BSI PD IEC/TR 62351-12:2016
$215.11
Power systems management and associated information exchange. Data and communications security – Resilience and security recommendations for power systems with distributed energy resources (DER) cyber-physical systems
| Published By | Publication Date | Number of Pages |
| BSI | 2016 | 112 |
This part of IEC 62351, which is a technical report, discusses cyber security recommendations and engineering/operational strategies for improving the resilience of power systems with interconnected Distributed Energy Resources (DER) systems. It covers the resilience requirements for the many different stakeholders of these dispersed cyber-physical generation and storage devices, with the goal of enhancing the safety, reliability, power quality, and other operational aspects of power systems, particularly those with high penetrations of DER systems.
The focus of this technical report is describing the impact of DER systems on power system resilience, and covers the cyber security and engineering strategies for improving power system resilience with high penetrations of DER systems.
While recognizing that many other requirements exist for improving power system resilience, this technical report does not address general power system configurations, operations, manual power restoration activities or the many other non-DER-specific issues. For instance, power system reliability relies on well-coordinated protective relays, stable power system designs, and well-trained field crews, while control center cyber security relies on many best practices for communication network design and firewalls. However, this technical report only addresses the additional reliability and resilience issues caused by 3rd-party managed DER systems which may not be as well-secured or operated with the same reliability as the utility-managed power system.
This technical report discusses the resilience issues for cyber-physical DER systems interconnected with the power grid, building on the concepts and the hierarchical architecture described in the Smart Grid Interoperability Panel (SGIP) draft DRGS Subgroup B White Paper – Categorizing Use Cases in Hierarchical DER Systems 01-14-2014.docx 2 .
PDF Catalog
| PDF Pages | PDF Title |
|---|---|
| 4 | CONTENTS |
| 8 | FOREWORD |
| 10 | INTRODUCTION |
| 11 | Figures Figure 1 – Smart grid resilience: intertwined IT cyber security and engineering strategies |
| 12 | 1 Scope 2 Normative references |
| 13 | 3 Terms and definitions |
| 14 | 4 Abbreviations and acronyms |
| 15 | 5 DER architectures and DER cyber-physical concepts 5.1 Resiliency challenge for power systems with DER systems |
| 16 | 5.2 Five-level DER hierarchical architecture |
| 17 | Figure 2 – Smart Grid Architecture Model (SGAM) |
| 18 | Figure 3 – Five-level hierarchical DER system architecture |
| 19 | 5.3 DER system interfaces |
| 20 | 5.4 Resilience at different DER architectural levels |
| 21 | 5.5 DER Systems as cyber-physical systems 5.5.1 Protecting cyber-physical DER systems Figure 4 – Structure of use cases within the DER hierarchy |
| 22 | 5.5.2 Cyber-physical threats |
| 23 | 5.5.3 Resilience measures for cyber-physical systems Figure 5 – Mitigations by engineering strategies and cyber security measures |
| 24 | Tables Table 1 – Examples of mitigations by engineering strategies and cyber security techniques Table 2 – Engineering and cyber security data for managing the resilience of DER systems |
| 25 | 6 Threats, vulnerabilities, and impacts on power system resilience 6.1 Threats – engineering and cyber 6.1.1 Physical and electrical threats – mostly but not entirely inadvertent 6.1.2 Cyber threats – inadvertent and deliberate |
| 28 | 6.2 Vulnerabilities – engineering and cyber vulnerabilities 6.2.1 General 6.2.2 Power system vulnerabilities and attacks |
| 30 | 6.2.3 Cyber security vulnerabilities and attacks |
| 32 | 6.3 Risk management and mitigation techniques 6.3.1 Risk handling Figure 6 – Security requirements, threats, and possible attacks |
| 33 | 6.3.2 Risk mitigation categories |
| 34 | Table 3 – Examples of mitigation categories for cyber-physical systems |
| 35 | 6.4 Impacts on power system resilience 6.4.1 Safety impacts |
| 36 | 6.4.2 Power outage impacts |
| 37 | 6.4.3 Power quality impacts 6.4.4 Financial impacts |
| 38 | 6.4.5 Regulatory and legal impacts 6.4.6 Environmental impacts 6.4.7 Goodwill and other “soft” impacts 6.5 DER stakeholders’ resilience responsibilities |
| 39 | 6.6 Resilience Measures for DER systems to counter threats 6.6.1 General IT cyber security approach for DER systems |
| 40 | 6.6.2 Resilience by engineering designs and operational strategies 7 Level 1 DER System resilience recommendations 7.1 General 7.2 Level 1 DER system: architecture |
| 41 | Figure 7 – Level 1: Autonomous DER systems at smaller customer and utility sites |
| 42 | 7.3 Level 1 DER system: vulnerabilities 7.3.1 General 7.3.2 Cyber vulnerabilities 7.3.3 Engineering design and development vulnerabilities |
