Attention: Your browser doesn't support javascript or you have deactivated Javascript in your browser. Please enable Javascript in your browser in order to be able to use all functions of this website.

NA 022

DKE German Commission for Electrical, Electronic & Information Technologies of DIN and VDE

About DKE Projects Drafts Publications Documents withdrawn without replacement National committees European committees International committees

Standards [CURRENT]

DIN EN IEC 62351-9 ; VDE 0112-351-9:2025-07
Power systems management and associated information exchange - Data and communications security - Part 9: Cyber security key management for power system equipment (IEC 62351-9:2023); German version EN IEC 62351-9:2023

Title (German)

Energiemanagementsysteme und zugehöriger Datenaustausch - IT-Sicherheit für Daten und Kommunikation - Teil 9: Cybersicherheit Schlüsselmanagement für Stromversorgungsanlagen (IEC 62351-9:2023); Deutsche Fassung EN IEC 62351-9:2023

Overview

This part of IEC 62351 specifies cryptographic key management, with respect to the management of long-term keys, which are most often asymmetric key pairs, such as certificates and corresponding private keys. Symmetric key management is also considered but only with respect to session keys for group-based communication as applied in IEC 62351-6. The objective of this document is to define requirements and technologies to achieve interoperability of key management by specifying or limiting key management options to be used. The requirements for the management of pairwise symmetric (session) keys in the context of communication protocols is specified in the parts of IEC 62351 utilizing or specifying pairwise communication. The actions of the organization in response to security events that require error handling are beyond the scope of this document and are expected to be defined by the organizations security policy. The standard differs from DIN EN 62351-9 (VDE 0112-351-9):2018-05 as follows: a) certificate components and verification of the certificate components have been added; b) GDOI has been updated to include findings from interop tests; c) GDOI operation considerations have been added; d) GDOI support for PTP (IEEE 1588) support has been added as specified by IEC/IEEE 61850-9-3 Power Profile; e) cyber security event logging has been added as well as the mapping to IEC 62351-14; f) Annex B with background on utilized cryptographic algorithms and mechanisms has been added. It should be noted that separate documents exist that specify the handling of security warnings and alarms resulting from the logging of security events and monitoring information. The handling of security events is defined in even greater detail in IEC 62351-14, while the handling of object status monitoring is specified in IEC 62351-7.