|
US$2594.00 · In stock
Delivery: <= 7 days. True-PDF full-copy in English will be manually translated and delivered via email.
GB/T 33007-2016: Industrial communication networks -- Network and system security -- Establishing an industrial automation and control system security program
Status: Valid
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | Status | PDF |
| GB/T 33007-2016 | English | 2594 |
Add to Cart
|
7 days [Need to translate]
|
Industrial communication networks -- Network and system security -- Establishing an industrial automation and control system security program
| Valid |
GB/T 33007-2016
|
PDF similar to GB/T 33007-2016
Standard similar to GB/T 33007-2016 GB/T 33009.2 GB/T 33009.4 GB/T 33009.1 Basic data | Standard ID | GB/T 33007-2016 (GB/T33007-2016) | | Description (Translated English) | Industrial communication networks -- Network and system security -- Establishing an industrial automation and control system security program | | Sector / Industry | National Standard (Recommended) | | Classification of Chinese Standard | N10 | | Classification of International Standard | 25.040.40 | | Word Count Estimation | 130,189 | | Date of Issue | 2016-10-13 | | Date of Implementation | 2017-05-01 | | Regulation (derived from) | National Standard Notice No.1716 of 2016 | | Issuing agency(ies) | General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China, Standardization Administration of the People's Republic of China | GB/T 33007-2016: Industrial communication networks -- Network and system security -- Establishing an industrial automation and control system security program
---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
Industrial communication networks - Network and system security - establishment an industrial automation and control system security program
ICS 25.040.40
N10
National Standards of People's Republic of China
Industrial communication network and system security
Establish industrial automation and control
System security program
(IEC 62443-2-1..2010, Industrialcommunicationnetworks-
Part 2-1. createdanindustrialautomationand
controlsystemsecurityprogram, IDT)
2016-10-13 release.2017-05-01 implementation
General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China
China National Standardization Management Committee released
Directory
Preface Ⅴ
Introduction Ⅵ
1 Scope 1
2 normative reference document 1
3 terms and definitions, acronyms and conventions
3.1 Terms and definitions 1
3.2 Abbreviations and Abbreviations 5
3.3 Conventions 7
4 elements of network security management system 7
4.1 Overview 7
4.2 Category. Risk analysis 9
Category. Use CSMS to handle risk 10
4.4 Category. CSMS Monitoring and Improvement
Appendix A (Normative Appendix) CSMS Element Development Guide 27
A.1 Overview 27
A.2 Category. Risk analysis 28
A.3 Category. Resolving risk with SCSMS 49
A.4 Classification. Monitoring and enhancing CSMS 100
Appendix B (informative) Procedure for developing CSMS 106
B.1 Overview 106
B.2 Description of the process 106
B.3 Activity. Initialize CSMS project 107
B.4 Activities. Advanced risk assessment 107
B.5 Description of the process 108
B.6 Activities. Establish security strategies, organization and awareness
B.7 Activities. measures to be selected and implemented
B.8 Activity. Maintain CSMS 111
Appendix C (informative) and ISO /IEC 27001 requirements
C.1 Overview 113
C.2 Mapping of this standard to ISO /IEC 27001..2005 113
C.3 ISO /IEC 27001..2005 Mapping with this standard
Reference 121
Figure 1 Graphical view of the elements of the network security management system
Figure 2 Graphical view of the risk analysis category
Figure 3 Element group. graphical view of security, strategy, organization 11
Figure 4 Element group. Graphical view of selected security measures 15
Figure 5 Element group to achieve the graphical representation of 20
Figure 6 Graphic view classes. Monitoring and improving CSMS 24
Figure A.1 Graphical view of the elements of the network security management system
Figure A.2 Category. Graphical view of risk analysis
Figure A.3 Number of attacks on computer systems from.1998 to.2004 (source. CERT) 31
Figure A.4 Logical List of IACS Data Acquisition Samples
Figure A.5 Image of the logical network control diagram of the example 44
Figure A.6 Graphical view of the element group. Security policy, organization and awareness 49
