IEC_TS_62443-1-1-2009.pdf

IEC/TS 62443-1-1Edition 1.0 2009-07TECHNICAL SPECIFICATION Industrial communication networks Network and system security Part 1-1:Terminology,concepts and models IEC/TS 62443-1-1:2009(E)colourinsideLICENSED TO MECON Limited.-RANCHI/BANGALORE,FOR INTERNAL USE AT THIS LOCATION ONLY,SUPPLIED BY BOOK SUPPLY BUREAU.THIS PUBLICATION IS COPYRIGHT PROTECTED Copyright 2009 IEC,Geneva,Switzerland All rights reserved.Unless otherwise specified,no part of this publication may be reproduced or utilized in any form or by any means,electronic or mechanical,including photocopying and microfilm,without permission in writing from either IEC or IECs member National Committee in the country of the requester.If you have any questions about IEC copyright or have an enquiry about obtaining additional rights to this publication,please contact the address below or your local IEC member National Committee for further information.Droits de reproduction rservs.Sauf indication contraire,aucune partie de cette publication ne peut tre reproduite ni utilise sous quelque forme que ce soit et par aucun procd,lectronique ou mcanique,y compris la photocopie et les microfilms,sans laccord crit de la CEI ou du Comit national de la CEI du pays du demandeur.Si vous avez des questions sur le copyright de la CEI ou si vous dsirez obtenir des droits supplmentaires sur cette publication,utilisez les coordonnes ci-aprs ou contactez le Comit national de la CEI de votre pays de rsidence.IEC Central Office 3,rue de Varemb CH-1211 Geneva 20 Switzerland Email:0Hinmailiec.ch Web:1Hwww.iec.ch About IEC publications The technical content of IEC publications is kept under constant review by the IEC.Please make sure that you have the latest edition,a corrigenda or an amendment might have been published.?Catalogue of IEC publications:2Hwww.iec.ch/searchpub The IEC on-line Catalogue enables you to search by a variety of criteria(reference number,text,technical committee,).It also gives information on projects,withdrawn and replaced publications.?IEC Just Published:3Hwww.iec.ch/online_news/justpub Stay up to date on all new IEC publications.Just Published details twice a month all new publications released.Available on-line and also by email.?Electropedia:4Hwww.electropedia.org The worlds leading online dictionary of electronic and electrical terms containing more than 20 000 terms and definitions in English and French,with equivalent terms in additional languages.Also known as the International Electrotechnical Vocabulary online.?Customer Service Centre:5Hwww.iec.ch/webstore/custserv If you wish to give us your feedback on this publication or need further assistance,please visit the Customer Service Centre FAQ or contact us:Email:6Hcsciec.ch Tel.:+41 22 919 02 11 Fax:+41 22 919 03 00 LICENSED TO MECON Limited.-RANCHI/BANGALORE,FOR INTERNAL USE AT THIS LOCATION ONLY,SUPPLIED BY BOOK SUPPLY BUREAU.IEC/TS 62443-1-1Edition 1.0 2009-07TECHNICAL SPECIFICATION Industrial communication networks Network and system security Part 1-1:Terminology,concepts and models INTERNATIONAL ELECTROTECHNICAL COMMISSION XCICS 25.040.40;33.040.040;35.040 PRICE CODEISBN 2-8318-1053-6 Registered trademark of the International Electrotechnical Commission colourinsideLICENSED TO MECON Limited.-RANCHI/BANGALORE,FOR INTERNAL USE AT THIS LOCATION ONLY,SUPPLIED BY BOOK SUPPLY BUREAU.2 TS 62443-1-1 IEC:2009(E)CONTENTS FOREWORD.5 INTRODUCTION.7 1 Scope.8 1.1 General.8 1.2 Included functionality.8 1.3 Systems and interfaces.8 1.4 Activity-based criteria.9 1.5 Asset-based criteria.9 2 Normative references.10 3 Terms,definitions and abbreviations.10 3.1 General.10 3.2 Terms and definitions.10 3.3 Abbreviations.26 4 The situation.27 4.1 General.27 4.2 Current systems.27 4.3 Current trends.28 4.4 Potential impact.28 5 Concepts.29 5.1 General.29 5.2 Security objectives.29 5.3 Foundational requirements.30 5.4 Defence in depth.30 5.5 Security context.30 5.6 Threat-risk assessment.32 5.6.1 General.32 5.6.2 Assets.32 5.6.3 Vulnerabilities.34 5.6.4 Risk.34 5.6.5 Threats.36 5.6.6 Countermeasures.38 5.7 Security program maturity.39 5.7.1 Overview.39 5.7.2 Maturity phases.42 5.8 Policies.45 5.8.1 Overview.45 5.8.2 Enterprise level policy.46 5.8.3 Operational policies and procedures.47 5.8.4 Topics covered by policies and procedures.47 5.9 Security zones.50 5.9.1 General.50 5.9.2 Determining requirements.50 5.10 Conduits.51 5.10.1 General.51 5.10.2 Channels.52 5.11 Security levels.53 LICENSED TO MECON Limited.-RANCHI/BANGALORE,FOR INTERNAL USE AT THIS LOCATION ONLY,SUPPLIED BY BOOK SUPPLY BUREAU.TS 62443-1-1 IEC:2009(E)3 5.11.1 General.53 5.11.2 Types of security levels.53 5.11.3 Factors influencing SL(achieved)of a zone or conduit.55 5.11.4 Impact of countermeasures and inherent security properties of devices and systems.57 5.12 Security level lifecycle.57 5.12.1 General.57 5.12.2 Assess phase.58 5.12.3 Develop and implement phase.59 5.12.4 Maintain phase.60 6 Models.61 6.1 General.61 6.2 Reference models.62 6.