The IEEE Substation Committee seems to have some new energy with work on three standards: P1686, P1689, and P1711.

P1689 and P1711 are at this point almost identical to AGA 12 Part 1 and 2 respectively. I have blogged on AGA 12 in the past (here, here, and here). Nothing has changed my viewpoint on this, although I am pleased to see AGA 12 now has a couple of authentication only cipher suites.

P1686 is more interesting as it tries to set a minimum set of security controls and functionality for an IED. The Working Group determines what the minimums should be such as at least support for 10 userID’s, 2048 log events and password complexity. They also took a swing at what security events and alarms must be included in every IED.

I like this practical approach as opposed to the quest for near perfection, and it will be interesting to see if IED vendors starting adding P1686 compliant to their spec sheets and brochures once it is finalized.

The listing of twelve security events that must be included in the audit log is one of my favorite parts of the standard. It would be even better if a specific pattern must be included for each event, such as “IED Firmware Change”. This would be very helpful for control system SEM pattern matching. The community would not be required to integrate different pattern matching for each product, a la our data dictionary.

One of the alarms and the Supervisory Permissive Control in Section 5.3 is a bit confusing in places for me, but this is only a draft so it should get worked out.