iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
IEC

IEC TS 60870-5-7:2025

(Main)

Telecontrol equipment and systems - Part 5-7: Transmission protocols - Security extensions to IEC 60870-5-101 and IEC 60870-5-104 protocols (applying IEC 62351)

Telecontrol equipment and systems - Part 5-7: Transmission protocols - Security extensions to IEC 60870-5-101 and IEC 60870-5-104 protocols (applying IEC 62351)

IEC TS 60870-5-7:2025, which is a technical specification, describes messages and data formats for implementing IEC 62351-5:2023 for secure communication as an extension to IEC 60870-5-101 and IEC 60870-5-104.
The purpose of this document is to permit the receiver of any IEC 60870-5-101/-104 Application Protocol Data Unit (APDU) to verify that the APDU was transmitted by an authorized user and that the APDU was not modified in transit.
This document is also intended to be used, together with the definitions of IEC 62351-3:2023, in conjunction with the IEC 60870-5-104 companion standard.
The state machines, message sequences, and procedures for exchanging these messages are defined in IEC 62351-5:2023. This document describes only the message formats, selected options, critical operations, addressing considerations and other adaptations required to implement IEC 62351 in the IEC 60870-5-101 and IEC 60870-5-104 protocols.
In addition to the previous edition, this new edition of this document also addresses role-based access control, by utilizing the IEC 62351-8 RBAC approach and the already defined role to permission mapping from IEC 62351-5:2023.
The scope of this document does not include security for IEC 60870-5-102 or IEC 60870-5-103. IEC 60870-5-102 is in limited use only and will therefore not be addressed. Users of IEC 60870-5-103 desiring a secure solution need to implement IEC 61850 using the security measures from in IEC 62351 referenced in IEC 61850.
Management of keys, certificates or other cryptographic credentials within devices or on communication links other than IEC 60870-5-101/104 is out of the scope of this document and might be addressed by other IEC 62351 publications in the future.
This second edition cancels and replaces the first edition published in 2013. This edition constitutes a technical revision.
This edition includes the following significant technical changes with respect to the previous edition:
a) This edition has been completely revised with respect to the previous edition;
b) Alignment with updated versions of IEC 62351-3:2023 and IEC 62351-5:2023;
c) Definition of specific profiles for application layer and transport layer;
d) Introduction of Session Initiation Request to handle situations in which the called station reestablishes a connection;
e) Inclusion of multicast security for the unbalanced mode of IEC 60870-5-101 including key management;
f) Consideration of RBAC based on IEC 62351-8.
This Technical Specification is to be used in conjunction with IEC 62351-5:2023 and IEC 60870-5-104:2016.

General Information

Status
Published
Publication Date
17-Mar-2025
ICS
33.200 - Telecontrol. Telemetering
Technical Committee
TC 57 - Power systems management and associated information exchange
Drafting Committee
WG 3 - TC 57/WG 3
Current Stage
PPUB - Publication issued
Start Date
18-Mar-2025
Completion Date
28-Mar-2025
Ref Project

Relations

Revises
IEC TS 60870-5-7:2013 - Telecontrol equipment and systems - Part 5-7: Transmission protocols - Security extensions to IEC 60870-5-101 and IEC 60870-5-104 protocols (applying IEC 62351)
Effective Date
05-Sep-2023
IEC TS 60870-5-7:2025 - Telecontrol equipment and systems - Part 5-7: Transmission protocols - Security extensions to IEC 60870-5-101 and IEC 60870-5-104 protocols (applying IEC 62351) Released:18. 03. 2025 Isbn:9782832702758IEC TS 60870-5-7:2025 - Telecontrol equipment and systems - Part 5-7: Transmission protocols - Security extensions to IEC 60870-5-101 and IEC 60870-5-104 protocols (applying IEC 62351) Released:18. 03. 2025 Isbn:9782832702758
PreviousNext
Technical specification
IEC TS 60870-5-7:2025 - Telecontrol equipment and systems - Part 5-7: Transmission protocols - Security extensions to IEC 60870-5-101 and IEC 60870-5-104 protocols (applying IEC 62351) Released:18. 03. 2025 Isbn:9782832702758
English language
50 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)


IEC TS 60870-5-7 ®
Edition 2.0 2025-03
TECHNICAL
SPECIFICATION
Telecontrol equipment and systems –
Part 5-7: Transmission protocols – Security extensions to IEC 60870-5-101 and
IEC 60870-5-104 protocols (applying IEC 62351)

All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form
or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from
either IEC or IEC's member National Committee in the country of the requester. If you have any questions about IEC
copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or
your local IEC member National Committee for further information.

