Recently, MZ automation GmbH has released our newest IEC 61850 Library, version 1.6.0, in the article we want to talk about the significance of this update and what it means to you the customer from a security standpoint.

In industrial automation the need for secure and reliable communication protocols has never been more critical than now. With the increasing interconnectivity of systems and the rise in cyber threats, ensuring that data transmitted across networks is both confidential and authentic is paramount. Two widely used protocols in the industry, IEC 61850 and IEC 60870, play crucial roles not just within substations, but also across a broad range of applications, including renewable energy, smart grids, and industrial automation. The introduction of TLS 1.3, the latest version of the Transport Layer Security protocol, marks a step forward in securing these communication protocols.

Understanding IEC 61850 and IEC 60870

Before delving into the significance of TLS 1.3, it’s important to understand the roles of IEC 61850 and IEC 60870 in the automation industry.

• IEC 61850 is a communication standard that was originally designed for electrical substation automation. It allows various devices within a substation to communicate seamlessly, ensuring that critical data such as protection signals and control commands are transmitted reliably and in real-time. However, the versatility and robust real-time communication capabilities of IEC 61850 have led to its adoption in a wide range of applications beyond substations, including renewable energy systems, smart grids, microgrids, and industrial automation.
• IEC 60870 on the other hand, is a standard used for telecontrol and teleprotection in electrical engineering. While it has been a staple in substation and power system control, its reliability and effectiveness have made it a popular choice for remote monitoring and control in various sectors, including water and wastewater management, pipeline control, railway signaling, and building management systems.

Why TLS 1.3 Matters

As these communication protocols become more integrated with IT networks, they are increasingly exposed to cybersecurity threats. Historically, IEC 61850 and IEC 60870 relied on various means to secure communications, but now, these older methods are not always sufficient to protect against sophisticated attacks. This is where TLS 1.3 comes into play.

TLS 1.3 update to our IEC61850 Library is the latest version of the TLS protocol, which is widely used to secure communications over networks. It offers several key improvements over its predecessor, TLS 1.2, making it a vital update for securing industrial communication protocols like IEC 61850 and IEC 60870.

1. Enhanced Security: TLS 1.3 removes outdated cryptographic algorithms that were vulnerable to attacks, such as RC4 and MD5. It introduces more robust encryption methods like AES-GCM and ChaCha20-Poly1305, providing stronger protection for data in transit.
2. Improved Performance: One of the criticisms of earlier TLS versions was the added latency in establishing a secure connection. TLS 1.3 addresses this by reducing the number of round trips needed to establish a secure connection, resulting in faster handshakes. This is particularly beneficial in environments where real-time communication is crucial, such as in IEC 61850-based systems.
3. Forward Secrecy: TLS 1.3 mandates the use of forward secrecy, ensuring that even if a private key is compromised, past communications remain secure. This feature is critical in safeguarding long-term data confidentiality, which is essential for the reliable operation of IEC 61850 and IEC 60870 networks.
4. Simplified Configuration: The updated protocol simplifies configuration by removing outdated options and streamlining the choices available to users. This reduces the chances of misconfiguration, which is a common source of vulnerabilities in network security.

Integration of TLS 1.3 with IEC 61850 and IEC 60870

The integration of TLS 1.3 into IEC 61850 and IEC 60870 communication frameworks enhances the overall security posture of these systems. By adopting our newest IEC61850 library with TLS 1.3, organizations can protect against a range of cyber threats, including man-in-the-middle attacks, data tampering, and unauthorized access to sensitive information.

For IEC 61850, which is often used in environments where high availability and low latency are critical, the performance improvements brought by TLS 1.3 are especially valuable. The faster handshake process helps ensure that secure communication does not impede the system’s operational efficiency.

Similarly, in IEC 60870, which is used in telecontrol systems, the enhanced security features of TLS 1.3 provide peace of mind that critical control signals and data are protected from interception or manipulation. This is particularly important given the increasing sophistication of cyberattacks targeting critical infrastructure. While currently only our IEC 61850 Library has TLS 1.3; In the next few months, we will also be releasing a major update for our IEC60870-5-101/104 Library that will also include TLS 1.3.

Conclusion

The adoption of TLS 1.3 in IEC 61850 and IEC 60870 protocols represents a significant advancement in the security of industrial communication systems. As the threat landscape continues to evolve, updating to the latest security protocols is not just a recommendation but a necessity. By embracing TLS 1.3, organizations can ensure that their communication networks remain secure, reliable, and resilient against potential cyber threats.

At MZ automation, we understand the importance of staying ahead of the curve when it comes to security. We are committed to helping our clients implement the latest technologies, such as TLS 1.3, to protect their critical infrastructure and maintain the integrity of their operations. For more information on how we can support your security needs, please contact our team directly.