Figure A.7 Graphical view of the element group. Selected security measures 61
Figure A.8 Reference structure example of a segmented structure
Figure A.9 SCADA Reference Architecture and Split Structure Example 69
Figure A.10 Access Control. Account Management 71
Figure A.11 Access Control. Authentication 74
Figure A.12 Access Control. Authorization 78
Figure A.13 Implementation Plan Chart 80
Figure A.14 Safety Level Lifecycle Model. Assessment Phase 82
Figure A.15 Enterprise security zone template structure
Figure A.16 IACS Security Area 85
Figure A.17 Safety Level Lifecycle Mode. Development and Implementation Phase 87
Figure A.18 Safety Level Lifecycle. Maintenance Phase 90
Figure A.19 Illustration of classification. monitoring and improvement of computer security management system
Figure B.1 Create a top-level activity for CSMS 106
Figure B.2 Dependencies of activities and activities. Initialize CSMS project 107
Figure B.3 Subordination of activities and activities. High-level risk assessment 108
Figure B.4 Activity and activity relevance. Detailed risk assessment 109
Figure B.5 Activity and activity relevance. Establish security policy, organization and awareness
Figure B.6 Training and organization of responsibilities
Figure B.7 Activity and Activity Relevance. Measures Selection and Implementation 111
Figure B.8 Activity and Activity Dependencies. CSMS Maintenance 112
Table 1 Business concept. Demand 9
Table 2 Risk identification, classification and assessment. Demand 10
Table 3 CSMS Scope. Requirements 12
Table 4 Security Organization. Requirements 12
Table 5 Staff training and safety awareness. Requirements 13
Table 6 Business continuity plan. Requirement 13
Table 7 Security policies and procedures. Requirements 14
Table 8 Personnel Safety. Requirements 16
Table 9 Physical and Environmental Security. Requirements 17
Table 10 Network Division Requirements 17
Table 11 Access Control - Account Management. Requirements 18
Table 12 Access Control - Certification. Requirements 19
Table 13 Access Control - Authorization. Requirement 20
Table 14 Risk management and implementation needs 21
Table 15 System development and maintenance requirements
Table 16 Information and document management needs 22
Table 17 Requirements for Event Planning and Response 23
Table 18 Consistency. Demand 25
Table 19 Requirements for review, improvement and maintenance of CSMS 25
Table A.1 Typical Probability Set 38
Table A.2 Typical consequences set 39
Table A.3 Typical risk level matrix 39
Table A.4 Examples of countermeasures based on IACS risk rating 81
Table A.5 Example of Evaluation Results for IACS Assets 83
Table A.6 IACS Asset Evaluation Results and Risk Level Example 83
Table A.7 IACS Target Safety Level 85
Table C.1 Reference requirements for this standard to reference map 113 for ISO /IEC 27001..2005
Table C.2 Mapping of ISO /IEC 27001 requirements and this standard
Foreword
This standard is in accordance with GB/T 1.1-2009 "Standardized working guidelines Part 1. Standard structure and preparation" and GB/T 20000.2-
2009 "Standardization Work Guide Part 2. Adoption of International Standards".
This standard uses the translation method equivalent to IEC 62443-2-1..2010 "Industrial communication network and system security Part 2-1.
Establishment of Industrial Automation and Control System Safety Procedures "(English version). Its technical content, text structure and expression form
IEC 62443-2-1..2010 is fully equivalent.
For ease of use, this standard has been modified as follows.
--- deleted the original words in the original;
- will introduce the contents of the part as the introduction of this standard;
--- If you do not explain, the text of the "security" refers to "network security."
This standard is proposed by the China Machinery Industry Federation.
This standard by the National Industrial Process Measurement Control and Automation Standardization Technical Committee (SAC/TC124) and the national information security standards
Technical Committee (SAC/TC260).
The drafting unit of this standard. Institute of Mechanical and Industrial Instrumentation Integrated Technology and Economy, China Electronics Technology Standardization Research Institute, China Power
Scientific Research Institute, China Nuclear Power Engineering Co., Ltd., Shanghai Automation Instrumentation Co., Ltd., Beijing Jiaotong University, Eastern Science and Technology Co., Ltd.
