login name
ITA english

Paper RSE 15004430

Application of Monitoring Standards for enhancing Smart Grids Security


Cigrè Session 46 21-26 , Agosto-2016.

Request Document (1.71 MB, .pdf)

G. Dondossola (RSE SpA) , R. Terruggia (RSE SpA), P. Wylach (RSE SpA), G. Pugni (ENEL ICT SERVICES), F. Bellio (ENEL Generazione)

SMART - Strategies to promote small scale hydro electricity production in Europe

The paper describes the application of the IEC 62351 security standard series to protect IEC 60870-5-104 and IEC 61850 communications for the telecontrol of hydro power plants and distributed energy resources, then it deals with data objects for ICT monitoring as specified by the upcoming standard IEC 62351-7."

The technical context of this paper covers the cyber security requirements of smart grid control systems in the globally evolving smart grid landscape characterised by the deployment of open information and communication infrastructures for connecting Distributed Energy Resources (DER) to the power grids and by the exposure to a dynamic threat environment. Within the general smart grid security context, the paper specifically addresses two main cyber security needs of smart grid control applications, i.e. the security of the communication protocols implementing the control data exchanges and the monitoring of the corresponding information flows.

The choice of the two security functionalities covered by paper founds its motivation on the need of adopting an approach to the treatment of cyber risks combining protective measures for avoiding unauthorised accesses and communication eavesdropping with the continuous monitoring of the residual risks that may occur during the smart grid operation.

The security functionalities are deployed in control system environments using the emerging standards in smart grid communication and security. The application of the security standard series IEC 62351 (Power systems management and associated information exchange - Data and communications security) for protecting the IEC 60870-5-104 and IEC 61850 communications in the hydro power plants and renewable energy sources control is explained first, by then focussing on the data objects currently under specification by IEC 62351-7 (Network and System Management (NSM) data object models), to be issued as international standard on early 2017. The application of IEC 62351 in a remote control system for hydroelectric generation will explain briefly how it has been implemented the entire stack of security required by this IEC standard for systems based on IEC 60870-5-104 protocol.

The end to end security for remote control systems that employ the IEC 60870-5-104 protocol involves the implementation of 62351-3 (Profiles Including TCP/IP), of 62351-5 (Security for IEC 60870-5 and Derivatives), the implementation of which has required the development of a new part IEC 60870-5-7 (Security extensions to IEC 60870-5-101 and IEC 60870-5-104 protocols) and also the developments required in 62351-8 (Role-Based Access Control for Power System Management) and 62351-9 (Key Management).

The main systems involved are the SCADA (Supervisory Control and Data Acquisition) side of the Control Center, the RTU (Remote Terminal Unit), i.e. the specific IED for the remote control based on IEC 6087

Related Links