ДСТУ IEC/TS 62351-7:2016 Управление энергетическими системами и связанный с ним информационный обмен. Безопасность данных и коммуникаций. Часть 7. Модели объектов данных для управления системой и сетью (NSM)...

НАЦІОНАЛЬНИЙ СТАНДАРТ УКРАЇНИ

IEC/TS 62351-7:2010

POWER SYSTEMS MANAGEMENT AND ASSOCIATED INFORMATION EXCHANGE — DATA AND COMMUNICATIONS SECURITY
Part 7: Network and system management (NSM)

ДСТУ IEC/TS 62351-7:2016
(IEC/TS 62351-7:2010, IDT)

КЕРУВАННЯ ЕНЕРГЕТИЧНИМИ СИСТЕМАМИ ТА ПОВ’ЯЗАНИЙ ІЗ НИМ ІНФОРМАЦІЙНИЙ ОБМІН. БЕЗПЕКА ДАНИХ ТА КОМУНІКАЦІЙ
Частина 7. Моделі об’єктів даних для керування системою та мережею (NSM)

Відповідає офіційному тексту

Київ
З питань придбання офіційного видання звертайтесь до національного органу стандартизації
(ДП «УкрНДНЦ»)
2016

CONTENTS

FOREWORD

1 Scope

2 Normative references

3 Terms and definitions

4 Glossary of terms and definitions

5 Background of network and system management (NSM) requirements (informative)

5.1 Objectives of IEC NSM standards

5.1.1 Scope of end-to-end security

5.1.2 End-to-end security measures

5.1.3 Security purposes

5.1.4 Role of network and system management (NSM) in end-to-end security

5.1.5 Scope of the NSM standard

5.2 Current lack of coherent information infrastructure

5.3 Intrusion detection systems (IDS)

5.3.1 ISO/IEC 18043 IDS guidelines

5.3.2 Intrusion detection system (IDS) concepts

5.3.3 IDS: Passive observation techniques

5.3.4 IDS: Active security monitoring architecture with NSM data objects

5.4 Network and system management (NSM) concepts

5.4.1 IETF and ISO network management standards

5.4.2 ISO NSM categories

5.4.3 Simple network management protocol (SNMP)

5.4.4 Management information bases (MIBs)

5.4.5 NSM “data objects” for power system operations

6 Security and reliability NSM requirements for power system operations (informative)

6.1 NSM requirements: Monitoring and controlling the networks and protocols

6.1.1 Network configuration monitoring and control

6.1.2 Network backup monitoring

6.1.3 Network communications failures and degradation monitoring

6.1.4 Communication protocol monitoring

6.2 NSM requirements: Monitoring and management of end systems

6.2.1 Monitoring end systems

6.2.2 Security control and management of end systems

6.3 NSM requirements: Intrusion detection functions

6.3.1 Detecting unauthorized access

6.3.2 Detecting resource exhaustion as a denial of service (DoS) attack

6.3.3 Detecting buffer overflow DoS attacks

6.3.4 Detecting tampered/Malformed PDUs

6.3.5 Detecting physical access disruption

6.3.6 Detecting invalid network access

6.3.7 Detecting coordinated attacks

7 NSM abstract data types

7.1 Abbreviated terms

7.2 NSM data object constructs

7.2.1 NSM data object fields

7.2.2 Construction of data objects

7.2.3 Access to data objects

7.3 High level NSM data type structures

7.3.1 Opaque (not known / not specified / special)

8 NSM abstract data objects

8.1 Communications health NSM data objects

8.1.1 Network configuration monitoring and control

8.1.2 Network backup monitoring

8.1.3 Network communications failures and degradation monitoring

8.1.4 Communication protocol monitoring

8.2 End system health NSM data objects

8.2.1 End system monitoring

8.2.2 End system security management

8.3 Intrusion detection NSM data objects

8.3.1 Unauthorized access NSM data objects

8.3.2 Resource exhaustion NSM data objects

8.3.3 Buffer overflow NSM data objects

8.3.4 Tampered/malformed PDUs

8.3.5 Physical access disruption

8.3.6 Invalid network access

8.3.7 Coordinated attacks

Bibliography

Figure 1 - Comparison of NSM data objects with IEC 61850 objects

Figure 2 - Management of both the power system infrastructure and the information infrastructure

Figure 3 - Power system operations systems, illustrating the security monitoring architeture

Figure 4 - Information exchange between applications: generic communication topology

Figure 5 - Active security monitoring architecture with NSM data objects

Figure 6 - Alarm structure

Figure 7 - Status structure

Figure 8 - Measurement structure

Figure 9 - Setting structure

Figure 10 - Array

Figure 11 - Table

Figure 12 - Control hardware

Figure 13 - Control software