IEC TS 62351-7:2010 pdf download – Power systems management and associated information exchange – Data and communications security – Part 7: Network and system management (NSM) data object models
5.4.2 ISO NSM categories
Network management involves many different aspects, but has been organized by the ISOinto 5 areas:
• performance management;
• configuration management;
• accounting management;
• fault management;
• security management.
Of these 5 areas, only accounting management is not directly associated with end-to-end security. The other 4 areas are either directly or indirectly involved in security. For instance, if an equipment failure or a careless parameter change causes degradation of performance, then the reliability of power system operations may be affected; or a change in network configuration could result in a single point of failure that is not recognized until that failure occurs; or an undetected intrusion causes time-sensitive data exchanges to slow down and not reach their destinations in a timely manner.
5.4.3 Simple network management protocol (SNMP) The simple network management protocol (SNMP) was developed by the IETF as the protocol for transmitting MIBs over the Internet. Many systems use SNMP internally as well. However, MIBs do not need to be transmitted by SNMP; any protocol can be used. In this standard, no explicit protocol is identified for transmitting the MIBs. This means that the MIB data may be transferred via whatever protocol is being used, using whatever mapping to objects is appropriate. Some systems and equipment do include SNMP. In these cases, the MIBs could be mapped to SNMP directly.
5.4.4 Management information bases (MIBs) Management information bases (MIBs) are used to define what information is needed to manage the information infrastructure as securely and reliably as the power system infrastructure is managed. Once the security and reliability information requirements are defined, they can be structured as abstract objects, and formatted as standardized as management information base (MIBs) to be compliant with information industry (i.e. IETF’s simple network management protocol – SNMP) standards. These MIBs are the information infrastructure equivalent to the 61 850 object models of the power system infrastructure. In essence, managing the information infrastructure is as crucial to the secure and reliable operation of the power system as any encryption or access management security schemes. Just as power system information (defined in IEC 61 850 and in IEC 61 970) is used to manage the power system, management information base (MIBs) information can be used to manage the information systems. The IETF and many mainstream vendors of network and system products have developed specific MIBs for their products, with the basic assumption that these products will be used over the Internet or an Intranet based on IETF technologies. These should be used where they exist.
However, many products used in power system operations are not expected to (nor should they) be used over open networks, and have therefore not developed or implemented IETF MIBs for network management. These products and systems generally rely on simple monitoring of communication connections by the SCADA systems.
5.4.5 NSM “data objects” for power system operations The NSM “data objects” identified in this standard fill the gap between the existing simple SCADA communications monitoring and the desired secure and reliable information infrastructure for power system operations. “Data objects” are abstract data elements that can be subsequently mapped to different protocols, including IEC 61 850, IEC 60870-5, IEC 60870-6 (TASE.2) and enterprise protocols such as SNMP. This standard specifies the abstract data objects but does not specify the protocols that they may be mapped into. Annexes are planned to provide some common mappings. It also does not specify the actions that could or should be taken upon receiving an NSM alarm or anomaly: those actions are considered to be implementation-specific and are outside the scope for this standard.IEC TS 62351-7 pdf download.
