The increasing digitalization and interconnection of electrical networks have made cybersecurity an essential priority. Cyberattacks can cause significant damage, both economically and in terms of public safety. Protecting critical infrastructure in the POWER sector is crucial to ensure secure, reliable, and resilient energy networks.

Conformance testing is crucial for the cybersecurity of critical infrastructureS. This practice verifies that devices and systems adhere to security standards. Conformance testing assesses the correct implementation of authentication, encryption, and communication protection mechanisms.

The suite of standards IEC 62351 is fundamental for securing data exchange in the electrical system, providing solutions for the cybersecurity of telecontrol protocols and supporting functionalities. Parts of IEC 62351, such as IEC 62351-100-1, IEC 62351-100-3, IEC 62351-100-4, and IEC 62351-100-6, specify procedures and definitions for compliance and interoperability tests related to protocol security.

The implementation of standardized conformity tests is essential to promote the adoption of secure protocols and ensure a consistent level of security among devices and systems. Passing conformity tests provides greater assurance of device security and reduces the risk of interoperability issues.

The test architecture described in the report is useful for verifying the security and reliability of telecontrol systems in the electrical system. The architecture is specific to the identified use case, which involves devices communicating via the established MQTT protocol protected by TLS (Transport Layer Security).

The use of MQTT brokers is essential for communication between MQTT devices. The available cryptographic frameworks ensure the confidentiality and authentication of exchanged data and can be used to implement cybersecurity compliance features within appropriately developed MQTT brokers.

The Public Key Infrastructure (PKI) solutions analyzed support the use and lifecycle of digital certificates and are functional for the intended tests. Similarly, the identified Syslog frameworks are useful for tracking the progress and results of tests.
Simultaneously, an evaluation, selection, and adaptation activity of the IEC 62351 specifications to the open XMPP protocol was carried out, which is particularly relevant in the context of telecontrol for electric mobility infrastructures.

This activity contributed to the definition of the CEI PAS 57-127 technical standard for communication interface between the Controllore di Infrastruttura di Ricarica (CIR) and the Remote Operator, following the specifications of Annex X of the CEI 0-21:2022-03 standard.

The document is available on the site in Italian