1、 IEC/TS 62443-1-1 Edition 1.0 2009-07 TECHNICAL SPECIFICATIONIndustrial communication networks Network and system security Part 1-1: Terminology, concepts and models IEC/TS 62443-1-1:2009(E) colour inside THIS PUBLICATION IS COPYRIGHT PROTECTED Copyright 2009 IEC, Geneva, Switzerland All rights rese
2、rved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either IEC or IECs member National Committee in the country of the requester. If
3、 you have any questions about IEC copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or your local IEC member National Committee for further information. Droits de reproduction rservs. Sauf indication contraire, aucune partie de cette
4、 publication ne peut tre reproduite ni utilise sous quelque forme que ce soit et par aucun procd, lectronique ou mcanique, y compris la photocopie et les microfilms, sans laccord crit de la CEI ou du Comit national de la CEI du pays du demandeur. Si vous avez des questions sur le copyright de la CEI
5、 ou si vous dsirez obtenir des droits supplmentaires sur cette publication, utilisez les coordonnes ci-aprs ou contactez le Comit national de la CEI de votre pays de rsidence. IEC Central Office 3, rue de Varemb CH-1211 Geneva 20 Switzerland Email: 0Hinmailiec.ch Web: 1Hwww.iec.ch About IEC publicat
6、ions The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the latest edition, a corrigenda or an amendment might have been published. Catalogue of IEC publications: 2Hwww.iec.ch/searchpub The IEC on-line Catalogue enables you to search by
7、 a variety of criteria (reference number, text, technical committee,). It also gives information on projects, withdrawn and replaced publications. IEC Just Published: 3Hwww.iec.ch/online_news/justpub Stay up to date on all new IEC publications. Just Published details twice a month all new publicatio
8、ns released. Available on-line and also by email. Electropedia: 4Hwww.electropedia.org The worlds leading online dictionary of electronic and electrical terms containing more than 20 000 terms and definitions in English and French, with equivalent terms in additional languages. Also known as the Int
9、ernational Electrotechnical Vocabulary online. Customer Service Centre: 5Hwww.iec.ch/webstore/custserv If you wish to give us your feedback on this publication or need further assistance, please visit the Customer Service Centre FAQ or contact us: Email: 6Hcsciec.ch Tel.: +41 22 919 02 11 Fax: +41 2
10、2 919 03 00 IEC/TS 62443-1-1 Edition 1.0 2009-07 TECHNICAL SPECIFICATIONIndustrial communication networks Network and system security Part 1-1: Terminology, concepts and models INTERNATIONAL ELECTROTECHNICAL COMMISSION XC ICS 25.040.40; 33.040.040; 35.040 PRICE CODE ISBN 2-8318-1053-6 Registered tra
11、demark of the International Electrotechnical Commission colour inside 2 TS 62443-1-1 IEC:2009(E) CONTENTS FOREWORD.5 INTRODUCTION.7 1 Scope.8 1.1 General .8 1.2 Included functionality .8 1.3 Systems and interfaces8 1.4 Activity-based criteria 9 1.5 Asset-based criteria.9 2 Normative references10 3 T
12、erms, definitions and abbreviations.10 3.1 General .10 3.2 Terms and definitions 10 3.3 Abbreviations.26 4 The situation.27 4.1 General .27 4.2 Current systems 27 4.3 Current trends .28 4.4 Potential impact.28 5 Concepts 29 5.1 General .29 5.2 Security objectives.29 5.3 Foundational requirements 30
13、5.4 Defence in depth .30 5.5 Security context.30 5.6 Threat-risk assessment .32 5.6.1 General .32 5.6.2 Assets .32 5.6.3 Vulnerabilities 34 5.6.4 Risk.34 5.6.5 Threats36 5.6.6 Countermeasures 38 5.7 Security program maturity39 5.7.1 Overview .39 5.7.2 Maturity phases .42 5.8 Policies .45 5.8.1 Overv
14、iew .45 5.8.2 Enterprise level policy46 5.8.3 Operational policies and procedures 47 5.8.4 Topics covered by policies and procedures 47 5.9 Security zones.50 5.9.1 General .50 5.9.2 Determining requirements50 5.10 Conduits51 5.10.1 General .51 5.10.2 Channels .52 5.11 Security levels .53 TS 62443-1-
15、1 IEC:2009(E) 3 5.11.1 General .53 5.11.2 Types of security levels53 5.11.3 Factors influencing SL(achieved) of a zone or conduit 55 5.11.4 Impact of countermeasures and inherent security properties of devices and systems57 5.12 Security level lifecycle57 5.12.1 General .57 5.12.2 Assess phase 58 5.
