GB/T 33008.1-2016 PDF in English
GB/T 33008.1-2016 (GB/T33008.1-2016, GBT 33008.1-2016, GBT33008.1-2016)
Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Name of Chinese Standard | Status |
GB/T 33008.1-2016 | English | 145 |
Add to Cart
|
0-9 seconds. Auto-delivery.
|
Industrial automation and control system security -- Programmable logic controller (PLC) -- Part 1: System requirements
| Valid |
Standards related to: GB/T 33008.1-2016
PDF Preview
GB/T 33008.1-2016: PDF in English (GBT 33008.1-2016) GB/T 33008.1-2016
GB
NATIONAL STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 25.040
N 10
Industrial automation and control system security –
Programmable logic controller (PLC) –
Part 1. System requirements
ISSUED ON. OCTOBER 13, 2016
IMPLEMENTED ON. MAY 01, 2017
Issued by. General Administration of Quality Supervision, Inspection and
Quarantine of the People's Republic of China;
Standardization Administration of the People's Republic of
China.
3. No action is required - Full-copy of this standard will be automatically &
immediately delivered to your EMAIL address in 0~60 minutes.
Table of Contents
Foreword ... 3
1 Scope ... 5
2 Normative references ... 5
3 Terms, definitions and abbreviations ... 5
3.1 Terms and definitions ... 5
3.2 Abbreviations ... 8
4 PLC network security overview ... 8
4.1 General ... 8
4.2 Overview of network security related content ... 9
4.3 PLC system typical structure ... 10
4.4 PLC system network security overall requirements ... 11
5 PLC system network security technical requirements ... 16
5.1 Descriptions on network security technical requirements ... 16
5.2 Overall requirements for level 2 and level 1 ... 17
5.3 Requirements for level 2 ... 18
5.4 Requirements for Level 1 ... 30
6 PLC system network security management requirements ... 34
6.1 General requirements ... 34
Appendix A (Normative) Mapping between system requirements &
requirement enhancement and security level... 35
Appendix B (Normative) Network security management assessment list ... 39
References ... 46
Foreword
GB/T 33009 “Industrial automation and control system security – Distributed
control system” and GB/T 33008 “Industrial automation and control system
security – Programmable logic controller (PLC)” and other relevant standards
jointly constitute the industrial automation and control system network security
series standard.
It is planned for the GB/T 33008 “Industrial automation and control system
security – Programmable logic controller (PLC)” to publish the following parts.
- Part 1. System requirements;
- Part 2. Guidelines for the implementation of system assessment;
...
This part is part 1 of GB/T 33008.
This part was drafted in accordance with the rules given in GB/T 1.1-2009.
This part was proposed by the China Machinery Industry Federation.
This part shall be under the jurisdiction of the National Industrial Process
Measurement Control and Automation Standardization Technical Committee
(SAC/TC 124) and the National Information Security Standardization Technical
Committee (SAC/TC 260).
The drafting organizations of this part. Beijing HollySys System Engineering
Co., Ltd., Machinery Industry Instrument Integrated Technology and Economic
Research Institute, China Electronic Technology Standardization Research
Institute, State Grid Smart Grid Research Institute, China Nuclear Power
Engineering Co., Ltd., Shanghai Automation Instrumentation Co., Ltd.
