1、TECHNICALREPORTIEC TR 62210First edition2003-05Power system control andassociated communications Data and communication securityReference numberIEC/TR 62210:2003(E)LICENSED TO MECON Limited.-RANCHI/BANGALOREFOR INTERNAL USE AT THIS LOCATION ONLY,SUPPLIED BY BOOK SUPPLY BUREAU.Publication numberingAs
2、 from 1 January 1997 all IEC publications are issued with a designation in the60000 series.For example,IEC 34-1 is now referred to as IEC 60034-1.Consolidated editionsThe IEC is now publishing consolidated versions of its publications.For example,edition numbers 1.0,1.1 and 1.2 refer,respectively,to
3、 the base publication,thebase publication incorporating amendment 1 and the base publication incorporatingamendments 1 and 2.Further information on IEC publicationsThe technical content of IEC publications is kept under constant review by the IEC,thus ensuring that the content reflects current techn
4、ology.Information relating tothis publication,including its validity,is available in the IEC Catalogue ofpublications(see below)in addition to new editions,amendments and corrigenda.Information on the subjects under consideration and work in progress undertakenby the technical committee which has pr
5、epared this publication,as well as the listof publications issued,is also available from the following:IEC Web Site(www.iec.ch)Catalogue of IEC publicationsThe on-line catalogue on the IEC web site(http:/www.iec.ch/searchpub/cur_fut.htm)enables you to search by a variety of criteria including text s
6、earches,technicalcommittees and date of publication.On-line information is also available onrecently issued publications,withdrawn and replaced publications,as well ascorrigenda.IEC Just Published This summary of recently issued publications(http:/www.iec.ch/online_news/justpub/jp_entry.htm)is also
7、available by email.Please contact the CustomerService Centre(see below)for further information.Customer Service CentreIf you have any questions regarding this publication or need further assistance,please contact the Customer Service Centre:Email:custserviec.chTel:+41 22 919 02 11Fax:+41 22 919 03 0
8、0LICENSED TO MECON Limited.-RANCHI/BANGALOREFOR INTERNAL USE AT THIS LOCATION ONLY,SUPPLIED BY BOOK SUPPLY BUREAU.TECHNICALREPORTIECTR 62210First edition2003-05Power system control andassociated communications Data and communication securityPRICE CODE IEC 2003 Copyright-all rights reservedNo part of
9、 this publication may be reproduced or utilized in any form or by any means,electronic ormechanical,including photocopying and microfilm,without permission in writing from the publisher.International Electrotechnical Commission,3,rue de Varemb,PO Box 131,CH-1211 Geneva 20,SwitzerlandTelephone:+41 22
10、 919 02 11 Telefax:+41 22 919 03 00 E-mail:inmailiec.ch Web:www.iec.chXFor price,see current catalogueCommission Electrotechnique InternationaleInternational Electrotechnical Commission LICENSED TO MECON Limited.-RANCHI/BANGALOREFOR INTERNAL USE AT THIS LOCATION ONLY,SUPPLIED BY BOOK SUPPLY BUREAU.2
11、 TR 62210 IEC:2003(E)CONTENTSFOREWORD.41Scope and object.52Overview.53Reference documents.64Terms,definitions and abbreviations.64.1Terms and definitions.64.2Abbreviations.105Introduction to security.115.1How to use this report.116The security analysis process.126.1Network topologies.146.2User conse
12、quence based analysis.166.2.1Stakeholders.166.3Consequences to be considered.186.3.1Financial.186.3.2Asset destruction/degradation.196.3.3Inability to restore service.206.4Consequences and security threats.207Focus of security work within this report.227.1Justification of application level security
13、focus.227.2Security analysis technique.237.2.1Security objectives.237.2.2General threats.247.2.3Specific threats to be considered in PP.248Vulnerabilities.278.1Threats to topologies.278.2Current IEC Technical Committee 57 protocols.298.2.1TASE.1.298.2.2TASE.2.308.2.3IEC 60870-5.308.2.4IEC 61334.308.
14、2.5IEC 61850.319Recommendations for future IEC Technical Committee 57 security work.32Annex A(informative)What is a protection profile?.35Annex B(informative)Protection profile for TASE.2.37Annex C(Informative)Example of consequence diagrams.43Figure 1 Normal corporate security process.12Figure 2 Bu
15、siness information flow.14Figure 3 General communication topology.16Figure 4 Consequence diagram:inability to restore service.21LICENSED TO MECON Limited.-RANCHI/BANGALOREFOR INTERNAL USE AT THIS LOCATION ONLY,SUPPLIED BY BOOK SUPPLY BUREAU.TR 62210 IEC:2003(E)3 Figure 5 WAN/LAN topology.27Figure 6
16、Levels of vulnerability.28Table 1 Matrix to determine business process importance.17Table 2 Asset to business process relationships.20Table 3 Communication model security matrix.22LICENSED TO MECON Limited.-RANCHI/BANGALOREFOR INTERNAL USE AT THIS LOCATION ONLY,SUPPLIED BY BOOK SUPPLY BUREAU.4 TR 62210 IEC:2003(E)INTERNATIONAL ELECTROTECHNICAL COMMISSION_POWER SYSTEM CONTROL AND ASSOCIATED COMMUNICATIONS Data and communication securityFOREWORD1)The IEC(International Electrotechnical Commission)i
