Welcome back to this series on security standards for operational technologies. In the last one we investigated IEC 61508 and IEC 61850. You can find a link to that one at the end of this one.

This article will focus exclusively on IEC 62351. IEC 62351 is an international cybersecurity standard focused on protecting communication protocols used in power system automation and control. It is published by the International Electrotechnical Commission (IEC) and is especially important for electric utilities, substations, SCADA systems, and smart grids.

Purpose of IEC 62351

IEC 62351 defines security mechanisms that safeguard power system communications against threats such as:

• Unauthorized access
• Data manipulation
• Eavesdropping
• Replay and spoofing attacks
• Denial-of-Service (DoS)

Its main goal is to ensure:

• Confidentiality
• Integrity
• Authentication
• Availability

for critical grid communications.

Protocols protected by IEC 62351

IEC 62351 does not replace existing power system protocols—it adds security on top of them. Key protocols covered include:

• IEC 60870-5-101 / 104
• IEC 61850 (substation automation)
• DNP3
• ASE.2 / ICCP
• MMS (Manufacturing Message Specification)

Structure of IEC 62351

Like IEC 62443, IEC 62351 consists of several individual documents, in this case ten of them. Details of the individual documents are listed in the table below.

Document	Description
IEC 62351-1	Introduction, terminology, and overview
IEC 62351-2	Glossary of security terms
IEC 62351-3	Network & transport layer security (TLS, IPsec)
IEC 62351-4	Security for MMS-based protocols
IEC 62351-5	Security for IEC 60870-5 and DNP3
IEC 62351-6	Security for IEC 61850 – functional safety for electrical, electronic, and programmable electronic systems
IEC 62351-7	network and system management (monitoring, logging)
IEC 62351-8	Role-Based Access Control (RBAC)
IEC 62351-9	Key management and certificate handling
IEC 62351-10	Security architecture and guidelines

The first two documents, covering terminology and glossary, might seem irrelevant, but keep in mind that much communication in power systems are cross border. That makes it important that different nationalities have the same understanding of the meaning of the terms used when communication with one another.

Note that unlike in IEC 62443, some of the documents are aimed at specific protocols, negating the need to buy all the standard documents!

Where IEC 62351 is used

IEC 62351 is widely applied in:

• Power generation facilities
• Transmission and distribution networks
• Substations and control centres
• Smart grid and DER (Distributed Energy Resources) systems
• Utility OT (Operational Technology) environments

It is often required to comply with both national and international grid cybersecurity regulations.

Why IEC 62351 matters

IEC 62351 is critical because it addresses a fundamental problem in the power sector:
legacy grid communication protocols were designed for reliability, not cybersecurity. As grids become digital, interconnected, and remotely operated, this gap becomes a serious risk.Below are the key reasons why IEC 62351 truly matters, beyond just “compliance”.

1. Power systems are critical infrastructure

Electric grids support healthcare, water, transportation, finance, and public safety.
A successful cyberattack can cause:

• Widespread blackouts
• Physical equipment damage
• Public safety incidents
• Major economic losses

IEC 62351 helps ensure grid operations remain trustworthy and resilient, even under attack.

2. Legacy protocols were never designed to be secure

Protocols like IEC 60870-5-104, IEC 61850, and DNP3 originally assumed:

• Closed, trusted networks
• No hostile actors
• Physical security only

In modern environments (IP networks, remote access, cloud integration), these assumptions no longer hold. IEC 62351 adds security without breaking interoperability—a key requirement for utilities.

3. Prevents real-world cyberattack scenarios

Without IEC 62351 controls, attackers could:

• Send unauthorized control commands (open breakers, disable protection)
• Manipulate measurement data, misleading operators
• Replay old valid messages to cause incorrect actions
• Impersonate trusted devices

IEC 62351 mitigates these through:

• Authentication of devices and users
• Encryption of control traffic
• Message integrity checks
• Anti-replay protections

4. Enables secure multi-vendor interoperability

Power utilities rarely use a single vendor.
IEC 62351 provides a common security framework so that:

• Devices from different manufacturers trust each other
• Certificates and keys work across vendors
• Security behaviour is predictable and standardized

This avoids vendor lock-in while improving security.

5. Supports regulatory and compliance requirements

Many national and regional regulations expect or reference IEC 62351, especially for OT environments.

It supports compliance with:

• Critical infrastructure protection regulations
• National grid codes
• Cybersecurity audits for utilities

Even when not mandated, IEC 62351 is often treated as industry best practice. So, ask for IEC 62351 standards compliance when implementing a firewall in an OT environment, for instance.

6. Bridges IT security and OT reality

Traditional IT security standards are often too heavy or disruptive for real-time power systems.

IEC 62351 is tailored for OT:

• Respects real-time performance constraints
• Accounts for long equipment lifecycles (20–40 years)
• Allows incremental deployment (not “all or nothing”)

This makes it practical, not just theoretical.

7. Enables secure digital transformation and smart grids

Modern grid initiatives depend on secure communications:

• Digital substations
• Wide-area protection schemes
• Distributed Energy Resources (DERs)
• Remote maintenance and monitoring

IEC 62351 provides the security foundation that makes these innovations safe to deploy.

8. Reduces cyber risk without redesigning the grid

Replacing grid protocols is unrealistic. IEC 62351:

• Protects existing protocols
• Allows staged upgrades
• Preserves backward compatibility where possible

This makes it one of the most cost-effective cybersecurity investments utilities can make.

In one sentence:

IEC 62351 matters because it turns historically insecure power-system communications into trusted, authenticated, and resilient infrastructure—without disrupting grid reliability.

 

OT security series: Part I | Part II | Part III

 

Check out also IEC 62443: A Cybersecurity Guide for Industrial Systems

Part I | Part II | Part III | Part IV | Part V | Vocabulary