Security Requirements for EPU Remote Services

Author: Dennis Holstein, USA

More IEC 62443 Foundational Requirements

In all, IEC 62443 includes seven foundational requirements that must be satisfied by the remote service objective. Table 3 shows the list. Access control and use control were discussed previously.

Data confidentiality (Id=5.3) and data integrity (Id=5.4) bring into play the need for a manageable encryption mechanism. An effective encryption mechanism needs to minimize the processing and memory requirements for the devices performing encryption and decryption.
This is not a problem for high-powered work stations, but it can be a problem for communication network devices (switches, routers, gateways) and IED connected to the network (protective relays, pole-top devices). Equally important are the encryption key life-cycle requirements. CIGRE's technical brochure #603:2014 includes an extensive discussion of these issues in Annex M.

Summary - Lessons Learned
Although combing RBAC and ABAC models provides the needed flexibility, the problems of managing this combined system need more work, probably a new CIGRE D2 working group is needed to develop the framework for a user-friendly and cost-effective management scheme.
There are no third-party certificates that can be trusted now, and without the assumption of liability there won't be any in the future.
A trusted electronic device capable of obtaining and safeguarding electronic evidence is needed.
More specifically:
a.  The device must bind the user's identity to his/her personal device
b.   Has a core of trust that can protect the integrity of one or more electronic pieces of evidence within a trusted execution environment
c.   Ensure that only authorized entities have access to the evidence,
d.   Can witness the traceability of evidence, and
e.    Can send digital evidence to any other entity with the authority to safeguard the electronic evidence

Timely response to an event identifies the need to ensure all alarms triggered by a cyber-induced remote service event is published to an approved interface. It is important to note that simply logging these events is only a prerequisite. Publication of the logged events is needed to ensure timely response.
A standard is needed to normalize the decision process to authenticate remote access and use privileges. 

Relion advanced protection & control.
Protecting your electrical assets? today and tomorrow