IEC TR 62351-90-2-2018 PDF

Full title and description

Power systems management and associated information exchange - Data and communications security - Part 90-2: Deep packet inspection of encrypted communications. This Technical Report discusses the application of Deep Packet Inspection (DPI) techniques to communication channels used in power systems that are secured under the IEC 62351 family, outlining current techniques, risks, costs and proposals to mitigate limitations of existing solutions.

Abstract

IEC TR 62351-90-2:2018 presents a state-of-the-art survey of Deep Packet Inspection (DPI) approaches applicable to channels protected by IEC 62351. It explains where DPI can be applied, distinguishes channels that are encrypted from those protected only for integrity/non-repudiation, highlights security and privacy risks introduced by performing DPI on secured traffic, and outlines implementation cost considerations and advanced proposals to overcome limitations of current solutions.

General information

• Status: Published / Active.
• Publication date: 20 September 2018.
• Publisher: International Electrotechnical Commission (IEC), TC 57.
• ICS / categories: 33.200 (Telecontrol, telemetering — information security and data privacy).
• Edition / version: Edition 1.0 (ed.1.0).
• Number of pages: 28.

Key bibliographic details above are drawn from the IEC publication record and international standards distributors.

Scope

This Technical Report addresses the need to perform Deep Packet Inspection on communications channels that are secured by parts of IEC 62351. It surveys DPI techniques that can be applied across different channel types, describes the associated security and privacy risks (including when messages are integrity-protected but not encrypted), and estimates implementation costs. The report also describes beyond–state-of-the-art proposals intended to mitigate the main limitations of existing DPI solutions for power system environments.

Key topics and requirements

• Overview of Deep Packet Inspection (DPI) methodologies relevant to power-system communications.
• Analysis of applying DPI to channels secured under IEC 62351 (including encrypted and integrity-only channels).
• Identification of privacy, security and regulatory risks introduced by DPI in operational networks.
• Assessment of implementation costs, performance impacts and operational trade-offs for DPI deployment.
• Proposed advanced techniques and mitigations to address limitations of current DPI approaches in IEC 62351 contexts.

These topics are intended to inform implementers, operators and standards developers about practical DPI options and their trade-offs when working with IEC 62351–protected communications.

Typical use and users

Intended users include utility security architects, control‑system engineers, protocol and network equipment vendors, system integrators, and standards committees (TC 57 stakeholders). The report is used to evaluate DPI feasibility, to inform security policies for monitoring encrypted or integrity‑protected traffic, and to guide procurement and implementation decisions where DPI is considered for operational networks.

Related standards

IEC TR 62351-90-2 is part of the broader IEC 62351 family addressing data and communications security for power systems. Closely related parts and normative references include IEC 62351-3 (network and system security profiles), IEC 62351-4 (MMS profiles), IEC 62351-7 (Network and System Management data models) and other IEC 62351 technical reports (for example parts 90-1 and 90-3). The IEC 62351 series and related parts provide the context and prescriptive profiles that the DPI report references.

Keywords

Deep Packet Inspection, DPI, encrypted communications, IEC 62351, power systems security, TC 57, telecontrol, data and communications security, network monitoring, integrity protection.

FAQ

Q: What is this standard?

A: IEC TR 62351-90-2:2018 is a Technical Report from IEC TC 57 that surveys Deep Packet Inspection techniques applicable to communications channels secured under the IEC 62351 series, examining risks, costs and mitigation proposals.

Q: What does it cover?

A: It covers DPI approaches for different channel types (encrypted and integrity-only), discusses security/privacy implications of inspecting secured traffic, evaluates implementation and operational costs, and suggests advanced techniques to overcome limits of current solutions.

Q: Who typically uses it?

A: Utility security teams, control‑system vendors, network operators, system integrators and standards developers use this report to assess DPI strategies and their fit with IEC 62351 protection profiles.

Q: Is it current or superseded?

A: The document was published on 20 September 2018 (ed.1.0). Its stability date as recorded by the IEC publication metadata extends into the mid‑2020s; users should check the IEC catalogue for any later amendments or newer related publications in the IEC 62351 series.

Q: Is it part of a series?

A: Yes — it is a Technical Report within the IEC 62351 family (data and communications security for power systems). It complements prescriptive parts (for example -3, -4, -7) and other TRs (for example 90-1, 90-3) that together address security profiles, management and technical guidance for power‑system communications.

Q: What are the key keywords?

A: Deep Packet Inspection, DPI, encrypted communications, IEC 62351, power system security, network monitoring, integrity, privacy, TC 57.