Securing IEC 60870-5-104 and DNP3 over IP with IEC 62351: Application and Transport Layer Security

(SCADA) systems has transformed the management of critical infrastructure, such as power grids and industrial automation, by enhancing connectivity and operational efficiency.

However, this transition has exposed protocols like IEC 60870-5-104 (IEC 104) to substantiate cybersecurity risks, as it was originally designed as an extension of serial communications protocols to IP networks without incorporating inherent security mechanisms.

To address these vulnerabilities, this study evaluates the implementation of IEC 62351 for securing IEC 104 over IP communications in SCADA systems, while incorporating machine learning techniques to enhance threat detection and mitigation. IEC 62351-5 and IEC 62351-3 provide a generic framework for securing IEC 60870-5-based protocols. However, their application to IEC 104 requires companion standard IEC 60870-5-7, which outlines protocolspecific security extensions. This research focuses on the application layer security provided by

IEC 62351-5 and Transport Layer Security (TLS) provided (IEC 62351-3), with an emphasis on authentication and related protection mechanisms. To complement these standards, a supervised machine learning algorithm such as support vector machines (SVM) is employed to analyse network traffic patterns in real-time. The analysis addresses critical cyber threats, including spoofing, message modification, replay attacks, and eavesdropping, which compromise data integrity and system availability. The methodology integrates a detailed review of IEC 62351-3, IEC 62351-5, and IEC 60870-5-7 with theoretical assessments, empirical testing, and machine learning model training on datasets derived from simulated attack scenarios. Although the traffic generated in a controlled environment may not fully reflect real utility network noise, this study establishes a baseline from which the model can be retrained using real-world utility data; with appropriate hyperparameter tuning, similar levels of accuracy can be achieved under practical operating conditions.

Evaluation criteria include the standards’ ability to ensure confidentiality, authentication, and resilience while considering practical challenges such as infrastructure compatibility, performance impact, and computational overhead introduced by Machine Leaning (ML) inference. Findings underscore the pivotal role of IEC 62351, supported by IEC 60870-5-7, in strengthening IEC 104 cybersecurity posture. This research provides actionable recommendations for SCADA operators and contributes novel insights, as no prior studies have examined this combined approach for securing IEC 104 in IP-based contexts.