Friday, April 7, 2017

FDIS for IEC 62351-7 published - Network and System Management (NSM) data object models

IEC TC 57 has just published the 232 page FDIS (57/1857/FDIS) of the part IEC 62351-7 for final vote:

Power systems management and associated information exchange –
Data and communications security –
Part 7: Network and System Management (NSM) data object models

The vote closes 2017-05-12.

"This part of IEC 62351 defines network and system management (NSM) data object models
that are specific to power system operations. These NSM data objects will be used to monitor
the health of networks and systems, to detect possible security intrusions, and to manage the
performance and reliability of the information infrastructure. The goal is to define a set of
abstract objects that will allow the remote monitoring of the health and condition of IEDs
(Intelligent Electronic Devices), RTUs (Remote Terminal Units), DERs (Distributed Energy
Resources) systems and other systems that are important to power system operations. ...
The NSM objects provide monitoring data for IEC protocols used for power systems
(IEC 61850, IEC 60870-5-104) and device specific environmental and security status. As a
derivative of IEC 60870-5-104, IEEE 1815 DNP3 is also included in the list of monitored
protocols. The NSM data objects use the naming conventions developed for IEC 61850,
expanded to address NSM issues. For the sake of generality these data objects, and the data
types of which they are comprised, are defined as abstract models of data objects."

The document comprises many useful information objects related to devices and communication security issues like:

Intrusion detection systems (IDS) 
Passive observation techniques
Active security monitoring architecture with NSM data objects

End-to-end security
End-to-end security concepts
Role of NSM in end-to-end security

NSM requirements
Detecting unauthorized access
Detecting resource exhaustion as a denial of service (DoS) attack
Detecting invalid buffer access DoS attacks
Detecting tampered/malformed PDUs
Detecting physical access disruption
Detecting invalid network access
Detecting coordinated attacks

No comments: