I clearly remember the moment, almost six years ago, when I first heard about the IEC TC57 WG15 and its commitment to creating the IEC 62351 standards for secure-by-design power grid information systems.
The goal was bold and complex, but with enough skilled and passionate people focusing on it, the chance of success seemed high. And, “secure-by-design” is an objective Nozomi Networks has championed for since we initially formed the company. That’s why our organization joined IEC Working Group 15 (WG15) and why I’ve been an active member of it since the summer of 2015.
Membership means helping the group move things forward in multiple ways, including hosting the working sessions. More than two years ago we invited WG15 members to attend a meeting near our European HQ in Mendrisio, Switzerland. And, we’ve just recently hosted the spring meeting in south San Francisco, California — very close to our corporate HQ.
If you want to learn about the future of cyber security for power systems, I urge you to read this article. It also provides a sneak peek into our related (and groundbreaking!) talk about power system security at Black Hat USA 2019.

Nozomi Networks hosted the spring meeting of IEC Technical Committee 57, WG15 in south San Francisco. WG15 is defining the technical standards for secure-by-design power grid information systems.
Nozomi Networks Contributions to the IEC 62351 Standards
If you’re not familiar with WG15 or the IEC 62351 standards, you can read about them in my earlier blog. Nozomi Networks efforts were initially dedicated to the analysis of proposals to include Deep Packet Inspection (IEC 62351-90-2) capabilities in end-to-end secure systems. We knew that if this functionality was not part of the initial design, then solutions used in the field would, by necessity, be poorly thought-out.
I’m now leading the development of another standard component devoted to providing guidance to utilities who want comprehensive monitoring of their secure power grid information system. It’s called “IEC/TR 62351-90-3 Guidelines for Network Management” and a draft will soon be available for comments.
The thinking behind this piece of the overall standard was described in a presentation I gave at Vienna Cybersecurity Week 2019, now available below for download. It boils down to this question:
“How are we going to manage and monitor systems designed for end-to-end security?”
Are we going to feel more secure, and consequently, employ weaker defenses? The answer is “Of course not.”
When the entire IEC 62351 family of standards (and similar efforts) is fully deployed, it will still be important to have systematic and holistic system monitoring. As a minimum, it will be essential to ensure that the security modules are in place and working properly.
See End-to-End Security for Power Systems at Black Hat USA 2019
The journey to end-to-end ICS security for power systems is long, but worthwhile. If you’re interested in this topic, you won’t want to miss our talk “The Future of Securing Intelligent Electronic Devices using the IEC 62351-7 Standard for Monitoring” at the upcoming Black Hat conference in Las Vegas.
The Nozomi Networks Labs team will show what an end-to-end secure system looks like and conduct a live demo of threat detection using IEC 62351 and SNMP communications. Through active interactions with devices deployed on the power system network, we’ll show how:
- The threat detection rate is increased
- Incident visibility is improved
- Cost-effective cyber resiliency can be applied to large, distributed systems.
This will be the first time such a system is publicly demonstrated, using capabilities we think are groundbreaking.
In the meantime, if you’re looking for more information on energy system cyber resiliency today and tomorrow, download the presentation available below.
Related Content to Download
PRESENTATION
Cyber Resiliency of Energy Systems: Designing for Tomorrow while Taking Action Today

BLACK HAT PRESENTATION
The Future of Securing Intelligent Electronic Devices using the IEC 62351-7 Standard for Monitoring

The presentation will cover:
- WG15: IEC 62351 standard
- SCADA active network monitoring
- Threat detection with IEC 62351-7 & SNMP
- Live demo
- Future power grid threat landscape
When:
Wednesday Aug 7th or Thursday August 8th
Smart Grid / Industrial Security Track
Where
Mandalay Bay Resort, Las Vegas, USA
Check the Black Hat site for time and location closer to event.
Related Links
- Blog: IEC 62351 Standards for Securing Power System Communications
- IEC Webpage: IEC TC 57 WG15
- IEC TC57 Webpage: IEC TC57, WG15 Public Site
- Blog: Advancing IEC Standards for Power Grid Cyber Security
- Webpage Nozomi Network Labs
- Blog: Black Hat – Understanding TRITON, The First SIS Cyber Attack
- Solution Brief: Nozomi Networks
Co-Founder and Chief Technical Officer
Armed with a Ph.D. in Artificial Intelligence and an extensive background in systems engineering and software development, Moreno Carullo has led the way in redefining the ICS cybersecurity product category. A long-time member of the IEC TC57 WG15 subcommittee, he is also actively working to shape cybersecurity standards for power system communication protocols. As Founder and Chief Technical Officer at Nozomi Networks, Moreno leads an exceptionally talented software development team that uses agile development to quickly address the cybersecurity requirements of enterprise customers and partners.