IEC Secretariat Tel.: +41 22 919 02 11
3, rue de Varembé info@iec.ch
CH-1211 Geneva 20 www.iec.ch
Switzerland
About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.

About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigendum or an amendment might have been published.

IEC publications search - webstore.iec.ch/advsearchform IEC Products & Services Portal - products.iec.ch
The advanced search enables to find IEC publications by a Discover our powerful search engine and read freely all the
variety of criteria (reference number, text, technical publications previews, graphical symbols and the glossary.
committee, …). It also gives information on projects, replaced With a subscription you will always have access to up to date
and withdrawn publications. content tailored to your needs.

IEC Just Published - webstore.iec.ch/justpublished
Electropedia - www.electropedia.org
Stay up to date on all new IEC publications. Just Published
The world's leading online dictionary on electrotechnology,
details all new publications released. Available online and once
containing more than 22 500 terminological entries in English
a month by email.
and French, with equivalent terms in 25 additional languages.

Also known as the International Electrotechnical Vocabulary
IEC Customer Service Centre - webstore.iec.ch/csc
(IEV) online.
If you wish to give us your feedback on this publication or need

further assistance, please contact the Customer Service
Centre: sales@iec.ch.
IEC TS 60870-5-7 ®
Edition 2.0 2025-03
TECHNICAL
SPECIFICATION
Telecontrol equipment and systems –

Part 5-7: Transmission protocols – Security extensions to IEC 60870-5-101 and

IEC 60870-5-104 protocols (applying IEC 62351)

INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
ICS 33.200  ISBN 978-2-8327-0275-8

– 2 – IEC TS 60870-5-7:2025 © IEC 2025
CONTENTS
FOREWORD . 4
1 Scope . 6
2 Normative references . 6
3 Terms, definitions and abbreviated terms . 7
3.1 Terms and definitions . 7
3.2 Abbreviated terms. 8
4 Overview of IEC 60870-5-7 profiles . 9
5 A-Profile: Implementation of IEC 62351-5 . 9
5.1 General . 9
5.2 Selected options . 9
5.2.1 Overview of clause . 9
5.2.2 MAC algorithms . 10
5.2.3 Encryption algorithms . 10
5.3 Implementation of procedures . 10
5.3.1 Overview of clause . 10
5.3.2 Detection of communication failures . 10
5.3.3 Algorithm selection for Update Keys derivation . 10
5.3.4 Session keys – Application and management . 10
5.3.5 Co-existence with non-secure implementations . 13
5.4 Implementation of messages. 13
5.4.1 Overview of clause . 13
5.4.2 Data definitions. 14
5.4.3 Application Service Data Units . 19
6 T-Profile Security: Implementation of IEC 62351-3 . 37
7 Security profiles for IEC 60870-5-101 and IEC 60870-5-104 . 38
7.1 General . 38
7.2 Security profiles for IEC 60870-5-101 . 38
7.3 Security profiles for IEC 60870-5-104 . 38
7.3.1 General. 38
7.3.2 Use with redundant channels . 38
8 Considerations for role-based access control (RBAC) . 39
8.1 General . 39
8.2 Permission definition . 40
8.3 Role-to-permission assignment . 41
9 Protocol Implementation Conformance Statement . 42
9.1 Overview of clause . 42
9.2 Algorithms for digital certificates. 42
9.2.1 Cryptographic curves for key pair generation . 42
9.2.2 Certificate signature algorithms . 42
9.3 MAC algorithms . 43
9.3.1 General. 43
9.3.2 MAC algorithms for serial links . 43
9.3.3 MAC algorithms for TCP/IP links . 43
9.4 Key wrap algorithms . 43
9.5 Data protection algorithms . 43
9.5.1 General. 43