16、12.3 Develop and implement phase .59 5.12.4 Maintain phase 60 6 Models .61 6.1 General .61 6.2 Reference models .62 6.2.1 Overview .62 6.2.2 Reference model levels63 6.3 Asset models.65 6.3.1 Overview .65 6.3.2 Enterprise68 6.3.3 Geographic sites68 6.3.4 Area 68 6.3.5 Lines, units, cells, vehicles.6
17、8 6.3.6 Supervisory control equipment .68 6.3.7 Control equipment .68 6.3.8 Field I/O network .69 6.3.9 Sensors and actuators .69 6.3.10 Equipment under control 69 6.4 Reference architecture 69 6.5 Zone and conduit model.69 6.5.1 General .69 6.5.2 Defining security zones 70 6.5.3 Zone identification
18、 .70 6.5.4 Zone characteristics.74 6.5.5 Defining conduits .76 6.5.6 Conduit characteristics.77 6.6 Model relationships79 Bibliography81 Figure 1 Comparison of objectives between IACS and general IT systems 29 Figure 2 Context element relationships.31 Figure 3 Context model 31 Figure 4 Integration o
19、f business and IACS cybersecurity.40 Figure 5 Cybersecurity level over time 40 Figure 6 Integration of resources to develop the CSMS.41 Figure 7 Conduit example.52 Figure 8 Security level lifecycle.58 Figure 9 Security level lifecycle Assess phase .59 Figure 10 Security level lifecycle Implement pha
20、se 60 Figure 11 Security level lifecycle Maintain phase61 4 TS 62443-1-1 IEC:2009(E) Figure 12 Reference model for IEC 62443 standards 62 Figure 13 SCADA reference model.63 Figure 14 Process manufacturing asset model example66 Figure 15 SCADA system asset model example67 Figure 16 Reference architec
21、ture example69 Figure 17 Multiplant zone example .71 Figure 18 Separate zones example.72 Figure 19 SCADA zone example.73 Figure 20 SCADA separate zones example.74 Figure 21 Enterprise conduit.77 Figure 22 SCADA conduit example.78 Figure 23 Model relationships.80 Table 1 Types of loss by asset type33
22、 Table 2 Security maturity phases43 Table 3 Concept phase 43 Table 4 Functional analysis phase43 Table 5 Implementation phase44 Table 6 Operations phase 44 Table 7 Recycle and disposal phase.45 Table 8 Security levels .53 TS 62443-1-1 IEC:2009(E) 5 INTERNATIONAL ELECTROTECHNICAL COMMISSION _ INDUSTR
23、IAL COMMUNICATION NETWORKS NETWORK AND SYSTEM SECURITY Part 1-1: Terminology, concepts and models FOREWORD 1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising all national electrotechnical committees (IEC National Committees). The object
24、of IEC is to promote international co-operation on all questions concerning standardization in the electrical and electronic fields. To this end and in addition to other activities, IEC publishes International Standards, Technical Specifications, Technical Reports, Publicly Available Specifications
25、(PAS) and Guides (hereafter referred to as “IEC Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested in the subject dealt with may participate in this preparatory work. International, governmental and non- governmental organizations liaising
26、 with the IEC also participate in this preparation. IEC collaborates closely with the International Organization for Standardization (ISO) in accordance with conditions determined by agreement between the two organizations. 2) The formal decisions or agreements of IEC on technical matters express, a
27、s nearly as possible, an international consensus of opinion on the relevant subjects since each technical committee has representation from all interested IEC National Committees. 3) IEC Publications have the form of recommendations for international use and are accepted by IEC National Committees i
28、n that sense. While all reasonable efforts are made to ensure that the technical content of IEC Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any misinterpretation by any end user. 4) In order to promote international uniformity, IEC National Comm
29、ittees undertake to apply IEC Publications transparently to the maximum extent possible in their national and regional publications. Any divergence between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in the latter. 5) IEC provides no marking
30、procedure to indicate its approval and cannot be rendered responsible for any equipment declared to be in conformity with an IEC Publication. 6) All users should ensure that they have the latest edition of this publication. 7) No liability shall attach to IEC or its directors, employees, servants or
31、 agents including individual experts and members of its technical committees and IEC National Committees for any personal injury, property damage or other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and expenses arising out of the publication, use
32、 of, or reliance upon, this IEC Publication or any other IEC Publications. 8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is indispensable for the correct application of this publication. 9) Attention is drawn to the possibility that s
33、ome of the elements of this IEC Publication may be the subject of patent rights. IEC shall not be held responsible for identifying any or all such patent rights. The main task of IEC technical committees is to prepare International Standards. In exceptional circumstances, a technical committee may p
