IEC TR 62351-13-2016 PDF

Full title and description

Power systems management and associated information exchange - Data and communications security - Part 13: Guidelines on security topics to be covered in standards and specifications. This Technical Report offers guidance for standards and specification authors on the security topics that should be considered when developing documents used in the electric power industry; it is intended as a checklist to ensure that the combination of standards applied in an implementation addresses relevant security concerns.

Abstract

IEC TR 62351-13:2016 provides non‑prescriptive guidance identifying security topics and considerations that standards, technical specifications and other normative documents for power systems should address (for example: authentication, confidentiality, integrity, key and certificate management, lifecycle and operational aspects, logging/auditing and testing). The report is aimed at developers of standards and specifications so that, collectively, applicable documents cover an appropriate security baseline for implementations.

General information

• Status: Technical Report (published / active).
• Publication date: 9 August 2016 (IEC webstore listing: 2016-08-09).
• Publisher: International Electrotechnical Commission (IEC), TC 57 (Power systems management and associated information exchange).
• ICS / categories: 33.200 (Telecontrol / Telemetering).
• Edition / version: Edition 1.0 (2016).
• Number of pages: 34 pages (IEC listing).

Scope

Defines a set of security topics and considerations that should be covered—somewhere in the set of standards and specifications used for a power‑industry implementation—so that security objectives for data and communications are addressed in a coordinated way. The TR does not mandate specific technical solutions; rather it acts as guidance and a checklist for standards authors and technical committees.

Key topics and requirements

• Security objectives: confidentiality, integrity, availability and accountability as applied to power system information exchange.
• Authentication and authorization mechanisms (including node and user identity management and certificate usage).
• Cryptography and key management recommendations (algorithms, key lifecycle, certificate management and algorithm agility).
• Secure communications (use of TLS/DTLS, secure profiles for existing protocols and secure transport selection guidance).
• Logging, monitoring and audit requirements to support detection, forensics and compliance.
• Risk assessment and threat modelling guidance to inform which controls are required for a given standard or application.
• Operational lifecycle considerations: device provisioning, patching, configuration management and incident response.
• Conformance, testing and interoperability considerations so that security requirements in different standards work together in implementations.

Typical use and users

Primary users are standards and specification developers (IEC technical committees, national committees, industry consortia) who need to ensure security coverage across related documents. Secondary users include system architects, cybersecurity leads and implementers in utilities, vendors of grid equipment, certification bodies and conformity assessment teams using the checklist to verify that applicable standards collectively address required security topics.

Related standards

Part of the IEC 62351 family (data and communications security for power systems). Related parts and documents include IEC 62351-1/2/3/4/5/6/7/8/9 and other TRs in the 62351 series; the TR is also frequently considered alongside IEC 62443 (industrial automation and control system security), relevant IEEE and IETF specifications (TLS, certificate profiles) and national guidance (e.g., NIST). Cross‑references and normative links commonly cited with this TR appear in industry product listings and cross‑reference tables.

Keywords

Power systems, data security, communications security, IEC 62351, guidelines, standards development, checklists, cryptography, key management, authentication, logging, lifecycle.

FAQ

Q: What is this standard?

A: It is IEC TR 62351-13:2016, a Technical Report in the IEC 62351 series that provides guidelines on security topics to be considered by standards and specifications used in the electric power industry (i.e., guidance for standards authors).

Q: What does it cover?

A: It lists and explains security topics—such as authentication, cryptography and key management, secure communications, logging/auditing, lifecycle and testing—that should be addressed in standards and specifications so that implementations based on those documents meet reasonable security objectives. The TR is descriptive and advisory rather than prescriptive.

Q: Who typically uses it?

A: Standards developers, IEC and national technical committees, utility cybersecurity architects, equipment vendors and conformity assessment bodies use it as a checklist and guidance document to ensure comprehensive security coverage across related standards and products.

Q: Is it current or superseded?

A: As of the current IEC catalogue listings, IEC TR 62351-13:2016 remains the published Technical Report for Part 13 and is included in recent IEC 62351 series collections; it has not been listed as superseded by a newer Part 13 edition. Users should check the IEC webstore or national mirror for the latest change history before assuming permanence.

Q: Is it part of a series?

A: Yes — it is part of the IEC 62351 series (data and communications security for power systems). The series contains multiple normative parts and TRs addressing different protocol profiles, transports and security mechanisms.

Q: What are the key keywords?

A: Power systems security, data and communications security, guidelines, IEC 62351, authentication, cryptography, key management, TLS, logging, standards development.