BSI PD IEC TR 63415:2023
$198.66
Nuclear Power plants. Instrumentation and control systems. Use of formal security models for I&C security architecture design and assessment
| Published By | Publication Date | Number of Pages |
| BSI | 2023 | 60 |
PDF Catalog
| PDF Pages | PDF Title |
|---|---|
| 2 | undefined |
| 4 | CONTENTS |
| 7 | FOREWORD |
| 9 | INTRODUCTION |
| 11 | 1 Scope |
| 12 | 2 Normative references 3 Terms and definitions |
| 14 | 4 Abbreviated terms |
| 15 | 5 I&C system security life cycle and security modelling activities Tables Table 1 – I&C life cycle stages and corresponding scenarios for the use of security modelling |
| 17 | 6 Description of a typical NPP I&C system |
| 18 | 7 Security requirements and security architecture 7.1 General framework Figures Figure 1 – Structure of a typical I&C system |
| 20 | 7.2 Integrated security model 7.3 Basics of the information exchange model (DM) 7.4 Basics of the security model (SLM) |
| 21 | 7.5 Basic principles of the secure design 7.6 Asset ranking and ordering 7.7 Information property of the asset |
| 22 | 7.8 Security degrees concept and security architecture |
| 23 | 7.9 Establishing a relation between the data model and the security model 8 Procedure of I&C security modelling 8.1 General |
| 25 | Figure 2 – Procedure of security architecture synthesis |
| 26 | 8.2 General approach to asset classification 8.3 Security degree assignment and the analysis of model conformance 8.4 Classification in hierarchical systems |
| 27 | Figure 3 – I&C information model with subsystem hierarchy (left) and without it (right) |
| 28 | 9 Case study of I&C security architecture synthesis 9.1 General 9.2 Definition of the security model |
| 29 | 9.3 Selecting the detail level in system analysis 9.4 Asset classification Figure 4 – Simplified information model of security. (secure relation between degrees are shown by dashed lines) |
| 30 | 9.5 Identification and initial classification of assets 9.6 Data model Table 2 – List of assets of a typical control system channel and IS target characteristics |
| 31 | 9.7 Analysis of the model and synthesis of architecture Figure 5 – General security graph for I&C subsystem without taking into account security controls. The borders show boundaries for workstation server and gate subsystem. |
| 32 | Figure 6 – Changes in the security graph for I&C subsystem when OS_WS asset is targeting allocation to a separate zone. The edges belonging to the minimal cut are shown with bold lines. |
| 33 | Figure 7 – General view of the security graph for I&C subsystem, taking into account security controls for OS assets. The security degree structure is shown in a) and the zone structure is shown in b). Degrees and zones are shown in a solid rectangle. The degree is numbered. |
| 34 | Figure 8 – Changes in the security graph for I&C subsystem when server assets are targeting allocation to a separate zone from the workstation. The edges belonging to minimal cut are highlighted with bold line. |
| 35 | 9.8 Assessment of the modified security architecture Figure 9 – General representation of the security graph for practical I&C subsystem, taking into account all assigned security controls for the assets. The security degree structure is shown in a) and zone structure is shown in b). The degrees and zones are shown in solid rectangle. The degrees are numbered. |
| 36 | 10 NPP cybersecurity simulation for security assessment of I&C systems Table 3 – Information security characteristics for assets in the architecture of a I&C subsystem |
| 37 | 11 Conclusion Figure 10 – General scenario of use of the digital twin for stress tests |
| 39 | Annexes Annex A (informative)Data model Table A.1 – Correspondence of the physical properties of I&C systems with the properties of the security graph |
| 42 | Annex B (informative) Security model definition (SLM) |
| 43 | Annex C (informative) Justification of the secure by design principle |
| 45 | Annex D (informative) Mapping of security and data model Figure D.1 – Sketch of link transformation |
| 46 | Figure D.2 – Example of domains of connectivity in a graph – Here the graph splits into three domains |
| 48 | Annex E (informative) Formal approach to asset clustering and classification E.1 Input data types and the choice of data representation for the analysis E.2 Order relation on a security graph Table E.1 – NPP I&C asset properties |
| 49 | E.3 Data renormalization E.4 Criteria and clustering method |
| 51 | Annex F (informative) Some algorithmic aspects for security architecture synthesis Table F.1 – Computational methods for analyzing the security graph |
| 52 | Annex G (informative) Asset classification using clustering method: an example Figure G.1 – Security graph of the system in the information exchange model Table G.1 – Table of attributes |
| 53 | Figure G.2 – Transitive closure of the security graph by the relation w Figure G.3 – Asset partitioning by security degrees |
| 54 | Table G.2 – Partition of the assets into security degrees |
| 55 | Annex H (informative) Mathematical notations in the integrated security mode H.1 Integrated cybersecurity model, ICM H.2 Model of information exchange, DM H.3 Allowed transformation of a security graph H.4 Relationship of secure information transfer between two assets H.5 Relationship of simple information transfer between two assets H.6 Asymmetric operations between two assets H.7 Access rules model |
| 56 | H.8 Relationship of simple information transfer between security degrees H.9 Relationship of secure information transfer between security degrees H.10 Operator R of mapping between two models |
| 57 | Bibliography |
Related products
-
BSI PD IEC TR 63410:2023
Decentralized electrical energy systems roadmap Published By Publication Date Number of Pages BSI 2023 90
-
BSI PD IEC TR 63425:2022
Connectivity for lighting systems Published By Publication Date Number of Pages BSI 2022 26
-
BSI PD CEN/TR 15993:2010
Automotive fuels. Ethanol (E85) automotive fuel. Background to the parameters required and their respective limits…
