay Electrical Co:, Ltd:, Nanjing Polytechnic Vocational and Technical University, Shanghai Siyuanhong Rui Automation Co:, Ltd:, Nanjing Institute of Technology, State Grid Co:, Ltd: East China Branch, State Grid Jiangsu Electric Power Co:, Ltd:, Beijing Kedong Electric Power Co:, Ltd: Power Control Systems Co:, Ltd:, State Grid Smart Grid Research Institute Co:, Ltd:, China Electric Power Research Institute Co:, Ltd:, State Grid Shanghai electricity company: The main drafters of this document: Sun Dan, Wen Shufeng, Wang Zhenzhen, Liu Wenbiao, Wu Zaijun, Zhang Xiaofei, Kong Honglei, Sun Jianfeng, Zhang Dan, Ji Guanglong, Guo Wangyong, Zhao Tianen, Li Guanghua, Wang Zicheng, Shi Weijun, Sheng Lijian, Ru Yanfei, Wang Zhenxi, Zhang Chunxiao, Zhao Shanglin, Chen Hongcai, Wang Baodong, Zhao Ruying, Zhang Liang, Wang Liming, Liang Ye, Shao Zhipeng, Zhu Chaoyang, Jin Minghui, Gao Jun: The previous versions of this document and the documents it replaces are as follows: ---First released in:2011 as GB /Z 25320:6-2011; ---This is the first revision:IntroductionGB/T (Z) 25320 "Power System Management and Information Exchange Data and Communication Security", which aims to reduce communication and computing as much as possible In order to avoid the harm caused by malicious attacks in the computer network to the data and communication security of the power system, it is necessary to improve the communication protocols at all levels used in the power system: discuss security vulnerabilities and improve the security management of power system information infrastructure: It is planned to consist of the following parts: ---Part 1: Introduction to communication network and system security security issues: The purpose is to introduce other parts of GB/T (Z)25320 It mainly introduces readers to all aspects of information security applied to power system operation: ---Part 2: Terminology: The purpose is to introduce the key terms used in GB/T (Z) 25320: ---Part 3: Communication Network and System Security includes the TCP/IP protocol set: The purpose is to specify how transmission is limited to specifications of the messages, processes and algorithms of layer security protocols, and provide security protection for TCP/IP-based protocols so that these protocols can Suitable for IEC TC57 telecontrol environment: ---Part 4: Contains the protocol set of MMS: The purpose is to stipulate the manufacturing message specifications based on GB/T 16720 (ISO 9506) The process, protocol extensions and algorithms for security protection of MMS applications: ---Part 5: Security of GB/T 18657 and other standards and their derivatives: The purpose is to define the application configuration file (a-profile) Secure communication mechanism that specifies the secure operation of all protocols based on or derived from IEC 60870-5 Protected messages, processes and algorithms: ---Part 6: Safety of IEC 61850: The purpose is to specify the operation of all protocols based on or derived from IEC 61850: Messages, processes and algorithms for security protection: ---Part 7: Data Object Model for Network and System Management (NSM): The purpose is to define the characteristics unique to power system operation: A data object model for network and systems management: ---Part 8: Role-based access control: The purpose is to provide role-based access control for power system management: ---Part 9: Network security key management of power system equipment: The purpose is to manage by specifying or restricting the keys to be used Options to define requirements and technologies for achieving key management interoperability: ---Part 10: Security Architecture Guidelines: The purpose is to describe guidelines for a power system security architecture based on basic security controls: ---Part 11: Security of XML files: The purpose is to standardize the configuration file (XML file) in the communication process of smart substations security: ---Part 12: Rapid recovery and security recommendations for distributed energy resources (DER) systems: The aim is to improve distributed energy (DER) system security and reliability: ---Part 13: Guidance on safety topics covered in standards and specifications: The purpose is to provide standards and regulations for use in the power industry What safety issues could or should be covered in the specification (IEC or other): ---Part 90-1: Guidelines for handling role-based access control in power systems: The purpose is to develop custom A standardized approach to defining roles and role mapping: ---Part 90-2: Deep packet inspection of encrypted communications: The purpose is to describe the methods applied to communication channels protected by IEC 62351 DPI latest technology: ---Part 90-3: Network and System Administration Guide: The purpose is to provide guidelines for handling IT and OT data: ---Part 100-1: Conformance test cases for IEC 62351-5 and IEC TS60870-5-7: The purpose is to provide Test cases for conformance and/or interoperability testing of IEC 62351-5:2023 and IEC TS60870-5-7:2013: ---Part 100-3: Conformance test cases for IEC 62351-3 and secure communication extensions including the TCP/IP protocol set: Purpose It provides IEC 62351-3:2023 conformance test cases and verifies all aspects that affect security extensions and protocol behavior: Configuration of parameters: ---Part 100-6: Network security conformance testing of IEC 61850-8-1 and IEC 61850-9-2: The purpose is to provide changes Test cases for conformance testing of data and communication security interoperability of power plant automation systems and telecontrol systems: GB/T (Z) 25320 "Power System Management and Information Exchange Data and Communication Security" defines power system-related communication protocols (IEC 60870-5, IEC 60870-6, IEC 61850, IEC 61970 and IEC 61968 series) data and communication security: defines the pass Security threats and security attacks that may be encountered during the communication process, as well as security countermeasures: Power system management and information exchange Data and communications security Part 6: Safety of IEC 618501 Scope and purpose1:1 Scope This document specifies the messages, procedures and algorithms for security protection of the operation of all protocols based on or derived from IEC 61850: Table 1 Standard application scope Number name IEC 61850-8-1 Power automation communication networks and systems Part 8-1: Specific communication service mapping (SCSM) - mapping to MMS (ISO 9506-1 and ISO 9506-2) and ISO /IEC 8802-3 IEC 61850-8-2 Power automation communication networks and systems Part 8-2: Specific Communication Service Mapping (SCSM) - mapping to extensible message presence protocols (XMPP) IEC 61850-9-2 Power automation communication networks and systems Part 9-2: Specific communication service mapping (SCSM) - Procurement based on ISO /IEC 8802-3 sample value IEC 61850-6 Power automation communication networks and systems Part 6: In-substation communication configuration description language related to intelligent electronic devices The initial readers of this document are expected to be members of the working groups developing or using the protocols listed in Table 1: In order to enable the measures described in this document To ensure that these measures are effective, these measures should be adopted and referenced in the documents of these agreements themselves: This document is written for this purpose: The intended subsequent readers of this document are developers of products that implement these protocols: Portions of this document may also be used by managers and executives to understand the purpose and needs of the work: 1:2 Namespace name and version This clause is mandatory for any IEC 61850 namespace (as defined in part IEC 61850-7-1): The new version namespace parameters are defined as follows: ---Namespace version: 2020; ---Namespace version:A; ---Namespace name: "IEC 62351-6:2020A"; ---Namespace release number: 1: The following table provides an overview of all published versions of this namespace: Version Release Date Network Index Namespace 1:0 2020-10 IEC 62351-6:2020 IEC 62351-6:2020 1:3 Code component release There are currently no code components published for the code component download area: ......Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 25320.6-2023_English be delivered?Answer: Upon your order, we will start to translate GB/T 25320.6-2023_English as soon as possible, and keep you informed of the progress. The lead time is typically 4 ~ 6 working days. The lengthier the document the longer the lead time.Question 2: Can I share the purchased PDF of GB/T 25320.6-2023_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 25320.6-2023_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay. |