Company, Tsinghua University, Siemens (China) Co., Ltd., Zhejiang University, Southwest University, Chongqing University of Posts and Telecommunications, Schneider Electric (China) Co., Ltd.
Division, Beijing Iron and Steel Design and Research Institute, Huazhong University of Science and Technology, Beijing Austin Technology Co., Ltd., Rockwell Automation (China) Co., Ltd.
Division, China Institute of Instrumentation, Beijing and Lee Department of Systems Engineering Co., Ltd., Ministry of Industry and Information Technology Institute of Electronics Fifth, the Chinese Academy of Sciences Shen
Yang Automation Institute, Beijing Haitai radius of Science and Technology Co., Ltd., Qingdao Duo Fenuo Information Security Technology Co., Ltd., Beijing Guodian Zhi deep control
Technology Co., Ltd., Beijing Power Control Huakang Technology Co., Ltd., Guangdong Aerospace Satellite Technology Co., Ltd., North China Electric Power Design Institute Engineering Co., Ltd.
Division, Huawei Technologies Co., Ltd., Venus, China Electronics Technology Group Corporation 30th Institute, Shenzhen million-controlled Co., Ltd.,
Winning Software Co., Ltd., Yokogawa Electric (China) Co., Ltd. Beijing R & D Center.
The main drafters of this standard. Wang Yumin, Fan Kefeng, Liang Xiao, Feng Dongqin, Wang Yijun, Hua Rong, Chen Xiaocong, Zhang Jianjun, Xue Baihua, Xu Bin,
Gao Kunlun, Wang Xue, Liu Feng, Wang Hao, Xia Dehai, Zhou Chunjie, Zhang Li, Wang Tao, Liu Jie, Sun Xin, Xu Aedong, Zhu Yiming, Sun Jing, Hu Boliang,
Liu Anzheng, Tian Yucong, Fang Liang, Ma Xinxin, Wang Yong, Du Jialin, Chen Rigang, Li Rui, Liu Limin, Kong Yong, Liu Wenlong, Li Lin, Huang Min,
Zhang Zhi, He Jia, Zhang Jianxun, Meng Yahui, Lan Kun, Cheng Ji Xun, Ding Lu, Chen Xiaofeng, Yang Yingliang, Yang Lei.
Introduction
0.1 Overview
Network security is an increasingly important topic in modern organizations. Over the years, many organizations involved in information technology and business have been
Attention to network security, and in accordance with the ISO and IEC standards have been established an effective network security management system (CSMS) (see
ISO /IEC 17799 [23] 1 and ISO /IEC 27001 [24]), these management systems provide an effective way for the organization
To protect their assets from cyber attacks.
The Industrial Automation Control System (IACS) organization has begun to use commercially available off-the-shelf technology for business systems in its daily processes
(COTS), which makes the IACS equipment by the possibility of network attacks increased. Due to various reasons, in the fight against the network attack side
These systems are usually less robust than those designed for the IACS environment. These weaknesses can lead to health, safety and environmental aspects
(HSE) consequences.
Without understanding these consequences, the organization may attempt to use existing information technology and business security solutions to address
IACS security issues. Although many solutions can be applied to IACS, but need to take the right way to eliminate the adverse consequences.
0.2 IACS network security management system
The management system usually provides guidance on what should be included in the management system, but does not provide guidance on how to develop the management system. this
The standard describes the elements contained in the CSMS of IACS, and also provides guidance on how to develop CSMS for IACS.
In the face of a challenging problem, a very common engineering approach is to break down the problem into smaller sub-problems,
Way to solve each sub-problem. This is a reasonable way to solve the IACS network security risk. However, in the settlement of network security often committed
The mistake is to try to solve all the network security problems with a system at once. Network security is a bigger challenge that needs to be considered throughout
IACS and policies, procedures, practices and personnel that surround and utilize IACS. Implementing such a wide range of management systems may be required within the organization
Department of cultural change.
