BS PD IEC/TR 61850-90-2:2016是一份技术报告，全面概述了 使用IEC 61850进行信息交换时需要考虑的不同方面 在变电站和控制或维护中心或其他系统级应用之间。在里面 特别是，本技术报告:定义了需要信息的用例和通信需求 变电站与控制或维护中心之间的交换描述了IEC 61850-6配置语言的使用，为通信服务和架构的选择提供了指南 与IEC 61850兼容介绍了工程工作流程介绍了代理/网关概念的使用描述了与特定通信服务映射（SCSM）有关的链接 本技术报告未定义特定设备的约束或限制 实现。没有关于网络安全的具体章节，当网络安全受到威胁时，就要加以解决 必需的该型号适用于IEC TR 61850-90-2，提供基于 安全威胁和安全功能见IEC TS 62351-1和IEC TS 62351-2。这 技术报告涉及以下基本假设的几个安全方面:信息认证和完整性（例如提供篡改检测的能力）是 必要的保密性是可选的。应能够以端到端的方式提供信息认证和完整性 方法，而不考虑信息层次结构。提供这种安全性的典型方法 功能是通过某种类型的信息/消息身份验证代码实现的。IEC 62351-4:2007 IEC 62351-91描述了如何为IEC 61850实现认证和完整性- 8-1. A. IEC 62351-4的更高版本将提供通过以下方式确保端到端数据完整性的方法: 代理/网关。在信息身份验证和完整性之下，信息可用性是一个重要因素 遥控方面。本技术报告提供了冗余体系结构，以增强 控制和维护中心信息的可用性。图1所示的方案概述了连接和通信 路径。特别是，它表明了直接或间接访问的原则——通过 代理/网关-到IED。变电站安全控制在控制中心的应用 通信可在IEC 62351-10:2012第6.4.3节中找到。因此，变电站自动化 系统必须在网络安全的范围内考虑。通道完全关闭了 由安全访问点检查（本文件不描述此类安全访问点）。 电子安全周界的边界由通信线路离开公共地面上变电站周界的点定义。可能有多个安全接入点，需要将应用程序（如控制中心和维护中心）分开。当多个客户端需要访问同一安全接入点信息级访问控制时，例如，根据IEC TS 62351- 8:2011，可添加。IEC TS 62351-8:2011也可用于需要不同访问权限的其他情况。本技术报告适用的大多数应用将使用这些服务 映射到ISO/IEC 8802-3帧格式的彩信（ISO 9506）的数量，如中所述 IEC 61850-8-1:2011。如本技术报告所述，间接访问的主要应用， 将用于遥控应用。然而，本技术报告并不意味着 远程控制应用需要使用代理/网关。也可以直接访问 适用于客户接受的遥控应用。交叉引用:IEC 60870-4:1990IEC 60870-5-103:1997IEC 60870-5-104:2006IEC 61158-6IEC TS 61850-2:2003IEC 61850-4:2011IEC 61850-5:2013IEC 61850-6:2009IEC 61850-7-1:2011IEC 61850-7-2:2010IEC 61850-7-3:2010IEC 61850-7-4:2010IEC 61850-8-1:2011ISO 9506-1ISO 9506-2IEC 61850-9-2:2011IEC 61850-8-80-4850-2015IEC 61850-6190-IEC 6161605IEC 616190-6EC62351-4:2007IEC TS 62351-8:2011IEC 62351-9IEC TR 62351-10:2012IEC 62351-11IEC 81346-1:2009IEC 81346-2:2009IEEE 1815-2012RFC 1122:1989IEC TR 61850-7-500IEC TR 61850-90-10IEC TR 61850- 90-11IEC TR 61850-90-17购买本文件时可获得的所有现行修订均包含在购买本文件中。

BS PD IEC/TR 61850-90-2:2016, which is a technical report, provides a comprehensive overview of the different aspects that need to be considered while using IEC 61850 for information exchange between substations and control or maintenance centres or other system level applications. In particular, this technical report:defines use cases and communication requirements that require an information exchange between substations and control or maintenance centresdescribes the usage of the configuration language of IEC 61850-6gives guidelines for the selection of communication services and architectures compatible with IEC 61850describes the engineering workflowintroduces the use of a Proxy/Gateway conceptdescribes the links regarding the Specific Communication Service Mapping (SCSM) This technical report does not define constraints or limitations for specific device implementations. There is no specific chapter for cyber security which is tackled when it is necessary. The model, for IEC TR 61850-90-2, provides security functions based upon the security threats and security functions found in IEC TS 62351-1 and IEC TS 62351-2. This technical report touches several security aspects with the following basic assumptions:Information authentication and integrity (e.g. the ability to provide tamper detection) is neededConfidentiality is optionalIt shall be possible to provide information authentication and integrity in an end-to-end method, regardless of information hierarchies. The typical method to provide this security function is through some type of information/message authentication code. IEC 62351-4:2007 and IEC 62351-91 describe how authentication and integrity is achieved for IEC 61850-8-1. A later version of IEC 62351-4 will provide means to ensure end-to-end data integrity through Proxy/Gateways.Beneath information authentication and integrity, information availability is an important aspect for telecontrol. This technical report provides redundancy architectures to enhance the availability of information in control and maintenance centres.The scheme shown in Figure 1 gives an overview of the connectivity and the communication paths. In particular it indicates the principle to access directly or indirectly - via the Proxy/Gateway - to an IED. An application of security controls for substation to control centre communication can be found in IEC 62351-10:2012, 6.4.3. Thus, the substation automation system has to be considered inside a perimeter of cyber security. The access is totally checked by security access points (this document does not describe such a security access point). The boundary of the electronic security perimeter is defined by the point, where the communication line leaves the perimeter of the substation over public ground. There might be more than one security access point, where separation of applications (e.g. control centre and maintenance centre) is required. When more than one client needs access to the same security access point information level access control, e.g. according to IEC TS 62351- 8:2011, may be added. IEC TS 62351-8:2011 may also be used in other cases, where different access rights are required.The majority of applications for which this technical report is applicable will use the services of MMS (ISO 9506) mapped to ISO/IEC 8802-3 frame formats, as described in IEC 61850-8-1:2011.The primary application for the use of indirect access, as described in this technical report, will be for telecontrol applications. Nevertheless this technical report does not imply that the use of a Proxy/Gateway is required for telecontrol applications. Direct access may also be used for telecontrol applications where applicable and accepted by the customer.Cross References:IEC 60870-4:1990IEC 60870-5-103:1997IEC 60870-5-104:2006IEC 61158-6IEC TS 61850-2:2003IEC 61850-4:2011IEC 61850-5:2013IEC 61850-6:2009IEC 61850-7-1:2011IEC 61850-7-2:2010IEC 61850-7-3:2010IEC 61850-7-4:2010IEC 61850-8-1:2011ISO 9506-1ISO 9506-2IEC 61850-9-2:2011IEC TS 61850-80-4IEC 62056IEC TR 61850-90-3IEC TR 61850-90-5:2012IEC TR 61850-90-12:2015IEC 62056-6IEC TS 62351-4:2007IEC TS 62351-8:2011IEC 62351-9IEC TR 62351-10:2012IEC 62351-11IEC 81346-1:2009IEC 81346-2:2009IEEE 1815-2012RFC 1122:1989IEC TR 61850-7-500IEC TR 61850-90-10IEC TR 61850-90-11IEC TR 61850-90-17All current amendments available at time of purchase are included with the purchase of this document.