9.5.2 Data protection algorithms for serial links . 43
9.5.3 Data protection algorithms for TCP/IP links . 44
9.6 Configurable parameters . 44
9.7 Configurable statistic thresholds and statistic information object addresses . 45
9.8 Security profile support . 46
Annex A (informative) Implementation of A-Profile security with IEC 60870-5-101 . 47
Annex B (informative) Devices with inaccurate clocks . 49
Bibliography . 50

Figure 1 – IEC 60870-5-7 Profiles . 9
Figure 2 – ASDU segmentation control . 15
Figure 3 – Segmenting extended ASDUs . 16
Figure 4 – Illustration of ASDU segment reception state machine . 19
Figure 5 – Example of a MAC calculation of a Secure Data message . 20
Figure 6 – ASDU: S_AQ_NA_1 Association Request . 21
Figure 7 – Association Request PRI field . 21
Figure 8 – ASDU: S_AP_NA_1 Association Response . 22
Figure 9 – ASDU: S_UH_NA_1 Update Key Change Request. 23
Figure 10 – ASDU: S_UP_NA_1 Update Key Change Response . 24
Figure 11 – ASDU: S_SI_NA_1 Session Initiation Request . 25
Figure 12 – ASDU: S_SQ_NA_1 Session Request . 27
Figure 13 – Session Request PRI field . 28
Figure 14 – ASDU: S_SP_NA_1 Session Response . 29
Figure 15 – ASDU: S_KH_NA_1 Session Key Change Request . 31
Figure 16 – Example of an initial Broadcast Session Key distribution . 33
Figure 17 – Examples of Broadcast Session Key update . 34
Figure 18 – ASDU: S_KP_NA_1 Session Key Change Response. 35
Figure 19 – Example of an AEAD calculation of a Secure Data message . 36
Figure 20 – ASDU: S_SD_NA_1 Secure Data . 37
Figure 21 – RBAC mapped to IEC 60870-5-101/-104. 39
Figure A.1 – Unbalanced transmission system . 47
Figure A.2 – Balanced transmission system . 48

Table 1 – Additional cause of transmission. 14
Table 2 – Additional type identifiers . 14
Table 3 – ASDU segment reception state machine . 18
Table 4 – Session Initiation Request: data Included in MAC calculation (in order) . 27
Table 5 – Session Response: data Included in MAC calculation (in order) . 30
Table 6 – Data Included in WKD for Broadcast Session Key change (in order) . 32
Table 7 – List of pre-defined permissions . 40
Table 8 – List of pre-defined role-to-permission assignments for IEC 60870-5-101/-104
(updated version from IEC 62351-5:2023) . 41
Table 9 – List of the configurable parameters . 44
Table 10 – Security statistic . 45

– 4 – IEC TS 60870-5-7:2025 © IEC 2025
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
TELECONTROL EQUIPMENT AND SYSTEMS –

Part 5-7: Transmission protocols – Security extensions to
IEC 60870-5-101 and IEC 60870-5-104 protocols
(applying IEC 62351)
FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote international
co-operation on all questions concerning standardization in the electrical and electronic fields. To this end and
in addition to other activities, IEC publishes International Standards, Technical Specifications, Technical Reports,
Publicly Available Specifications (PAS) and Guides (hereafter referred to as "IEC Publication(s)"). Their
preparation is entrusted to technical committees; any IEC National Committee interested in the subject dealt with
may participate in this preparatory work. International, governmental and non-governmental organizations liaising
with the IEC also participate in this preparation. IEC collaborates closely with the International Organization for
Standardization (ISO) in accordance with conditions determined by agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC Nationa
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

IEC
IEC TR 61850-90-20:2025(Main)
Communication networks and systems for power utility automation - Part 90-20: Use cases of redundancy in systems

IEC TR 61850-90-20:2025, which is a technical report, describes use cases of redundancy in systems.
This document considers use cases of duplication of function and devices and covers redundancy of information flow at message level. Functional safety is out of scope of this document. To keep focus on details relevant for this document, some figures and drawings do not show electrical wiring, redundant coils, etc, where this is not important for the use case.
This document is not a guideline on the design of redundancy systems; guidance on designing redundancy systems can be found in textbooks

  • Technical report
    31 pages
    English language
    sale 15% off
IEC
IEC 61850-10:2012(Main)
Communication networks and systems for power utility automation - Part 10: Conformance testing

IEC 61850-10:2012 specifies standard techniques for testing of conformance of client, server and sampled value devices and engineering tools, as well as specific measurement techniques to be applied when declaring performance parameters. The use of these techniques will enhance the ability of the system integrator to integrate IEDs easily, operate IEDs correctly, and support the applications as intended. The major technical changes with regard to the previous edition are as follows:
- updates to server device conformance test procedures;
- additions of certain test procedures (client device conformance, sampled values device conformance, (engineering) tool related conformance, GOOSE performance).