34、ropose the publication of a technical specification when the required support cannot be obtained for the publication of an International Standard, despite repeated efforts, or the subject is still under technical development or where, for any other reason, there is the future but no immediate possib
35、ility of an agreement on an International Standard. Technical specifications are subject to review within three years of publication to decide whether they can be transformed into International Standards. IEC 62443-1-1, which is a technical specification, has been prepared by IEC technical committee
36、 65: Industrial-process measurement, control and automation. This technical specification is derived from the corresponding US ANSI/S99.01.01 standard. 6 TS 62443-1-1 IEC:2009(E) The text of this technical specification is based on the following documents: Enquiry draft Report on voting 65/423/DTS 6
37、5/432A/RVC Full information on the voting for the approval of this technical specification can be found in the report on voting indicated in the above table. This publication has been drafted in accordance with the ISO/IEC Directives, Part 2. A list of all parts of the IEC 62433 series, published un
38、der the general title Industrial communication networks Network and system security, can be found on the IEC website. The committee has decided that the contents of this publication will remain unchanged until the maintenance result date indicated on the IEC web site under “http:/webstore.iec.ch“ in
39、 the data related to the specific publication. At this date, the publication will be transformed into an International standard, reconfirmed, withdrawn, replaced by a revised edition, or amended. A bilingual version of this publication may be issued at a later date. NOTE The revision of this technic
40、al specification will be synchronized with the other parts of the IEC 62443 series. IMPORTANT The “colour inside” logo on the cover page of this publication indicates that it contains colours which are considered to be useful for the correct understanding of its contents. Users should therefore prin
41、t this publication using a colour printer. TS 62443-1-1 IEC:2009(E) 7 INTRODUCTION The subject of this technical specification is security for industrial automation and control systems. In order to address a range of applications (i.e., industry types), each of the terms in this description have bee
42、n interpreted very broadly. The term “Industrial Automation and Control Systems” (IACS), includes control systems used in manufacturing and processing plants and facilities, building environmental control systems, geographically dispersed operations such as utilities (i.e., electricity, gas, and wat
43、er), pipelines and petroleum production and distribution facilities, and other industries and applications such as transportation networks, that use automated or remotely controlled or monitored assets. The term “security” is considered here to mean the prevention of illegal or unwanted penetration,
44、 intentional or unintentional interference with the proper and intended operation, or inappropriate access to confidential information in IACS. Cybersecurity which is the particular focus of this technical specification, includes computers, networks, operating systems, applications and other program
45、mable configurable components of the system. The audience for this technical specification includes all users of IACS (including facility operations, maintenance, engineering, and corporate components of user organizations), manufacturers, suppliers, government organizations involved with, or affect
46、ed by, control system cybersecurity, control system practitioners, and security practitioners. Because mutual understanding and cooperation between information technology (IT) and operations, engineering, and manufacturing organizations is important for the overall success of any security initiative
47、, this technical specification is also a reference for those responsible for the integration of IACS and enterprise networks. Typical questions addressed by this technical specification include: a) What is the general scope of application for IACS security? b) How can the needs and requirements of a
48、 security system be defined using consistent terminology? c) What are the basic concepts that form the foundation for further analysis of the activities, system attributes, and actions that are important to provide electronically secure control systems? d) How can the components of an IACS be groupe
49、d or classified for the purpose of defining and managing security? e) What are the different cybersecurity objectives for control system applications? f) How can these objectives be established and codified? Each of these questions is addressed in detail in subsequent clauses of this technical specification. 8 TS 62443-1-1 IEC:2009(E) INDUSTRIAL COMMUNICATION NETWORKS NETWORK AND SYSTEM SECURITY Pa
