IEC 62351 secure communications

IEC 62351 secure power-system communications

IEC 62351 secures the communications layer that IEC 62443 segments. Synapse models where 62351 protections apply — so the conduits carrying 61850, DNP3 and ICCP traffic are authenticated and encrypted by design.

Security for the conduits, not just the zones

Segmentation decides who may talk; IEC 62351 decides how that talk is protected. Synapse surfaces the protocols on each conduit and flags real-time power-system traffic that crosses a trust boundary without transport security or authentication.

  • Protection for IEC 61850 (GOOSE, Sampled Values, MMS), DNP3 and ICCP/TASE.2
  • Authentication and encryption modelled on the conduits that carry them
  • 62351 mapped alongside 62443 so comms security is part of one design check

Why GOOSE and Sampled Values need special care

GOOSE and SV are multicast, latency-critical messages (sub-3 ms for protection). They can't simply be wrapped in TLS, so 62351 defines message-level authentication. Synapse highlights where these flows leave a protected zone so you can apply the right control.

Frequently asked questions

What is IEC 62351?+

IEC 62351 is the standard for cybersecurity of power-system communications. It defines authentication and encryption for protocols such as IEC 61850, DNP3 and ICCP/TASE.2 — securing the data in motion that IEC 62443 zones and conduits govern.

How does IEC 62351 relate to IEC 61850 and IEC 62443?+

IEC 61850 defines the substation/DER communication; IEC 62351 secures those messages; IEC 62443 provides the overall zone-and-conduit security architecture. They are complementary layers, and Synapse models all three together.

Can GOOSE and Sampled Values be encrypted?+

Not with conventional TLS — they are multicast and have hard real-time deadlines. IEC 62351 instead specifies message authentication for GOOSE and SV. The design goal is to keep these flows inside protected zones and authenticate them where they must cross boundaries.

Related

Keep exploring

Bring your next site online — secure by design.

Book a demo to see the model-to-evidence loop on your own architecture — or open the live studio now.