标准摘要
[中文适用范围]: IEC TS 60870-5-7:2025 是一项技术规范,它描述了实施 IEC 62351-5:2023 进行安全通信的消息和数据格式,作为 IEC 60870-5-101 和 IEC 60870-5-104 的扩展。本文件的目的是允许任何 IEC 60870-5-101/-104 应用协议数据单元 (APDU) 的接收方验证 APDU 是否由授权用户传输,以及 APDU 是否在传输过程中被修改。本文件还旨在与 IEC 62351-3:2023 的定义以及 IEC 60870-5-104 配套标准一起使用。IEC 62351-5:2023 中定义了用于交换这些消息的状态机、消息序列和程序。本文件仅描述了在 IEC 60870-5-101 和 IEC 60870-5-104 协议中实施 IEC 62351 所需的消息格式、选定选项、关键操作、寻址注意事项和其他调整。除了上一版之外,本文件的新版本还利用 IEC 62351-8 RBAC 方法和已定义的角色到权限映射(来自 IEC 62351-5:2023)来解决基于角色的访问控制问题。本文件的范围不包括 IEC 60870-5-102 或 IEC 60870-5-103 的安全性。IEC 60870-5-102 的使用范围有限,因此不予解决。希望获得安全解决方案的 IEC 60870-5-103 用户需要使用 IEC 61850 中引用的 IEC 62351 中的安全措施来实施 IEC 61850。对 IEC 60870-5-101/104 以外的设备内或通信链路上的密钥、证书或其他加密凭证的管理超出了本文档的范围,可能会在未来的其他 IEC 62351 出版物中涉及。第二版取消并取代 2013 年发布的第一版。此版本构成技术修订。此版本与上一版相比包括以下重大技术变化:a) 此版本已针对上一版进行了全面修订;b) 与 IEC 62351-3:2023 和 IEC 62351-5:2023 的更新版本保持一致;c) 定义应用层和传输层的特定配置文件; d) 引入会话发起请求,以处理被叫站重新建立连接的情况;e) 为 IEC 60870-5-101 的非平衡模式(包括密钥管理)纳入多播安全性;f) 考虑基于 IEC 62351-8 的 RBAC。本技术规范将与 IEC 62351-5:2023 和 IEC 60870-5-104:2016 结合使用。 [外文原描述]: IEC TS 60870-5-7:2025, which is a technical specification, describes messages and data formats for implementing IEC 62351-5:2023 for secure communication as an extension to IEC 60870-5-101 and IEC 60870-5-104. The purpose of this document is to permit the receiver of any IEC 60870-5-101/-104 Application Protocol Data Unit (APDU) to verify that the APDU was transmitted by an authorized user and that the APDU was not modified in transit. This document is also intended to be used, together with the definitions of IEC 62351-3:2023, in conjunction with the IEC 60870-5-104 companion standard. The state machines, message sequences, and procedures for exchanging these messages are defined in IEC 62351-5:2023. This document describes only the message formats, selected options, critical operations, addressing considerations and other adaptations required to implement IEC 62351 in the IEC 60870-5-101 and IEC 60870-5-104 protocols. In addition to the previous edition, this new edition of this document also addresses role-based access control, by utilizing the IEC 62351-8 RBAC approach and the already defined role to permission mapping from IEC 62351-5:2023. The scope of this document does not include security for IEC 60870-5-102 or IEC 60870-5-103. IEC 60870-5-102 is in limited use only and will therefore not be addressed. Users of IEC 60870-5-103 desiring a secure solution need to implement IEC 61850 using the security measures from in IEC 62351 referenced in IEC 61850. Management of keys, certificates or other cryptographic credentials within devices or on communication links other than IEC 60870-5-101/104 is out of the scope of this document and might be addressed by other IEC 62351 publications in the future. This second edition cancels and replaces the first edition published in 2013. This edition constitutes a technical revision. This edition includes the following significant technical changes with respect to the previous edition: a) This edition has been completely revised with respect to the previous edition; b) Alignment with updated versions of IEC 62351-3:2023 and IEC 62351-5:2023; c) Definition of specific profiles for application layer and transport layer; d) Introduction of Session Initiation Request to handle situations in which the called station reestablishes a connection; e) Inclusion of multicast security for the unbalanced mode of IEC 60870-5-101 including key management; f) Consideration of RBAC based on IEC 62351-8. This Technical Specification is to be used in conjunction with IEC 62351-5:2023 and IEC 60870-5-104:2016.
英文名称Telecontrol equipment and systems - Part 5-7: Transmission protocols - Security extensions to IEC 60870-5-101 and IEC 60870-5-104 protocols (applying IEC 62351)