Content Description

IEC TS 60870-5-7:2025, which is a technical specification, describes messages and data formats for implementing IEC 62351-5:2023 for secure communication as an extension to IEC 60870-5-101 and IEC 60870-5-104.
The purpose of this document is to permit the receiver of any IEC 60870-5-101/-104 Application Protocol Data Unit (APDU) to verify that the APDU was transmitted by an authorized user and that the APDU was not modified in transit.
This document is also intended to be used, together with the definitions of IEC 62351-3:2023, in conjunction with the IEC 60870-5-104 companion standard.
The state machines, message sequences, and procedures for exchanging these messages are defined in IEC 62351-5:2023. This document describes only the message formats, selected options, critical operations, addressing considerations and other adaptations required to implement IEC 62351 in the IEC 60870-5-101 and IEC 60870-5-104 protocols.
In addition to the previous edition, this new edition of this document also addresses role-based access control, by utilizing the IEC 62351-8 RBAC approach and the already defined role to permission mapping from IEC 62351-5:2023.
The scope of this document does not include security for IEC 60870-5-102 or IEC 60870-5-103. IEC 60870-5-102 is in limited use only and will therefore not be addressed. Users of IEC 60870-5-103 desiring a secure solution need to implement IEC 61850 using the security measures from in IEC 62351 referenced in IEC 61850.
Management of keys, certificates or other cryptographic credentials within devices or on communication links other than IEC 60870-5-101/104 is out of the scope of this document and might be addressed by other IEC 62351 publications in the future.
This second edition cancels and replaces the first edition published in 2013. This edition constitutes a technical revision.
This edition includes the following significant technical changes with respect to the previous edition:
a) This edition has been completely revised with respect to the previous edition;
b) Alignment with updated versions of IEC 62351-3:2023 and IEC 62351-5:2023;
c) Definition of specific profiles for application layer and transport layer;
d) Introduction of Session Initiation Request to handle situations in which the called station reestablishes a connection;
e) Inclusion of multicast security for the unbalanced mode of IEC 60870-5-101 including key management;
f) Consideration of RBAC based on IEC 62351-8.
This Technical Specification is to be used in conjunction with IEC 62351-5:2023 and IEC 60870-5-104:2016.

About IEC

The IEC is a global, not-for-profit membership organization, whose work underpins quality infrastructure and international trade in electrical and electronic goods. The IEC facilitates technical innovation, affordable infrastructure development, efficient and sustainable energy access, smart urbanization and transportation systems, climate change mitigation, and increases the safety of people and the environment.

 

The IEC brings together ~170 countries and provides a global, neutral and independent standardization and conformity assessment platform for 30 000 experts globally. It administers 4 Conformity assessment systems whose members certify that devices, systems, installations, services and people work as required.

 

The IEC publishes around 10 000 IEC International Standards which together with conformity assessment provide the technical framework that allows governments to build national quality infrastructure and companies of all sizes to buy and sell consistently safe and reliable products in most countries of the world. IEC International Standards serve as the basis for risk and quality management and are used in testing and certification to verify that manufacturer promises are kept.