| PDF Pages<\/th>\n | PDF Title<\/th>\n<\/tr>\n | ||||||
|---|---|---|---|---|---|---|---|
| 2<\/td>\n | undefined <\/td>\n<\/tr>\n | ||||||
| 4<\/td>\n | CONTENTS <\/td>\n<\/tr>\n | ||||||
| 7<\/td>\n | FOREWORD <\/td>\n<\/tr>\n | ||||||
| 9<\/td>\n | INTRODUCTION <\/td>\n<\/tr>\n | ||||||
| 11<\/td>\n | 1 Scope <\/td>\n<\/tr>\n | ||||||
| 12<\/td>\n | 2 Normative references 3 Terms and definitions <\/td>\n<\/tr>\n | ||||||
| 14<\/td>\n | 4 Abbreviated terms <\/td>\n<\/tr>\n | ||||||
| 15<\/td>\n | 5 I&C system security life cycle and security modelling activities Tables Table 1 \u2013 I&C life cycle stages and corresponding scenarios for the use of security modelling <\/td>\n<\/tr>\n | ||||||
| 17<\/td>\n | 6 Description of a typical NPP I&C system <\/td>\n<\/tr>\n | ||||||
| 18<\/td>\n | 7 Security requirements and security architecture 7.1 General framework Figures Figure 1 \u2013 Structure of a typical I&C system <\/td>\n<\/tr>\n | ||||||
| 20<\/td>\n | 7.2 Integrated security model 7.3 Basics of the information exchange model (DM) 7.4 Basics of the security model (SLM) <\/td>\n<\/tr>\n | ||||||
| 21<\/td>\n | 7.5 Basic principles of the secure design 7.6 Asset ranking and ordering 7.7 Information property of the asset <\/td>\n<\/tr>\n | ||||||
| 22<\/td>\n | 7.8 Security degrees concept and security architecture <\/td>\n<\/tr>\n | ||||||
| 23<\/td>\n | 7.9 Establishing a relation between the data model and the security model 8 Procedure of I&C security modelling 8.1 General <\/td>\n<\/tr>\n | ||||||
| 25<\/td>\n | Figure 2 \u2013 Procedure of security architecture synthesis <\/td>\n<\/tr>\n | ||||||
| 26<\/td>\n | 8.2 General approach to asset classification 8.3 Security degree assignment and the analysis of model conformance 8.4 Classification in hierarchical systems <\/td>\n<\/tr>\n | ||||||
| 27<\/td>\n | Figure 3 \u2013 I&C information model with subsystem hierarchy (left) and without it (right) <\/td>\n<\/tr>\n | ||||||
| 28<\/td>\n | 9 Case study of I&C security architecture synthesis 9.1 General 9.2 Definition of the security model <\/td>\n<\/tr>\n | ||||||
| 29<\/td>\n | 9.3 Selecting the detail level in system analysis 9.4 Asset classification Figure 4 \u2013 Simplified information model of security. (secure relation between degrees are shown by dashed lines) <\/td>\n<\/tr>\n | ||||||
| 30<\/td>\n | 9.5 Identification and initial classification of assets 9.6 Data model Table 2 \u2013 List of assets of a typical control system channel and IS target characteristics <\/td>\n<\/tr>\n | ||||||
| 31<\/td>\n | 9.7 Analysis of the model and synthesis of architecture Figure 5 \u2013 General security graph for I&C subsystem without taking into account security controls. The borders show boundaries for workstation server and gate subsystem. <\/td>\n<\/tr>\n | ||||||
| 32<\/td>\n | Figure 6 \u2013 Changes in the security graph for I&C subsystem when OS_WS asset is targeting allocation to a separate zone. The edges belonging to the minimal cut are shown with bold lines. <\/td>\n<\/tr>\n | ||||||
| 33<\/td>\n | Figure 7 \u2013 General view of the security graph for I&C subsystem, taking into account security controls for OS assets. The security degree structure is shown in a) and the zone structure is shown in b). Degrees and zones are shown in a solid rectangle. The degree is numbered. <\/td>\n<\/tr>\n | ||||||
| 34<\/td>\n | Figure 8 \u2013 Changes in the security graph for I&C subsystem when server assets are targeting allocation to a separate zone from the workstation. The edges belonging to minimal cut are highlighted with bold line. <\/td>\n<\/tr>\n | ||||||
