CAN/CSA-IEC/TS 62443-1-1:17
Current
The latest, up-to-date edition.
Industrial communication networks — Network and system security — Part 1-1: Terminology, concepts and models (Adopted IEC technical specification 62443-1-1:2009, first edition, 2009-07)
Hardcopy , PDF
English
01-01-2017
FOREWORD
INTRODUCTION
1 Scope
2 Normative references
3 Terms, definitions and abbreviations
4 The situation
5 Concepts
6 Models
Bibliography
Specifies the terminology, concepts and models for Industrial Automation and Control Systems (IACS) security.
DocumentType |
Standard
|
ISBN |
978-1-4883-1253-3
|
Pages |
94
|
PublisherName |
Canadian Standards Association
|
Status |
Current
|
This is the first edition of CAN/CSA-IEC/TS 62443-1-1, Industrial communication networks — Network and system security — Part 1-1: Terminology, concepts and models, which is an adoption without modification of the identically titled IEC (International Electrotechnical Commission) Technical Specification 62443-1-1 (first edition, 2009-07). At the time of publication, IEC/TS 62443-1-1:2009 is available from IEC in English only. CSA Group will publish the French version when it becomes available from IEC. For brevity, this Standard will be referred to as “CAN/CSA-IEC/TS 62443-1-1” throughout. The IEC Technical Specification is one in a series of Standards developed by IEC/TC 65 on industrial automation networking security that are being adopted by CSA Group. The IEC Technical Specification provides the terminology, concepts, and models that are used in the development of security for industrial control networks. It is intended to be used in conjunction with other Standards in this series that provide more specific guidance in the creation and maintenance of such networks. Scope 1.1 General This part of the IEC 62443 series is a technical specification which defines the terminology, concepts and models for Industrial Automation and Control Systems (IACS) security. It establishes the basis for the remaining standards in the IEC 62443 series. To fully articulate the systems and components the IEC 62443 series address, the range of coverage may be defined and understood from several perspectives, including the following: a) range of included functionality; b) specific systems and interfaces; c) criteria for selecting included activities; d) criteria for selecting included assets. Each of these is described in the following subclauses: 1.2 Included functionality The scope of this technical specification can be described in terms of the range of functionality within an organization’s information and automation systems. This functionality is typically described in terms of one or more models. This technical specification focuses primarily on industrial automation and control, as described in a reference model (see Clause 6). Business planning and logistics systems are not explicitly addressed within the scope of this technical specification, although the integrity of data exchanged between business and industrial systems is considered. Industrial automation and control includes the supervisory control components typically found in process industries. It also includes SCADA (Supervisory Control and Data Acquisition) systems that are commonly used by organizations that operate in critical infrastructure industries. These include the following: a) electricity transmission and distribution; b) gas and water distribution networks; c) oil and gas production operations; d) gas and liquid transmission pipelines. This is not an exclusive list. SCADA systems may also be found in other critical and non-critical infrastructure industries. 1.3 Systems and interfaces In encompassing all IACS, this technical specification covers systems that can affect or influence the safe, secure, and reliable operation of industrial processes. They include, but are not limited to: a) Industrial control systems and their associated communications networks1, including distributed control systems (DCSs), programmable logic controllers (PLCs), remote terminal units (RTUs), intelligent electronic devices, SCADA systems, networked electronic sensing and control, metering and custody transfer systems, and monitoring and diagnostic systems. (In this context, industrial control systems include basic process control system and Safety-Instrumented System (SIS) functions, whether they are physically separate or integrated.) b) Associated systems at level 3 or below of the reference model described in Clause 6. Examples include advanced or multivariable control, online optimizers, dedicated equipment monitors, graphical interfaces, process historians, manufacturing execution systems, pipeline leak detection systems, work management, outage management, and electricity energy management systems. c) Associated internal, human, network, software, machine or device interfaces used to provide control, safety, manufacturing, or remote operations functionality to continuous, batch, discrete, and other processes. 1.4 Activity-based criteria IEC 62443-2-12 provides criteria for defining activities associated with manufacturing operations. A similar list has been developed for determining the scope of this technical specification. A system should be considered to be within the range of coverage of the IEC 62443 series if the activity it performs is necessary for any of the following: a) predictable operation of the process; b) process or personnel safety; c) process reliability or availability; d) process efficiency; e) process operability; f) product quality; g) environmental protection; h) regulatory compliance; i) product sales or custody transfer. 1.5 Asset-based criteria The coverage of this technical specification includes those systems in assets that meet any of the following criteria, or whose security is essential to the protection of other assets that meet these criteria: a) The asset has economic value to a manufacturing or operating process. b) The asset performs a function necessary to operation of a manufacturing or operating process. c) The asset represents intellectual property of a manufacturing or operating process. d) The asset is necessary to operate and maintain security for a manufacturing or operating process. e) The asset is necessary to protect personnel, contractors, and visitors involved in a manufacturing or operating process. f) The asset is necessary to protect the environment. g) The asset is necessary to protect the public from events caused by a manufacturing or operating process. h) The asset is a legal requirement, especially for security purposes of a manufacturing or operating process. i) The asset is needed for disaster recovery. j) The asset is needed for logging security events. This range of coverage includes systems whose compromise could result in the endangerment of public or employees health or safety, loss of public confidence, violation of regulatory requirements, loss or invalidation of proprietary or confidential information, environmental contamination, and/or economic loss or impact on an entity or on local or national security.
Standards | Relationship |
IEC TS 62443-1-1:2009 | Identical |
IEC 62264-3:2016 | Enterprise-control system integration - Part 3: Activity models of manufacturing operations management |
IEC 61511-1:2016+AMD1:2017 CSV | Functional safety - Safety instrumented systems for the process industry sector - Part 1: Framework, definitions, system, hardware and application programming requirements |
IEC 62443-2-1:2010 | Industrial communication networks - Network and system security - Part 2-1: Establishing an industrial automation and control system security program |
FIPS PUB 140-2 : 0 | SECURITY REQUIREMENTS FOR CRYPTOGRAPHIC MODULES |
IEC 61508-4:2010 | Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 4: Definitions and abbreviations (see Functional Safety and IEC 61508) |
ISO 7498-2:1989 | Information processing systems Open Systems Interconnection Basic Reference Model Part 2: Security Architecture |
IEC 61512-1:1997 | Batch control - Part 1: Models and terminology |
IEC 61511-3:2016 | Functional safety - Safety instrumented systems for the process industry sector - Part 3: Guidance for the determination of the required safety integrity levels |
IEC 62264-1:2013 | Enterprise-control system integration - Part 1: Models and terminology |
ISO/IEC 15408-1:2009 | Information technology — Security techniques — Evaluation criteria for IT security — Part 1: Introduction and general model |
IEC 61513:2011 | Nuclear power plants - Instrumentation and control important to safety - General requirements for systems |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.