It is a daunting task to solve network security on the basis of the whole organization. But for security, there is no ready solution
Program. It is easy to understand because there is no safe practice for all situations. In theory, absolute security may be possible, but it is possible
Can not be desirable, because to achieve such a near-perfect state is bound to lose practicality. Security is actually a risk and cost
balance. All the situation is different. In some cases, the risk may be related to the HSE factor rather than the mere economic impact. wind
Risk may bring irreversible consequences rather than temporary financial setbacks. So a set of mandatory safety practices is either a solution
In strict, expensive to follow, or not enough to deal with the risk.
The relationship between this standard and ISO /IEC 17799 and ISO /IEC 27001
ISO /IEC 17799 [23] and ISO /IEC 27001 [24] are excellent descriptions of network security management systems for business/information technology systems
standard. Most of the contents of these standards also apply to IACS. This standard emphasizes the management and business/information of IACS network security practices
There is a need for consistency between the management of technical systems for network security. Consistency of these procedures can save money. The standard encourages users to read
ISO /IEC 17799 and ISO /IEC 27001 for additional support information. This standard is based on these ISO /IEC standards
IACS and general business/information technology systems. This standard introduces an important concept that IACS's network security risks can be
Can bring HSE impact, should be combined with other existing risk management practices to deal with these risks.
Industrial communication network and system security
Establish industrial automation and control
System security program
1 Scope
This standard specifies how to establish a network security management system in the Industrial Automation and Control System (IACS) and provide information on how to develop
A guide to these elements. This standard has a broader definition and scope than the IACS described in IEC 62443-1-1.
The elements of the CSMS described in this standard are primarily policies, procedures, procedures, and personnel-related elements that describe the elements
What the final CSMS will include or should include.
Note 1. Other documents in the IEC 62443 series of standards and references discuss more detailed and specific techniques and protocols for safety.
How to develop CSMS guidance is an example, it represents the author's point of view. an organization can go to develop elements, but it may not be able to
Apply in all cases. In order to develop a complete set of functional CSMS for the organization, the user of this standard must carefully read the requirements and
Proper use of guidance. The strategies and procedures discussed in this standard should be tailored to the needs of the organization.
Note 2. There may be a situation where the enterprise already has its own CSMS and added IACS, or has not formally established CSMS. The author can not
IACS establishes a CSMS organization to predict all situations, so this standard does not attempt to provide a solution for all situations.
2 normative reference documents
The following documents are indispensable for the application of this document. For dated references, only the dated edition applies to this article
Pieces. For undated references, the latest edition (including all modifications) applies to this document.
IEC 62443-1-1 Industrial communication networks - Network and systems - Network security - Part 1-1. Terminology, concepts and models (Industrial
communicationnetworks-Networkandsystemsecurity-Part 1-1. Terminology, conceptsandmodels)
3 terms, definitions, abbreviations and conventions
3.1 Terms and definitions
IEC 62443-1-1 and the following terms and definitions apply to this document.
3.1.1
Access account accessaccount
Allows the user to access the access control function of a specific device or feature set for a fixed device.
Note. Accounts are often associated with the user's identity (ID) and password. These user IDs and passwords can be shared by individuals or groups, for example, to perform the same
The task of working in the control room working group.
3.1.2
Administrative practice
Well-defined and documented practice/procedures for employees to always comply.
Note. usually used for employees within the enterprise. In the IACS environment, often associated with HSE.
3.1.3
Assets
A physical or logical object owned or kept by an organization that has a potential or actual value to the organization
[IEC 62443-1-1, 3.2.6]
Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 33007-2016_English be delivered?Answer: Upon your order, we will start to translate GB/T 33007-2016_English as soon as possible, and keep you informed of the progress. The lead time is typically 4 ~ 7 working days. The lengthier the document the longer the lead time. Question 2: Can I share the purchased PDF of GB/T 33007-2016_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 33007-2016_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet. Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to [email protected]. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.
|