Hivatkozási szám

MSZ EN IEC 62645:2020

Dokumentumazonosító

175889

Cím

Atomerőművek. Műszerezettségi, irányítástechnikai és villamos energiaellátó rendszerek. Kiberbiztonsági követelmények (IEC 62645:2019)

Angol cím

Nuclear power plants. Instrumentation, control and electrical power systems. Cybersecurity requirements (IEC 62645:2019)

Alkalmazási terület

1.1 General This document establishes requirements and provides guidance for the development and management of effective computer security programmes for I&C programmable digital systems. Inherent to these requirements and guidance is the criterion that the power plant I&C programmable digital system security programme complies with the applicable country’s requirements. This document defines adequate measures for the prevention of, detection of and reaction to malicious acts by digital means (cyberattacks) on I&C programmable digital systems. This includes any unsafe situation, equipment damage or plant performance degradation that could result from such an act, such as: – malicious modifications affecting system integrity; – malicious interference with information, data or resources that could compromise the delivery of or performance of the required I&C programmable digital functions; – malicious interference with information, data or resources that could compromise operator displays or lead to loss of management of I&C programmable digital systems; – malicious changes to hardware, firmware or software at the programmable logic controller (PLC) level. Human errors leading to violation of the security policy and/or easing the aforementioned malicious acts are also in the scope of this document. This document describes a graded approach scheme for assets subject to digital compromise, based on their relevance to the overall plant safety, availability, and equipment protection. Excluded from the scope of this document are considerations related to: – non-malevolent actions and events such as accidental failures, human errors (except those impacting the performance of cybersecurity controls) and natural events. In particular, good practices for managing applications and data, including back-up and restoration related to accidental failure, are out of scope; NOTE 1 Although such aspects are often covered by security programme in other normative contexts (e.g., in the ISO/IEC 27000 series or in the IEC 62443 series), this document is only focused on the protection against malicious acts by digital means (cyberattacks) on I&C programmable digital systems. The main reason is that in the nuclear generation domain, other standards and practices already cover accidental failures, unintentional human errors, natural events, etc. The focus of IEC 62645 is made to provide the maximum consistency and the minimum overlap with these other nuclear standards and practices. – site physical security, room access control and site security surveillance systems. These systems, while not specifically addressed in this document, are to be covered by plant operating procedures and programmes; NOTE 2 This exclusion does not deny that cybersecurity has clear dependencies on the security of the physical environment (e.g., physical protection, power delivery systems, heating/ventilation/air-conditioning systems (HVAC), etc.). – the aspect of confidentiality of information about I&C digital programmable systems is out of the scope of this document (see 5.4.3.2.3). Túl hosszú scope

ICS

27.120.20 Atomerőművek. Biztonság

Műszaki Bizottság

A szabvány nyelve

angol

Az érvényesség kezdete

2020-11-01

Forrás

idt IEC 62645:2019; idt EN IEC 62645:2020

Előd

Utód

Módosítás

SZK-közlemények

Kapcsolódó európai jogszabály

A szabvány

kapható formátuma

Papír ,
PDF (letöltés) (a fájl mérete: 2000604) ,

oldalszáma

57 oldal; W kategória

ára

Nettó: 19470 Ft
Bruttó:
Papír formátum esetén (5% Áfával): 24532 Ft
PDF (letöltés) formátum esetén (27% Áfával): 24727 Ft