  • Standard
    190 pages
    English language
    sale 15% off
  • Standard
    170 pages
    English and French language
    sale 15% off
IEC
IEC 61850-10:2012/AMD1:2025(Amendment)
Amendment 1 - Communication networks and systems for power utility automation - Part 10: Conformance testing
  • Standard
    72 pages
    English language
    sale 15% off
  • Standard
    75 pages
    French language
    sale 15% off
  • Standard
    147 pages
    English and French language
    sale 15% off
IEC
IEC TS 61850-6-3:2025(Main)
Communication networks and systems for power utility automation - Part 6-3: Format of machine-processable rules for validation of IEC 61850 XML-based files

IEC TS 61850-6-3:2025, which is a Technical Specification, describes how to use and define formal rules, in a machine-processable format: OCL, that can be imported and interpreted by tools.
The following main use cases are supported:
– Validate SCL files at every stage of the specification and engineering process;
– Verify the conformity of a SCL file after completion of the upgrading/downgrading rules;
– Extend standard OCL rules with private OCL rules
The purpose of this document is limited to the publication of the format and method to write correct and structured rules. The rules themselves are published as code components of the corresponding IEC 61850 parts.

  • Technical specification
    33 pages
    English language
    sale 15% off
IEC
IEC 62488-1:2025(Main)
Power line communication systems for power utility applications - Part 1: Planning of analogue and digital power line carrier systems operating over HV electricity grids

IEC 62488-1:2025 applies to the planning of analogue (APLC), digital (DPLC) and hybrid analogue-digital (ADPLC) power line carrier communication systems operating over HV electric power networks. The object of this document is to establish the planning of the services and performance parameters for the operational requirements to transmit and receive data efficiently and reliably.
Such analogue and digital power line carrier systems are used by the different electricity supply industries and integrated into their communication infrastructure using common communication technologies such as radio links, fibre optic and satellite networks
This second edition cancels and replaces the first edition published in 2012. This edition constitutes a technical revision.
This edition includes the following significant technical changes with respect to the previous edition:
a) Complete revision of this edition with respect to the previous edition with the main focus on planning of analogue and digital power line carrier systems operating over HV power networks;
b) A general structure of a bidirectional point-to-multipoint APLC, DPLC or ADPLC link has been introduced;
c) Introduction of a new approach for global frequency planning.

  • Standard
    105 pages
    English language
    sale 15% off
  • Standard
    112 pages
    French language
    sale 15% off
  • Standard
    217 pages
    English and French language
    sale 15% off
IEC
IEC TS 61850-7-7:2018/AMD1:2023/COR1:2025(Amendment)
Corrigendum 1 - Amendment 1 - Communication networks and systems for power utility automation - Part 7-7: Machine-processable format of IEC 61850-related data models for tools
  • Technical specification
    3 pages
    English language
    sale 15% off
IEC
IEC TR 61850-90-30:2025(Main)
Communication networks and systems for power utility automation - Part 90-30: IEC 61850 Function Modelling in SCL

IEC TR 61850-90-30:2025, which is a Technical Report, describes extensions of the SCL Substation/Process Section allowing the creation of a comprehensive, IED and hardware independent specification of an IEC 61850 based power system.
It addresses how to:
• decompose functions in SCL
• show function classifications in SCL
• relate functions with the SCL Substation and Process Section
• relate functions to Logical Nodes and IEDs/Specification IEDs
• present information flow between functions in a hardware/implementation independent way
• position Functions in relation to "Application Schemes", "Distributed Functions", "Protection Schemes"
• consider the relationship to Basic Application Profiles (BAP) defined in IEC TR 61850-7-6
The document addresses the engineering process as far as it is related to the specification of Functions and their instantiation in IEC 61850 based power system. This includes the impact on the SCL Process Section during system configuration.
The engineering process related to the definition of Applications and their instantiation is addressed in the Basic Application Profile Document (BAP) in IEC TR 61850-7-6.
The System Configuration process is described in IEC 61850-6.
Modifications and extensions of SCL are done in a way to guarantee backwards compatibility.
In addition, this document introduces:
• Some further elements to SCL that improve the content and usefulness of SSD files and facilitate the handling of SCL files for engineering purposes,
• New variants of IED specific files: ISD file and FSD files,
• Evolution of the engineering rights management, to first improve the usage of SED and add a new concept of System Configuration Collaboration (SCC file) which allows collaboration on the same project with different engineers.

