DD IEC/TS 62351-8:2011
Current
The latest, up-to-date edition.
Power systems management and associated information exchange. Data and communications security Role-based access control
Hardcopy , PDF
English
31-10-2011
FOREWORD
INTRODUCTION
1 Scope
2 Normative references
3 Terms, definitions and abbreviations
4 RBAC process model
5 Definition of roles
6 General architecture for the PUSH model
7 General architecture for the PULL model
8 General application of RBAC access token
9 Definition of access tokens
10 Transport profiles
11 Verification of access tokens
12 Interoperability
Bibliography
Specifies the access control of users and automated agents - in the following subjects - to data objects in power systems by means of role-based access control (RBAC).
Committee |
PEL/57
|
DocumentType |
Standard
|
Pages |
47
|
PublisherName |
British Standards Institution
|
Status |
Current
|
This technical specification covers the access control of users and automated agents – in the following subjects – to data objects in power systems by means of role-based access control (RBAC). RBAC is not a new concept used by many operating systems to control access to system resources. RBAC is an alternative to the all-or-nothing super-user model. RBAC is in keeping with the security principle of least privilege, which states that no subject should be given more rights than necessary for performing that subject’s job. RBAC enables an organization to separate super-user capabilities and package them into special user accounts termed roles for assignment to specific individuals according to their job needs. This enables a variety of security policies, networking, firewall, back-ups, and system operation. A site that prefers a single strong administrator but wants to let more sophisticated users fix portions of their own system can set up an advanced-user role. RBAC is not confined to users however, it applies equally well to automated computer agents, i.e., software parts operating independent of user interactions. The following interactions are covered by the scope of this technical specification:
local (direct wired) access to the object by a human user;
local (direct wired) access to the object by a local and automated computer agent, e.g. another object at the substation;
direct access by a user to the object using the objects’ built-in HMI or panel;
remote (via dial-up or wireless media) access to the object by a human user;
remote (via dial-up or wireless media) access to the object by a remote automated computer agent, e.g. another object at another substation, or a control centre application.
As in many aspects of security, RBAC is not just a technology; it is a way of running a business. As subject names change more frequently than role names and as role names change more frequently than the rights of a data model (e.g. IEC 61850), it is advisable to store the frequently changing entities (i.e. the subjects names) outside the object. Less frequently changing role names and rights are stored inside the object.
RBAC thus provides a means of reallocating system controls as defined by the organization policy.
The scope of this specification covers everything that is needed for interoperability between systems from different vendors. The purpose of this specification is therefore:
firstly, to introduce ‘subjects-roles-rights’ as authorization concept;
secondly, to promote role-based access control for the entire pyramid in power system management; and
thirdly, to enable interoperability in the multi-vendor environment of substation automation and beyond.
Out of scope for this specification are all topics which are not directly related to the definition of roles and access tokens for local and remote access, especially administrative or organizational tasks, such as:
user names and password definitions/policies;
management of keys and/or key exchange;
engineering of roles;
assignment of roles;
aselection of trusted certificate authorities issuing credentials (access tokens);
defining the tasks of a security officer;
integrating local policies in RBAC.
NOTE These issues will be addressed in IEC/TS 62351-91.
The IEC 62351 series specifies end-to-end security in power systems so that secure connections are established between applications. RBAC is recognized as a potentially efficient and safe means to control access to data objects.
Existing standards (see [ANSI INCITS 359-2004], [IEC 62443], and [IEEE 802.1X-2004]) in the process control industry and access control ([RFC2904] and [RFC2905]) are not sufficient as none of them specify either the exact role name and associated rights, the format of the access tokens or the detailed mechanism by which access tokens are transferred to and authenticated by the target system – however, all this information is needed though for interoperability.
Standards | Relationship |
IEC TS 62351-8:2011 | Identical |
IEC 61850-7-2:2010 | Communication networks and systems for power utility automation - Part 7-2: Basic information and communication structure - Abstract communication service interface (ACSI) |
IEC TS 62351-3:2007 | Power systems management and associated information exchange - Data and communications security - Part 3: Communication network and system security - Profiles including TCP/IP |
IEEE 802.1X-2010 | IEEE Standard for Local and metropolitan area networks--Port-Based Network Access Control |
IEC TS 62351-4:2007 | Power systems management and associated information exchange - Data and communications security - Part 4: Profiles including MMS |
ISO/IEC 9798-2:2008 | Information technology Security techniques Entity authentication Part 2: Mechanisms using symmetric encipherment algorithms |
ISO/IEC 9594-8:2017 | Information technology Open Systems Interconnection The Directory Part 8: Public-key and attribute certificate frameworks |
IEC TS 62351-5:2013 | Power systems management and associated information exchange - Data and communications security - Part 5: Security for IEC 60870-5 and derivatives |
ANSI X9.69 : 2017 | FRAMEWORK FOR KEY MANAGEMENT EXTENSIONS |
ISO/IEC 15946-2:2002 | Information technology Security techniques Cryptographic techniques based on elliptic curves Part 2: Digital signatures |
IEC TS 62351-1:2007 | Power systems management and associated information exchange - Data and communications security - Part 1: Communication network and system security - Introduction to security issues |
IEC PAS 62400:2005 | Structuring principles for technical products and technical product documentation - Letter codes - Main classes and subclasses of objects according to their purpose and task |
IEEE 1815-2012 REDLINE | IEEE Standard for Electric Power Systems Communications-Distributed Network Protocol (DNP3) |
ANSI INCITS 359 : 2012 | INFORMATION TECHNOLOGY - ROLE BASED ACCESS CONTROL |
ANSI X9.73 : 2017 | CRYPTOGRAPHIC MESSAGE SYNTAX - ASN.1 AND XML |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.