ImageVerifierCode 换一换
格式:PDF , 页数:102 ,大小:432.75KB ,
资源ID:790007      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-790007.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(ISA TR99 00 01-2007 Security Technologies for Industrial Automation and Control Systems《制造业和控制系统用安防技术》.pdf)为本站会员(sumcourage256)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

ISA TR99 00 01-2007 Security Technologies for Industrial Automation and Control Systems《制造业和控制系统用安防技术》.pdf

1、 ANSI TECHNICAL REPORT PREPARED BY ISA ANSI/ISA-TR99.00.01-2007 Security Technologies for Industrial Automation and Control Systems Approved 29 October 2007 ISA-TR99.00.01-2007 2 Copyright 2007 ISA. All rights reserved. ANSI/ISA-TR99.00.01-2007 Security Technologies for Industrial Automation and Con

2、trol Systems ISBN: 978-1-934394-42-7 Copyright 2007 by ISA. All rights reserved. Not for resale. Printed in the United States of America. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, rec

3、ording, or otherwise), without the prior written permission of the Publisher. 3 ISA-TR99.00.01-2007 Copyright 2007 ISA. All rights reserved. Preface This preface, as well as all footnotes and annexes, is included for information purposes and is not part of ANSI/ISA-TR99.00.01-2007. This document has

4、 been prepared as part of the service of ISA toward a goal of uniformity in the field of instrumentation. To be of real value, this document should not be static but should be subject to periodic review. Toward this end, the Society welcomes all comments and criticisms and asks that they be addresse

5、d to the Secretary, Standards and Practices Board; ISA; 67 Alexander Drive; P. O. Box 12277; Research Triangle Park, NC 27709; Telephone (919) 549-8411; Fax (919) 549-8288; Email: standardsisa.org. The ISA Standards and Practices Department is aware of the growing need for attention to the metric sy

6、stem of units in general, and the International System of Units (SI) in particular, in the preparation of instrumentation standards. The Department is further aware of the benefits to USA users of ISA standards of incorporating suitable references to the SI (and the metric system) in their business

7、and professional dealings with other countries. Toward this end, this Department will endeavor to introduce SI-acceptable metric units in all new and revised standards, recommended practices, and technical reports to the greatest extent possible. Standard for Use of the International System of Units

8、 (SI): The Modern Metric System, published by the American Society for Testing increased connectivity to computer and networked equipment and software; and enhanced external connectivity coupled with rapidly increasing incidents of network intrusion, more intelligent hackers, and malicious yet easil

9、y accessible software, all add to the risk as well. There are numerous electronic security technologies and cyber intrusion countermeasures potentially available to the IACS environment. This technical report addresses several categories of cyber security technologies and countermeasure techniques a

10、nd discusses specific types of applications within each category, the vulnerabilities addressed by each type, suggestions for their deployment, and their known strengths and weaknesses. Additionally, guidance is provided for using the various categories of security technologies and countermeasure te

11、chniques for mitigation of the above-mentioned increased risks. This technical report does not make recommendations of one cyber security technology or mitigation method over others, but provides suggestions and guidance for using the technologies and methods, as well as information to consider when

12、 developing a site or corporate cyber security policy, program and procedures for the IACS environment. The ISA99 standards development committee intends to update this technical report periodically to reflect new information, cyber security technologies, countermeasures, and cyber risk mitigation m

13、ethods. The committee cautions the reader that following the recommended guidance in this report will not necessarily ensure that optimized cyber security is attained for the readers industrial automation or control systems environment. It will, however, help to identify and address vulnerabilities,

14、 and to reduce the risk of undesired cyber intrusions that could compromise confidential information or, even worse, cause human and environmental harm, as well as disruption or failure of the industrial network or control systems and the industry and infrastructure critical assets they monitor and

15、regulate. Publication of this Registered Technical Report has been approved by the Accredited Standards Developer. This document is registered as a Technical Report series of publications according to the procedures for the Registration of Technical Reports with ANSI. This document is not an America