Tsinghua University, SIEMENS (China) Co., Ltd., Schneider Electric (China) O.,
Ltd., Beijing Iron and Steel Design and Research Institute, Huazhong
University of Science and Technology, Beijing Austin Technology Co., Ltd.,
Rockwell Automation (China) Co., Ltd., China Instruments Institute, Ministry of
Industry and Information Technology the Fifth Electronics Institute, Kyland
Technology Co., Ltd., Beijing Haitai Fangyuan Technology Co., Ltd., Qingdao
Tofino Information Security Technology Co., Ltd., Beijing Guodian Zhishen
Control Technology Co., Ltd., Beijing Likong Huakon Technology Co., Ltd.,
Chongqing University of Posts and Telecommunications, Chinese Academy of
Sciences Shenyang Institute of Automation, Southwest University, China
Petroleum and Natural Gas Pipeline Co., Ltd., Beijing Kuangen Network
Technology Co., Ltd., Southwest Electric Power Design Institute, Beijing
Venusense Information Security Technology Co., Ltd., Guangdong Hangyu
Satellite Technology Co., Ltd., North China Electric Power Design Institute
Engineering Co., Ltd., Huawei Technologies Co., Ltd., China Electronics
Industrial automation and control system security –
Programmable logic controller (PLC) –
Part 1. System requirements
1 Scope
This part of GB/T 33008 specifies the network security requirements of the
programmable logic controller (PLC) system, including the network security
requirements that the PLC communicates directly or indirectly with other
systems.
This part applies to engineering design party, equipment manufacturers,
system integrators, users, and evaluation and certification institutes.
2 Normative references
The following documents are essential to the application of this document. For
the dated documents, only the versions with the dates indicated are applicable
to this document; for the undated documents, only the latest version (including
all the amendments) are applicable to this Standard.
GB/T 30976.1-2014 Industrial control system security - Part 1. Assessment
specification
3 Terms, definitions and abbreviations
3.1 Terms and definitions
The following terms and definitions apply to this document.
3.1.1
Programmable (logic) controller (PLC)
It refers to an electronic system for digital operation in industrial
environments. This system uses programmable memory for internal
registers of user instructions, in order to complete specified functions such
as logic, sequence, timing, counting, arithmetic, etc., AND it controls the
machinery or process of different types through digital or analog
input/output. The programmable controller and its associated peripherals
are designed so that it can be easily integrated into industrial control
systems, AND can easily achieve all the desired functionality.
Note. In this part, the acronym PLC is used to represent the programmable
controllers, which has a consensus in the automation industry.
Originally PC is used as an acronym for programmable controllers, BUT it is
easy to be confused with the acronym PC which is used by personal
computers.
[GB/T 15969.1-2007, Definition 3.5]
3.1.2
Programmable controller system or PLC-system
It refers to the configuration which is composed of the programmable
controller and its associated peripherals as established by the user for the
purposes of completing the automation system requirements. It is
composed of the units which are formed by the interconnection of the power
cables or plug-in components connected to the permanent facilities, AND
the power cables or other connection means connected to the portable or
transportable peripherals.
[GB/T 15969.1-2007, Definition 3.6]
3.1.3
Vulnerability
It refers to the defects or weaknesses which are existed in the design,
realization, operation, and management of system, which can be used to
compromise the integrity of the system or security strategy.
[GB/T 30976.1-2014, Definitions 3.1.1]
3.1.4
Identify
It refers to the process of marking and identifying a certain assessment
element.
[GB/T 30976.1-2014, Definitions 3.1.2]
3.1.5
Acceptance
It refers to a method which is used in the risk assessment activity to end the
implementation of a project. For this method, the party under assessment
organizes institute to perform inspection against the assessed activity item
by item, AND the acceptance criteria are whether it reaches the
assessment objective.
[GB/T 30976.1-2014, Definitions 3.1.4]
The PLC system network security shall include all the activities related to the
system in different phases including the design and development, installation,
operation maintenance, and exit from use in the system life cycle. It shall be
recognized that the risks to the system will change throughout the life cycle,
AND it shall use the technology and management to reduce the PLC system
network security risk to the minimum or acceptable level.
4.2 Overview of network security related content
4.2.1 Hazard sources
Hazard sources include non-secure equipment, systems and network access
points. The hazard source may either come from outside the PLC system OR
may also come from within the PLC system. Safety threats can cause harm to
the recipient through the risk introduction point AND use of the route of
transmission. Hazard introduction points fall into the fol...
...... Source: Above contents are excerpted from the PDF -- translated/reviewed by: www.chinesestandard.net / Wayne Zheng et al.
|