BS PD IEC/TR 61850-90-2:2016

BS PD IEC/TR 61850-90-2:2016, which is a technical report, provides a comprehensive overview of thedifferent aspects that need to be considered while using IEC 61850 for information exchangebetween substations and control or maintenance centres or other system level applications. Inparticular, this technical report:

• defines use cases and communication requirements that require an informationexchange between substations and control or maintenance centres
• describes the usage of the configuration language of IEC 61850-6
• gives guidelines for the selection of communication services and architecturescompatible with IEC 61850
• describes the engineering workflow
• introduces the use of a Proxy/Gateway concept
• describes the links regarding the Specific Communication Service Mapping (SCSM)This technical report does not define constraints or limitations for specific deviceimplementations. There is no specific chapter for cyber security which is tackled when it isnecessary. The model, for IEC TR 61850-90-2, provides security functions based upon thesecurity threats and security functions found in IEC TS 62351-1 and IEC TS 62351-2. Thistechnical report touches several security aspects with the following basic assumptions:
• Information authentication and integrity (e.g. the ability to provide tamper detection) isneeded
• Confidentiality is optional

It shall be possible to provide information authentication and integrity in an end-to-endmethod, regardless of information hierarchies. The typical method to provide this securityfunction is through some type of information/message authentication code. IEC 62351-4:2007and IEC 62351-91 describe how authentication and integrity is achieved for IEC 61850-8-1. Alater version of IEC 62351-4 will provide means to ensure end-to-end data integrity throughProxy/Gateways.Beneath information authentication and integrity, information availability is an importantaspect for telecontrol. This technical report provides redundancy architectures to enhance theavailability of information in control and maintenance centres.The scheme shown in Figure 1 gives an overview of the connectivity and the communicationpaths. In particular it indicates the principle to access directly or indirectly - via theProxy/Gateway - to an IED. An application of security controls for substation to control centrecommunication can be found in IEC 62351-10:2012, 6.4.3. Thus, the substation automationsystem has to be considered inside a perimeter of cyber security. The access is totallychecked by security access points (this document does not describe such a security access point). The boundary of the electronic security perimeter is defined by the point, where the communication line leaves the perimeter of the substation over public ground. There might be more than one security access point, where separation of applications (e.g. control centre and maintenance centre) is required. When more than one client needs access to the same security access point information level access control, e.g. according to IEC TS 62351-8:2011, may be added. IEC TS 62351-8:2011 may also be used in other cases, where different access rights are required.The majority of applications for which this technical report is applicable will use the servicesof MMS (ISO 9506) mapped to ISO/IEC 8802-3 frame formats, as described inIEC 61850-8-1:2011.The primary application for the use of indirect access, as described in this technical report,will be for telecontrol applications. Nevertheless this technical report does not imply that theuse of a Proxy/Gateway is required for telecontrol applications. Direct access may also beused for telecontrol applications where applicable and accepted by the customer.Cross References:IEC 60870-4:1990IEC 60870-5-103:1997IEC 60870-5-104:2006IEC 61158-6IEC TS 61850-2:2003IEC 61850-4:2011IEC 61850-5:2013 IEC 61850-6:2009IEC 61850-7-1:2011IEC 61850-7-2:2010IEC 61850-7-3:2010IEC 61850-7-4:2010IEC 61850-8-1:2011ISO 9506-1ISO 9506-2IEC 61850-9-2:2011IEC TS 61850-80-4IEC 62056IEC TR 61850-90-3IEC TR 61850-90-5:2012IEC TR 61850-90-12:2015IEC 62056-6IEC TS 62351-4:2007IEC TS 62351-8:2011IEC 62351-9IEC TR 62351-10:2012IEC 62351-11IEC 81346-1:2009IEC 81346-2:2009 IEEE 1815-2012RFC 1122:1989IEC TR 61850-7-500IEC TR 61850-90-10IEC TR 61850-90-11IEC TR 61850-90-17