16、n National Standard and the material contained herein is not normative in nature. Comments on the content of this document should be sent to the Accredited Standards Developer. _ ActiveX, Microsoft, Win32, Win32s, and Windowsare registered trademarks of Microsoft Corporation. ControlNet and EtherNet

17、/IP are trademarks of ControlNet International, Inc. CIP is a trademark of ODVA. FOUNDATION Fieldbusis a registered trademark of the Fieldbus Foundation. Javais a registered trademark of Sun Microsystems, Inc. Linuxis a registered trademark of Linus Torvalds. MODBUSand MODBUS/TCPare registered trade

18、marks of Schneider Automation Inc. OPCis a registered trademark of OPC Foundation. Pretty Good Privacyand PGPare registered trademarks of PGP Corporation. PROFIBUSand PROFInetare registered trademarks of PROFIBUS User Organization. RSAis a registered trademark of RSA Security Inc. UNIXis a registere

19、d trademark of The Open Group.ISA-TR99.00.01-2007 10 Copyright 2007 ISA. All rights reserved. This page intentionally left blank. 11 ISA-TR99.00.01-2007 Copyright 2007 ISA. All rights reserved. Introduction This ISA technical report provides an evaluation and assessment of many current types of elec

20、tronic-based cyber security technologies, mitigation methods, and tools that may apply to protecting the IACS environment from detrimental cyber intrusions and attacks. For the various technologies, methods and tools introduced in this report, a discussion of their development, implementation, opera

21、tions, maintenance, engineering and other user services is provided. The report also provides guidance to manufacturers, vendors, and security practitioners at end-user companies, facilities, and industries on the technological options and countermeasures for securing automated IACSs (and their asso

22、ciated industrial networks) against electronic (cyber) attack. Following the recommended guidance in this technical report will not necessarily ensure that optimized cyber security is attained for IACSs. It will, however, help to identify and address vulnerabilities, and to reduce the risk of undesi

23、red intrusions that could compromise confidential information or cause disruption or failure of control systems and the critical infrastructure assets they automate and control. Of more concern, use of the recommendations may aid in reducing the risk of any human or environmental harm that may resul

24、t after the cyber compromise of an automated control system, or its associated industrial network. The cyber security guidance presented in this document is general in nature, and should be applied to each control system or network as appropriate by personnel knowledgeable in those specific industri

25、al automation or control systems to which it is being applied. The guidance identifies those activities and actions that are typically important to provide cyber secure control systems, but whose application is not always compatible with effective operation or maintenance of a systems functions. The

26、 guidance includes suggestions and recommendations on appropriate cyber security applications to specific control systems; however, selection and deployment of particular cyber security activities and practices for a given control system and its related industrial network is the responsibility of th

27、e systems owner. It is intended that this guidance will mature and be modified over time, as experience is gained with control system vulnerabilities, as specific cyber security implementations mature, and as new control-based cyber security technologies become available. As such, while the general

28、format of this guidance is expected to remain relatively stable, the specifics of its application and solutions are expected to evolve. The ISA99 Series of Standards In addition to this technical report, the ISA99 committee is developing a series of standards on cyber security for the industrial aut

29、omation and control systems environment. The series includes: 1. ANSI/ISA99.00.01-2007 Security for Industrial Automation and Control Systems Part 1: Terminology, Concepts and Models Published in November 2007, this Part 1 standard establishes the context for all of the remaining standards in the se

30、ries by defining a common set of terminology, concepts and models for electronic security in the industrial automation and control systems environment. 2. ISA99.00.02 Part 2: Establishing an Industrial Automation and Control System Security Program Part 2, expected to be published in mid-late 2008,

31、describes the elements of a cyber security management system and provide guidance for their application to industrial automation and control systems. ISA-TR99.00.01-2007 12 Copyright 2007 ISA. All rights reserved. 3. ISA99.00.03 Part 3: Operating an Industrial Automation and Control System Security

32、Program Part 3 will address how to operate a security program after it is designed and implemented. This includes definition and application of metrics to measure program effectiveness. Work on Part 3 will begin following completion of Part 2. 4. ISA99.00.04 Part 4: Technical Security Requirements f