  • Technical report
    184 pages
    English language
    sale 15% off
IEC
IEC TR 61850-90-21:2025(Main)
Communication networks and systems for power utility automation - Part 90-21: Travelling Wave Fault Location

IEC TR 61850-90-21:2025, which is a Technical Report, aims to provide background information, use cases, data models and guidance on the application of such a technique.
This document will
1) describe the principles of fault location based on travelling waves aided by communications;
2) specify use cases for this method under the following application scenarios:
a) Single-ended fault location,
b) Double-ended fault location through communications between two devices,
c) Double-ended fault location with communications to a master station,
d) Wide area fault location applications,
e) Pulse radar echo method,
f) Substation integration with other fault location and disturbance recording functions,
g) Testing and calibration;
3) describe the information model for each use case;
4) give guidance on scheme configuration.

  • Technical report
    98 pages
    English language
    sale 15% off
IEC
IEC 62746-4:2024(Main)
Systems interface between customer energy management system and the power management system - Part 4: Demand Side Resource Interface

IEC 62746-4:2024 describes CIM profiles for Demand-Side Resource Interface and is based on the use case shown in Annex A of this document. Schemas associated with this document were generated using the CIM101 UML and leverages the Market package. This document defines profiles complimentary to other standards, namely those in IEC 61970, IEC 61968, and IEC 62325.

  • Standard
    153 pages
    English and French language
    sale 15% off
IEC
IEC TR 61850-7-6:2024(Main)
Communication networks and systems for power utility automation - Part 7-6: Guideline for definition of Basic Application Profiles (BAPs) using IEC 61850

IEC TR 61850-7-6:2024, which is a Technical Report, is focused on building application / function profiles and specifies a methodology to define Basic Application Profiles (BAPs), in textual documents (edition 1, 2019) or in a machine processable SCL format (current edition). These Basic Application Profiles provide a framework for interoperable interaction within or between typical substation automation functions. BAPs are intended to define a subset of features of IEC 61850 in order to facilitate interoperability in a modular way in practical applications.
It is the intention of this document to provide a common and generic way to describe the functional behavior of a specific application function in the domain of power utility automation systems as a common denominator of various possible interpretations/implementations of using IEC 61850.
The guidelines in this document are based on the functional definitions of:
• IEC 61850-5, Communication requirements for functions and device models, which gives a comprehensive overview of all application functions needed in a state-of-the-art substation automation implementation.
• IEC TR 61850-7-500, Basic information and communication structure – Use of logical nodes for modelling application functions and related concepts and guidelines for substations, which illustrates and explains application functions for the substation/protection domain of Logical Nodes in modelling simple and complex functions, to improve common understanding in modelling and data exchange, and finally to lead to interoperable implementations.
• IEC TR 61850-90-3, Using IEC 61850 for condition monitoring diagnosis and analysis, which gives use cases and data modelling for condition monitoring diagnosis and analysis functions for substation and power grid facilities.
• IEC TR 61850-90-30, IEC 61850 Function Modelling in SCL, which describes extensions of the SCL Substation/Process Section allowing to create a comprehensive, IED and hardware independent specification of an IEC 61850 based power system.
This document does not describe the applications and respective implementation requirements; the focus is on their typical information exchange including data and communication services and engineering conventions.
This second edition cancels and replaces the first edition published in 2019. This edition constitutes a technical revision.
This edition includes the following significant technical changes with respect to the previous edition:
a) New Clause 5 added to describe the way to express Basic Application Profile in SCL files;
b) New Annex F and Annex G added to list specific use cases and roles of the Concept Definition Tool.

  • Technical report
    144 pages
    English language
    sale 15% off