1、 Reference number ISO/TR 22312:2011(E) ISO 2011TECHNICAL REPORT ISO/TR 22312 First edition 2011-07-15 Societal security Technological capabilities Scurit socitale Capacits technologiques ISO/TR 22312:2011(E) COPYRIGHT PROTECTED DOCUMENT ISO 2011 All rights reserved. Unless otherwise specified, no pa
2、rt of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Case postale
3、56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.org Web www.iso.org Published in Switzerland ii ISO 2011 All rights reservedISO/TR 22312:2011(E) ISO 2011 All rights reserved iiiContents Page Foreword iv Introduction . v 1 Scope 1 2 Existing international securit
4、y standardization work 1 3 Work being done in other technical committees within ISO, IEC and ITU-T . 2 4 AHG1 study methodology 2 5 Raw results 5 6 Results 9 Annex A (informative) List of ISO Technical Committees involved in security 11 Bibliography 13 ISO/TR 22312:2011(E) iv ISO 2011 All rights res
5、ervedForeword ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for whic
6、h a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all ma
7、tters of electrotechnical standardization. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of technical committees is to prepare International Standards. Draft International Standards adopted by the technical committees are circ
8、ulated to the member bodies for voting. Publication as an International Standard requires approval by at least 75 % of the member bodies casting a vote. In exceptional circumstances, when a technical committee has collected data of a different kind from that which is normally published as an Interna
9、tional Standard (“state of the art”, for example), it may decide by a simple majority vote of its participating members to publish a Technical Report. A Technical Report is entirely informative in nature and does not have to be reviewed until the data it provides are considered to be no longer valid
10、 or useful. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. ISO/TR 22312 was prepared by Technical Committee ISO/TC 223, Societal Security. ISO/TR 22
11、312:2011(E) ISO 2011 All rights reserved vIntroduction In ISO/TC 223s business plan version 1 from 2006-11-24, the scope of ISO/TC 223 is defined as international standardization in the area of societal security, aimed at increasing crisis and continuity management and capabilities through technical
12、, human, organization, operational, and management approaches as well as operational functionality and interoperability, as well as awareness amongst all interested parties and stakeholders. ISO/TC 223 will work towards international standardization that provides protection from and response to risk
13、s of unintentionally, intentionally, and naturally caused crises and disasters that disrupt and have consequences on societal functions. The committee will use an all-hazards perspective covering the phases of emergency and crisis management before, during, and after a societal security incident. IS
14、O/TC 223 will address and supplement issues not currently addressed by other technical committees or international bodies with which ISO has formal agreements. From this scope, it is clear that ISO/TC 223 has set its goals to develop International Standards in the area of societal security that will
15、 relate to crisis and continuity management from a number of different angles, among them the following: the cause of the crisis; the cause of the crisis relates to intentional (i.e. crime or terror), unintentional, i.e. accidents caused by persons, and natural; the phase of the crisis; the phase of
16、 the crisis is defined as before, during and after; the elements of the management of the crisis; these elements include technical, human, organizational, operational and management. In addition, the scope of ISO/TC 223 is unique from a typical technical committee in that ISO/TC 223 has taken a holi
17、stic approach to the International Standards to be developed and the emphasis is on developing deliverables that will contribute to improving the resilience of society. The work is not to be focused on a specific type of International Standard, i.e. a management system, terms, a specification, or to
18、 be focused on a specific technological field or capability, but in regards to the contribution the International Standard has to the resilience of society with the condition that the subject of the International Standard is not currently being addressed by other technical committees or internationa
19、l bodies with whom ISO has formal agreements. To achieve its goals, ISO/TC 223 has established, at the beginning of its activities, three working groups to develop a framework document, vocabulary and an incident management framework which was called command and control, coordination and cooperation
20、. In addition to these three WGs, the TC established a task group which focused on setting a base for the development of relevant management system standards. This task group evolved and became a fourth WG which focused on developing management system International Standards for societal security re
21、lated events, i.e. emergency management, crisis management, business continuity management. ISO/TC 223 did not focus on technical capabilities and the needs for technical International Standards until the establishment of the Ad-hoc group on societal security technological capabilities was created.