| 35<\/td>\n | 9.8 Assessment of the modified security architecture Figure 9 \u2013 General representation of the security graph for practical I&C subsystem, taking into account all assigned security controls for the assets. The security degree structure is shown in a) and zone structure is shown in b). The degrees and zones are shown in solid rectangle. The degrees are numbered. <\/td>\n<\/tr>\n | ||||||
| 36<\/td>\n | 10 NPP cybersecurity simulation for security assessment of I&C systems Table 3 \u2013 Information security characteristics for assets in the architecture of a I&C subsystem <\/td>\n<\/tr>\n | ||||||
| 37<\/td>\n | 11 Conclusion Figure 10 \u2013 General scenario of use of the digital twin for stress tests <\/td>\n<\/tr>\n | ||||||
| 39<\/td>\n | Annexes Annex A (informative)Data model Table A.1 \u2013 Correspondence of the physical properties of I&C systems with the properties of the security graph <\/td>\n<\/tr>\n | ||||||
| 42<\/td>\n | Annex B (informative) Security model definition (SLM) <\/td>\n<\/tr>\n | ||||||
| 43<\/td>\n | Annex C (informative) Justification of the secure by design principle <\/td>\n<\/tr>\n | ||||||
| 45<\/td>\n | Annex D (informative) Mapping of security and data model Figure D.1 \u2013 Sketch of link transformation <\/td>\n<\/tr>\n | ||||||
| 46<\/td>\n | Figure D.2 \u2013 Example of domains of connectivity in a graph \u2013 Here the graph splits into three domains <\/td>\n<\/tr>\n | ||||||
| 48<\/td>\n | Annex E (informative) Formal approach to asset clustering and classification E.1 Input data types and the choice of data representation for the analysis E.2 Order relation on a security graph Table E.1 \u2013 NPP I&C asset properties <\/td>\n<\/tr>\n | ||||||
| 49<\/td>\n | E.3 Data renormalization E.4 Criteria and clustering method <\/td>\n<\/tr>\n | ||||||
| 51<\/td>\n | Annex F (informative) Some algorithmic aspects for security architecture synthesis Table F.1 \u2013 Computational methods for analyzing the security graph <\/td>\n<\/tr>\n | ||||||
| 52<\/td>\n | Annex G (informative) Asset classification using clustering method: an example Figure G.1 \u2013 Security graph of the system in the information exchange model Table G.1 \u2013 Table of attributes <\/td>\n<\/tr>\n | ||||||
| 53<\/td>\n | Figure G.2 \u2013 Transitive closure of the security graph by the relation w Figure G.3 \u2013 Asset partitioning by security degrees <\/td>\n<\/tr>\n | ||||||
| 54<\/td>\n | Table G.2 \u2013 Partition of the assets into security degrees <\/td>\n<\/tr>\n | ||||||
| 55<\/td>\n | Annex H (informative) Mathematical notations in the integrated security mode H.1 Integrated cybersecurity model, ICM H.2 Model of information exchange, DM H.3 Allowed transformation of a security graph H.4 Relationship of secure information transfer between two assets H.5 Relationship of simple information transfer between two assets H.6 Asymmetric operations between two assets H.7 Access rules model <\/td>\n<\/tr>\n | ||||||
| 56<\/td>\n | H.8 Relationship of simple information transfer between security degrees H.9 Relationship of secure information transfer between security degrees H.10 Operator R of mapping between two models <\/td>\n<\/tr>\n | ||||||
| 57<\/td>\n | Bibliography <\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":" Nuclear Power plants. Instrumentation and control systems. Use of formal security models for I&C security architecture design and assessment<\/b><\/p>\n |