The context
Erik Andersen, Danish cybersecurity standards expert, has recently concluded his fellowship at StandICT working on a role-based access control for electric power systems (IEC 62351-90-4).
Erik has been in the IT-industry since 1968 and has worked for 27 years in IBM being as a Data Communications expert. Currently, he is involved in a Energinet.dk sponsored project CHPCOM on applied security in smart grid. This involved advising on how to apply public-key infrastructure (PKI) within smart grid and it involves making contribution to the basic PKI standardisation within ITU-T and the security work within IEC TC 57/ WG15.
The expert has recently received the IEC 1906 Award for his work in TC 57. Every year, the award recognizes exceptional current achievements of experts, and it is granted in recognition of exceptional recent individual achievements - a project or other specific contribution - which helped advance IEC activities in a significant way.
The challenges
Power systems are part of critical infrastructure, and any vulnerabilities can have severe consequences, including power outages, economic loss, and safety risks. The cryptographic algorithms are therefore put in place to protect data integrity, confidentiality, and authenticity in these systems.
As the new technology progresses, the cryptographic algorithms eventually become obsolete and need to be replaced. The migration of cryptographic algorithms to implement changes poses a challenge of not disrupting the operations as power systems cannot afford downtime and compatibility issues. It is therefore crucial to put standards in place to allow for a smooth transition to more secure cryptographic algorithms.
How standardisation activities help face the challenges
With the fellowship support of StandICT, Erik Andersen onboarded the critical topic of the migration of cryptographic algorithms in the role-based access control for electric power systems (IEC 62351-90-4). Timely access control in the power systems is important in preventing unauthorized access to our critical infrastructure.
The project IEC TR 62351-90-4 ED1 enables organizations to comply with regulatory and industry standards in use of strong cryptographic measures and to enable them a safe, efficient transition to the newer cryptographic algorithms.
The valuable leadership and technical expertise showcased on the project by Erik Andersen was recognized by IEC with a 1906 award. The 1906 Award is granted every year in recognition of exceptional recent individual achievements - a project or other specific contribution - which helped advance IEC activities in a significant way.
The Benefits
The IEC TR 62351-90-4 ED1 report enhances the cybersecurity of power systems by providing a structured framework for transitioning to modern cryptographic algorithms, ensuring data integrity, confidentiality, and authenticity. It mitigates risks associated with outdated algorithms, supports interoperability between legacy and updated systems, and minimizes service disruptions during migration. By future-proofing infrastructure against emerging threats like quantum computing, it promotes compliance with international standards, improves system reliability, and reduces operational and financial risks. Additionally, it fosters stakeholder confidence and facilitates global harmonization, ensuring critical infrastructure remains secure and resilient in an evolving threat landscape.
Future plans
The technical report IEC 62351-90-4 introduces lifecycle management concepts such as monitoring, deprecation, and upgrading algorithms, which will likely influence updates to parts of IEC 62351 and related standards. By focusing on secure migration strategies, the report will likely inform updates to IEC 62351-9 (key management), ensuring seamless adoption of modern cryptographic keys and algorithms.