| 43 | 7.3.4 Deployment and operational vulnerabilities 7.4 Level 1 DER system: impacts |
| 45 | Table 4 – Level 1 impact severities due to attacks and failures of autonomous DER systems |
| 46 | 7.5 Level 1 DER system: resilience recommendations 7.5.1 General 7.5.2 Manufacturer: DER system design for resilience recommendations |
| 47 | 7.5.3 Integrator and installer: DER setup for meeting resilience recommendations |
| 49 | 7.5.4 Testing personnel: resilient DER system interconnection testing recommendations |
| 50 | 7.5.5 DER user: access recommendations 7.5.6 ICT designers: requirements for local DER communications |
| 52 | 7.5.7 Security managers: alarming, logging, and reporting cyber security recommendations 7.5.8 Maintenance personnel: resilience recommendations for maintenance, updating and re-testing, systems |
| 53 | 7.5.9 Recommended coping actions during an attack or failure |
| 54 | 7.5.10 Recommended recovery and analysis actions after an attack or failure 8 Level 2: Facilities DER energy management (FDEMS) resilience recommendations 8.1 Level 2 FDEMS: architecture |
| 55 | Figure 8 – Level 2 FDEMS architecture |
| 56 | 8.2 Level 2 FDEMS: Vulnerabilities 8.3 Level 2 FDEMS: Impacts |
| 57 | Table 5 – Level 2 impact severities due to malicious attacks and failures of FDEMS |
| 58 | 8.4 Level 2 FDEMS: Resilience recommendations 8.4.1 General 8.4.2 Manufacturer: Design of FDEMS resilience recommendations |
| 59 | 8.4.3 Integrators and installer: FDEMS implementation for meeting resilience recommendations |
| 62 | 8.4.4 Testing personnel: Resilient FDEMS testing recommendations 8.4.5 FDEMS users: Access recommendations |
| 63 | 8.4.6 FDEMS ICT designers: Resilience recommendations |
| 65 | 8.4.7 Security managers: Alarming, logging, and reporting recommendations 8.4.8 Maintenance personnel: Resilience recommendations for maintenance, updating and re-testing, systems |
| 66 | 8.4.9 Recommended coping actions during an attack or failure |
| 67 | 8.4.10 Recommended recovery and analysis actions after an attack or failure |
| 68 | 9 Level 3: Third parties: Retail energy provider or aggregators resilience recommendations 9.1 Level 3: Third parties: ICT architecture |
| 69 | 9.2 Level 3: Third parties: ICT vulnerabilities Figure 9 – DER third parties: Retail energy provider or aggregators architecture |
| 70 | 9.3 Level 3: Third parties: ICT impacts |
| 71 | 9.4 Level 3: Third parties ICT: Resilience recommendations 9.4.1 Third party ICT designers: Resilience recommendations Table 6 – Level 3 impact severities due to malicious attacks and failures of DER ICT |
| 73 | 9.4.2 ICT users: Access recommendations |
| 74 | 10 Level 4: Distribution operations analysis resilience recommendations 10.1 Level 4 DSO analysis: Architecture Figure 10 – Distribution operations architecture |
| 75 | 10.2 Level 4 DSO analysis: Vulnerabilities |
| 76 | 10.3 Level 4 DSO analysis: Impacts |
| 77 | Table 7 – Level 4 impact severities due to malicious attacks and failures of DMS or DERMS |
| 78 | 10.4 Level 4 DSO analysis: Resilience recommendations 10.4.1 Resilient design of distribution grid equipment with DER systems 10.4.2 Resilience through DSO grid operations with DER systems |
| 79 | 10.4.3 Resilience through power system analysis |
| 80 | 10.4.4 Resilience by stakeholder training |
| 81 | Annexes Annex A (informative) NISTIR 7628 Smart Grid Catalog of Security Requirements A.1 NISTIR 7628 families of security requirements Table A.1 – NIST Smart Grid Security Requirements Families |
| 82 | A.2 Detailed NISTIR 7626 Catalogue of Smart Grid Security Requirements Table A.2 – Detailed NIST Catalogue of Smart Grid Security Requirements |
| 87 | Annex B (informative) IT security guidelines B.1 Overview of cyber security issues for DER systems B.2 Security guidelines and policies across organizational boundaries |
| 89 | B.3 User and device authentication |
| 91 | B.4 Good practices for specifying and implementing cryptography |
| 92 | B.5 Cryptographic methods |
| 93 | B.6 Cryptography used for transport layer security on networks |
| 94 | B.7 Wireless cryptography B.8 Key management using Public Key Cryptography |
| 96 | B.9 Multicast and group keys B.10 Device and platform integrity B.11 Resilient network configurations |
| 97 | B.12 Network and system management (NSM) B.13 Some additional cyber security techniques B.14 Security testing procedures |
| 98 | B.15 Security interoperability |
| 99 | Annex C (informative) Mapping between IEC 62443-3-3, NISTIR 7628, and IEC TR 62351-12 C.1 Mapping table |
| 100 | Table C.1 – Mapping between IEC 62443-3-3, NISTIR 7628, and IEC TR 62351-12 |
| 105 | C.2 IEC TR 62351-12 cyber security items not mapped to all guidelines |
| 106 | Table C.2 – IEC 62351-12 cyber security items not mapped to all guidelines |
| 108 | Annex D (informative) Glossary of terms |
| 109 | Bibliography |
Related products
-
BSI PD IEC/TR 62351-12:2016
Power systems management and associated information exchange. Data and communications security – Resilience and security…
