IEC 62351-11:2016 pdf free download – Power systems management and associated information exchange – Data andcommunications security
Documents at rest: When XML documents are stored (e.g. at rest)， tamper detection is aminimum requirement. lf the document contains ‘sensitive information,then theconfidentiality of that information needs to be protected through the use of authenticatedencryption. in order to accomplish both objectives，this means that the un-encrypteddocument needs a signature and the encrypted document also needs its ownsignature/integrity protection.The protection of XML documents at rest is out-of-scope ofthis standard and should be implemented through local means.
Documents in transit: The protection of documents in transit requires tamper detectionand authentication as minimum requirements. lf the document contains sensitiveinformation，then the confidentiality of that information needs to be protected through theuse of authenticated encryption. In order to accomplish both objectives， this means thatthe un-encrypted document needs a signature and the encrypted document also needs itsown signaturelintegrity protection.
Documents in transition: In the domain of the lEC，the recipients of XML documentstypically decrypt and parse the information from those documents into a database. Theinformation from the database can then be re-exported to a third actor，in any form(including another XML document). lf sensitive or confidential information was provided inthe initial document,there is no technological mechanism to prevent the application fromexporting that information and defining access controls.
A real example use case is the transfer of power system topology information through theuse of lEC 61970-552.
Figure 2 illustrates this potential problem with Data in Transition. Ultility1 A provides a CIMXML document to Utility B. The document contains the information that must be exchangedbetween Utility A and Utility B, based upon the trustagreements between those utilities. UtilityBimports the information into its database (e.g.EMS). A separate exchange of informationthen needs to occur between Utility B and Utility c. utility A may have no knowledge that sucha transfer may be needed and that some of the “restricted”information may be at risk forexport by Utility B. The goal of the approach to handling data-in-transition recommended hereis to allow Utility A to classify and label specific document content as being sensitive orconfidential and therefore not to be re-exported to partners of Utility B.
Note that document signing, as described herein, is not sufficient for this purpose, as Utility Bhas a legitimate use for the restricted content and accordingly has the ability to decrypt it forimport into an application database. Therefore，another solution needs to be provided -namely, the contractual access-control mechanism described in 6.3.3.
The Scope element is of the xs:string type. There may only be a single value of Scope and the value is used to provide a context to the list of Name(s). The value may be used to detail if the Name(s) are based upon IEC codes or others. The value provided is a local issue. The Name element is of the xs:string type.
6.7 Security algorithm selection
The selection of the security algorithms follows the approach taken in different part of IEC 62351 for the specific security services. The following list provides the security algorithms per security service should constitute the minimum strength of utilized cryptographic algorithms.