IEC 62351-11:2016 pdf free download
IEC 62351-11:2016 pdf free download.Power systems management and associated information exchange – Data and communications security
4.1 General
Within the industry and the IEC, XML document exchange is becoming more prevalent. Within the scope of the IEC, exchanges of XML documents are used for IEC 61 970 as well as IEC 61 850. Within other standards, such as IEEE 1 81 5 and IEEE C37.1 1 1 (COMTRADE),XML is also utilized. For these standards and other XML-based documentss, the information contained in thedocument may:
1 ) be sensitive to inadvertant or malicious modifications of its contents that could result in mis-operation/misinterpretation if the exchanged information is used (e.g. a tamper security vulnerability);
2) contain confidential or private data;
3) contain subsets of information that may be considered sensitive by the document creation entity.
This part of IEC 62351 proposes to standardize mechanisms to protect the document contents from tampering/disclosure when the document is being exchanged (e.g. in transit).Additionally, this part of IEC 62351 proposes to standardize a mechanism to aid in the protection of the information when in transition (e.g. entity A trusts entity B; B trusts A and C,and B needs to exchange information with C. but A does not know of or trust C).
Although this document is intended to secure XML documents used within the scope of the IEC, the mechanism/methodologies specified within this document can be applied to any XML document.
Documents at rest: When XML documents are stored (e.g. at rest), tamper detection is a minimum requirement. If the document contains sensitive information, then the confidentiality of that information needs to be protected through the use of authenticated encryption. In order to accomplish both objectives, this means that the un-encrypted document needs a signature and the encrypted document also needs its own signature/integrity protection. The protection of XML documents at rest is out-of-scope of this standard and should be implemented through local means.
Documents in transit: The protection of documents in transit requires tamper detection and authentication as minimum requirements. If the document contains sensitive information, then the confidentiality of that information needs to be protected through the use of authenticated encryption. In order to accomplish both objectives, this means that the un-encrypted document needs a signature and the encrypted document also needs its own signature/integrity protection.
Documents in transition: In the domain of the IEC, the recipients of XML documents typically decrypt and parse the information from those documents into a database. The information from the database can then be re-exported to a third actor, in any form (including another XML document). If sensitive or confidential information was provided in the initial document, there is no technological mechanism to prevent the application from exporting that information and defining access controls.