33、or Industrial Automation and Control Systems Work began in mid-2007 on the Part 4 standard, which will define the characteristics of industrial automation and control systems that differentiate them from other information technology systems from a security point of view. Based on these characteristi

34、cs, the standard will establish the security requirements that are unique to this class of systems. For information on the ISA99 series of standards, please visit www.isa.org/standards. 13 ISA-TR99.00.01-2007 Copyright 2007 ISA. All rights reserved. 1 Scope This ISA technical report provides a curre

35、nt assessment of various cyber security tools, mitigation counter-measures, and technologies that may effectively apply to the modern electronically based IACSs regulating and monitoring numerous industries and critical infrastructures. It describes several categories of control system-centric cyber

36、 security technologies; the types of products available in those categories; the pros and cons of using those products in the automated IACS environments relative to the expected threats and known cyber vulnerabilities; and, most important, the preliminary recommendations and guidance for using thes

37、e cyber security technology products and/or countermeasures. The concept of IACS cyber security as applied in this ISA technical report is in the broadest possible sense, encompassing all types of components, plants, facilities, and systems in all industries and critical infrastructures. IACSs inclu

38、de, but are not limited to: Hardware (e.g., data historian servers) and software systems (e.g., operating platforms, configurations, applications) such as Distributed Control Systems (DCSs), Programmable Logic Controllers (PLCs), Supervisory Control and Data Acquisition (SCADA) systems, networked el

39、ectronic sensing systems, and monitoring, diagnostic, and assessment systems. Inclusive in this hardware and software domain is the essential industrial network and any connected or related information technology (IT) devices and links critical to the successful operation to the control system at la

40、rge. As such, this domain also includes, but is not limited to: firewalls, servers, routers, switches, gateways, fieldbus systems, intrusion detection systems, intelligent electronic/end devices, remote terminal units (RTUs), and both wired and wireless remote modems. Associated internal, human, net

41、work, or machine interfaces used to provide control, data logging, diagnostics, safety, monitoring, maintenance, quality assurance, regulatory compliance, auditing and other types of operational functionality for either continuous, batch, discrete, and combined processes. Similarly, the concept of c

42、yber security technologies and countermeasures is also broadly applied in this ISA technical report and includes, but is not limited to, the following technologies: Authentication and Authorization Filtering, Blocking, and Access Control Encryption Data Validation Auditing Measurement Monitoring and

43、 Detection Tools Operating Systems In addition, a non-cyber technologyphysical security controlis an essential requirement for some aspects of cyber security and is discussed in this report. 2 Purpose The purpose of this ISA technical report is to categorize and define cyber security technologies, c

44、ountermeasures, and tools currently available to provide a common basis for later technical reports and ISA-TR99.00.01-2007 14 Copyright 2007 ISA. All rights reserved. standards to be produced by the ISA99 committee. Each technology in this technical report is discussed in terms of: Security vulnera

45、bilities addressed by the technology, tool, and/or countermeasure Typical deployment Known issues and weaknesses Assessment of use in the IACS environment Future directions Recommendations and guidance Information sources and reference material The intent of this technical report is to document the

46、known state of the art of cyber security technologies, tools, and countermeasures applicable to the IACS environment, clearly define which technologies can reasonably be deployed today, and define areas where more research may be needed. 3 Definitions and Acronyms While the following terms can take

47、on various interpretations, the definitions in this section are used to show how they apply to this document. The numbers in parenthesis indicate the source document for the terms. Source documents are listed at the end of section 3.3. 3.1 Definitions Access AuthorityAn entity responsible for monito

48、ring and granting access privileges to IACSs and their associated industrial networks for other authorized entities. (3) Access ControlThe protection of system resources against unauthorized access; a process by which use of system resources is regulated according to a security policy and is permitt

49、ed only by authorized entities (users, programs, processes, or other systems) according to that policy. (3) AccountabilityThe property of a system (including all of its system resources) that ensures that the actions of a system entity may be traced uniquely to that entity, which can be held responsible for its actions. (3) Application Layer ProtocolsProtocols specific to executing network applications such as email and file transfer. Layer 7 of the OSI referenc

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1