The security of Operational Technology (OT) communications has been an issue for over 20 years and is becoming increasingly more important with the proliferation of Internet of Things (IoT) and Industrial IoT (IIoT) devices in OT. These devices use widely available and studied protocols, many riding on an Internet Protocol (IP) network, and use open communications methodologies including wireless and the Internet. In many cases, these protocols have been adapted from legacy protocols or implementations that assumed implicit security due to their proprietary nature and use of closed (non-public) communication networks.
The Power System Communications and Cybersecurity Committee (PSCCC) of the PES is addressing the lack of OT cybersecurity by supporting the development of a number of IEEE Standards, Recommended Practices, and Guides to aid industry in securing their OT communications. These include wrapper protocols and new features added to existing protocols that can secure legacy protocols with minimal changes, as well as the development of new protocols that inherently include cybersecurity as part of their initial implementation. The PSCCC also is developing guidelines and recommended practices on how to apply cybersecurity approaches from other standards and recommendations (e.g., IPsec and IEC 62351) to existing communications; this is especially useful in cases where there are many options and configurations that can be confusing to non-cybersecurity staff implementing them.
- To learn more & get involved, please check out the IEEE PES PSCCC website.
- PSCCC-P0 Protocols and Architectures Subcommittee studies and reviews engineering, operational, and testing aspects of protocol and communication architecture requirements provided by other domains as they are applied and impact the Electric Power System.
- PSCCC-S0 Cybersecurity Subcommittee studies and reviews engineering (including information technology and operation technology), operational, and testing aspects of cybersecurity related to the Electric Power System.
- Both of these subcommittees and their working groups meet face-to-face three times per year (January, May, September) in conjunction with the Power System Relay and Control (PSRC) Committee; many working groups also hold intermediate web meetings.
- IEEE Std 1615-2019 – Recommended Practice for Network Communication for Electric Power Substation Monitoring and Control.
This standard is currently under revision and will provide recommendations in designing and implementing communications networks in field locations.
- IEEE Std. P1711.1 – Standard for a Cryptographic Protocol for Cyber Security of Substation Serial Links: Substation Serial Protection Protocol (SSPP). This standard is currently under development and will describe how to secure serial communications primarily between a control center and field device. It is primarily used to secure byte-oriented protocols, including maintenance access.
- IEEE Std 1711.2-2019 – IEEE Standard for Secure SCADA Communications Protocol (SSCP). This standard, like 1711.1, describes how to secure serial communications between a control center and field devices, and can be used for both byte-oriented and non-byte-oriented protocols. It also supports a non-encrypting mode that allows existing legacy protocol analyzers to be used to debug communications.
- IEEE Std 1815-2012 – Standard for Electric Power Systems Communications-Distributed Network Protocol (DNP3). This standard primarily deals with the DNP3 protocol, but the latest version still in draft addresses cybersecurity with the additional of improvements to the Secure Authentication (SAv6) feature.
- IEEE Std. P2664 – Standard for Streaming Telemetry Transport Protocol. This standard is currently under development and deals primarily with a protocol that is used to transmit streaming data, specifically synchrophasor measurements, but includes capabilities to encrypt the data while in transit.
- IEEE Std 2030.102.1-2020 – IEEE Standard for Interoperability of Internet Protocol Security (IPsec) Utilized within Utility Control Systems. This standard specifies configuration requirements within the relevant Internet Engineering Task Force (IETF) Request for Comments (RFC) for implementation of the Internet Protocol Security (IPsec) protocol suite within a utility control system.
- IEEE Std. P2030.100.2 Guide for Securing Generic Object Oriented System Events (GOOSE) and Sampled Values (SV) Protocols of IEC 61850 using IEC 62351-6 and IEC 62351-9.. This guide is currently under development and will provide guidance in implementing cybersecurity for the IEC 61850 protocol.
- IEEE Std. P2030.103 Standard for Universal Utility Data Exchange (UUDEX). This standard is currently under development and deals primarily with exchange of information between control center functions, but also includes inherent support for cybersecurity including confidentiality, integrity, and fine-grained access control.