IEC TR 62351-90-3:2021, which is a technical report, provides guidelines for efficiently handling both IT and OT data in terms of their monitoring, classification and correlations on them to deduce any possible useful outcomes about the state of the power system.
The convergence of information technologies (IT) and operational technologies (OT) refers to the integration of the systems, processes and data associated with the domains of IT and OT. This document provides guidelines for a comprehensive security monitoring for power grid components based on IT/OT convergent systems. The emphasis is about the development of a methodology and a set of recommendations for utility operators to build a general monitoring framework based on the analysis of the data collected from different IT and OT systems through network management, traffic inspection, and system activity readings. As such, the monitoring framework that this document introduces relies on the integration of management and logging information obtained using IEC 62351-7 and IEC 62351-14, respectively. Further systems and data sources from IT and OT would be considered such as the data obtained, for instance, through the IT network management using the Simple Network Management Protocol (SNMP), the passive network monitoring, and the functional characterization of control and automation processes.
This document's recommendations include the implementation of data collection, filtering and correlation mechanisms. The development of data analytics algorithms is out of the scope of this document and would be left to utility operators and owners. Finally, applications of the general monitoring framework guidelines and recommendations are provided for different power grid environments, namely for IEC 61850 substations and for Distributed Energy Resources (DER) systems.