22、The need for including the development of technically oriented International Standards in the field of societal security in the scope of ISO/TC 223 was voiced and advocated by Israel from the stage when the first draft of the business plan was prepared. The logic was that the deliverables of ISO/TC
23、223 should give a complete solution for security and equipment and, therefore, security systems are a vital piece of the equation. Based on this, in its 2008 spring plenary meeting held in Seoul, ISO/TC 223 passed a resolution to form the Ad-hoc group (AHG1) to conduct a six-month study in which the
24、 key societal security technological domains will be identified and recommendations made to the TC on how to deal with them. TECHNICAL REPORT ISO/TR 22312:2011(E) ISO 2011 All rights reserved 1Societal security Technological capabilities 1 Scope The purpose of this Technical Report is to document th
25、e knowledge accumulated in the six-month study period conducted by ISO/TC 223/Ad-hoc group 1 (AHG1), in which AHG1 examined the different existing available technologies which would be relevant to standardize within the field of societal security. The terms of reference of the AHG1 are as follows: i
26、dentify the “key technical domains” that are important for the work of the committee; recommend how the committee should deal with identified “key technical domains”. 2 Existing international security standardization work 2.1 General The AHG1 was formed and was comprised by a convenor and experts fr
27、om within the P-members of ISO/TC 223. The first stage was to identify work being done by recognized Standards Development Organizations (SDOs) that can contribute to the mission of the AHG1. The activities that were identified are outlined in 2.2 to 2.5. 2.2 ANSI-Homeland Security Standards Panel (
28、HSSP) A number of workshops were organized to explore different elements related to homeland security while focusing on gaps and the contribution standards can have on the awareness and preparedness of society to meet security challenges. The workshops that were studied by the AHG1 included the Stan
29、dardization Related to Biological and Chemical Threat Agents workshop, the Biometrics Standardization workshop, the Emergency Communications workshop, the Standardization for Enterprise Power Security and Continuity workshop, the Training Program Standardization for First Response to Weapons of Mass
30、 Destruction (WMD) Events workshop, the Perimeter Security workshop and the Transit Security Standardization workshop. 2.3 CEN BT/WG 161 Protection of the Citizen At the request of the EU, CEN has established a strategic group to explore the different aspects of the security of the European public a
31、nd determined where standardization can make a contribution. This group formed a number of expert groups whose report served as material and information for the AHG1. The reports used by the AHG1 include Critical Infrastructure Buildings and Civil Engineering Works mini business; Chemical, Biologica
32、l, Radiological and Nuclear (CBRN) business plan; Critical Infrastructure-Energy Supply final report; Supply chain final report; Integrated Border Management report; Water supply security mini business program; Emergency Services business plan; and the Defense against Terror (DAT) business plan. 2.4
33、 ISO/IEC/ITU-T/SAG-S ISOs Technical Management Board (TMB) established an Advisory Group on Security (AGS) to conduct a review of existing ISO deliverables related to the field of security, assess the needs of all relevant stakeholders for international security standards, assess relevant standards
34、developed by other organizations ISO/TR 22312:2011(E) 2 ISO 2011 All rights reservedthat may support international needs for security standards, and recommend actions to be taken by the ISO Council and/or ISO/TMB on subjects within the field of security that may benefit from the development of Inter
35、national Standards and that ISO would have the capability to provide. The final report was used by the AHG1. 2.5 Asian-Pacific Economic Cooperation (APEC) and Standards Australia initiative Standards Australia and APEC initiated a survey whose results will be used to promote a better standards infra
36、structure for security Critical Infrastructure and Support Systems. The rational and background documents were used by the AHG1. In addition to the above documentation, there are SDOs developing standards related to security at the national level such as SII and there are different industries with s
37、ecurity related products that are exploring the possibility to promote the use of this type of equipment by identifying and setting standards for necessary capabilities that can be satisfied by using technologies. 3 Work being done in other technical committees within ISO, IEC and ITU-T 3.1 General
38、ISO/TC 223 will address and supplement issues not currently addressed by other technical committees or international bodies with which ISO has formal agreements. ISO/TC 223 will not initiate standards projects that fall within the scope of existing TCs, whether ISO, IEC or ITU-T. The need for standa
39、rds in the security domain has been noted by ISO, IEC and ITU-T and activities have been initiated. The outstanding initiatives are as follows. 3.2 ISO ISO has formed an advisory group on security which was given the task to evaluate the gaps in security standardization and make recommendations to t
40、he TMB. Among the recommendations was the need to form a Strategic Advisory Group for Security (SAG-S). The report also lists the ISO/TCs that are involved in security. This list was revised by the ISO/IEC/ITU/SAG-S. The list of the ISO/TCs involved in security as stated in the AGS with the addition
41、al list as discussed in the SAG-S meeting is given in Annex A. 3.3 IEC IEC submitted a report to the SAG-S in January 2008 showing the security activities in the IEC. The areas stated are alarm systems and access control. It should be noted that IEC/TC 79, Alarm Systems, is involved in security-rela
42、ted work which consists of the preparation of standards for detection, alarm and monitoring systems for protection of persons and property, and for elements used in these systems. 3.4 ITU-T ITU-T has been running a security standardization program for several years. The areas in which ITU-T is focus
43、ing are tele-biometrics, security management, mobility security, cyber-security, home-networking security, NGN security, countering spam and emergency telecommunications. 4 AHG1 study methodology 4.1 General Since this effort is the first step in introducing technical International Standards into th
44、e work of ISO/TC 223, the main objective is to locate key technical domains that contain products and technologies which are clearly candidates for standardization processes within ISO/TC 223. The International Standards which will be identified will have market relevance and be of interest to defin
45、ed parties, including industry, regulators and ISO/TR 22312:2011(E) ISO 2011 All rights reserved 3end users. Based on this, the technical International Standards to be in the focus of the AHG1 will have the attributes outlined in 4.2. 4.2 The key technical areas attributes The topic of the Internati
46、onal Standard is not covered by any other International Standards committee within ISO or other standards organization such as the IEC or ITU-T. The technology or product subjected to being standardized is technically mature. The International Standard will focus on the function/performance (capabil
47、ities) requirements and not on procurement specification or product standardization. The International Standard will have market and global relevance. There are stakeholders with a specific interest in developing the International Standard (i.e. industry, academia, government and end users). 4.3 Met
48、hod 4.3.1 General The AHG1 was commissioned to identify the key technical domains that are applicable to societal security. In order to analyze the field of security, the AHG1 used a security model commonly used by the different SDOs in their pursuit of gaps to be filled by International Standards.
49、See Figure 1. Threats Countermeasures Targets Resources (e.g. Water) Infrastructure (e.g. Buildings) Networks (e.g. IT) Transport (e.g. Supply Chain) Public Health (e.g. Hospitals) Industrial Base (e.g. Refineries) Government People Explosives, Chemical, Biological, Rad/Nuclear, Cyber, Conventional Weapons, Physical Objects, Human Beings, Natural Disasters Assessment Protection Detection Identification Response Mitigation Restoration ManagementFigure 1 Three-dimensional security gaps model The model is based on defining
