Last week Nozomi Networks had the privilege of hosting the first WG15 meeting of 2017. WG15 is part of IEC Technical Committee 57, which, for instance, created and maintains the IEC 61850 family of standards for substation architectures and the IEC 62351 standards for securing smart grid communications.

WG15 group is made up of ICS operators, SCADA engineers, security specialists, and networking experts from 90 organizations worldwide. It is responsible for establishing end-to-end cyber security standards for the world’s power system communication protocols. Members include ABB, Siemens, Schneider Electric, General Electric, Enel, IREQ, Nozomi Networks and others.

Last week’s meeting was the first of three check-in points scheduled this year to advance the development of protocols, architectures, and recommendations for secure-by-design industrial systems. A foundation of these systems is that they utilize end-to-end encrypted communications.

In the meeting, we moved forward several parts of the standard, including:

  • An end-to-end security profile for MMS-based protocols
  • A standardized manner of cyber security log collection from IEDs
  • Several Deep Packet Inspection techniques that can be adopted for the encrypted channels of tomorrow’s architectures

It’s clear that to enable reliable operation of new power systems architectures, it’s important to standardize network monitoring and Deep Packet Inspection of encrypted communications. It’s a priority for WG15 members, and Nozomi Networks’ R&D, that we establish global standards that will strengthen the security of the world’s power systems.

As we closed last week’s meeting, the group is very close to having all key parts of the standard ready.  Vendors are already implementing several of the new approaches. By year’s end we expect to have taken a significant step forward in our efforts to standardize and strengthen cyber security for critical power grid systems.

Related Links


Moreno Carullo

Founder and Chief Technical Officer

Armed with a Ph.D. in Artificial Intelligence and an extensive background in systems engineering and software development, Moreno Carullo has led the way in redefining the ICS cyber security product category. A long-time member of the IEC TC57 WG15 subcommittee, he is also actively working to shape cyber security standards for power system communication protocols. As Founder and Chief Technical Officer at Nozomi Networks, Moreno leads an exceptionally talented software development team that uses agile development to quickly address the cyber security requirements of enterprise customers and partners.