标准摘要
[中文适用范围]: 本部分IEC 62351的范围是促进电力系统管理的基于角色的访问控制(RBAC)。RBAC将人类用户、自动化系统和软件应用程序(在本文件中统称为“主体”)分配到指定的“角色”,并限制他们只能访问安全政策认为对其角色必要的资源。 随着电力系统变得更加自动化和网络安全问题变得更加突出,确保对数据(读取、写入、控制等)的访问受到限制变得越来越重要。与安全的许多方面一样,RBAC不仅是一种技术;它是一种业务运行方式。RBAC并不是一个新概念;事实上,许多操作系统使用它来控制对系统资源的访问。具体来说,RBAC提供了一种替代全或无超级用户模型的方法,在该模型中,所有主体都可以访问所有数据,包括控制命令。 RBAC是满足最小权限安全原则的主要方法,该原则规定任何主体都不应被授予超出执行其任务所需权限的授权。通过RBAC,授权与认证分离。RBAC使组织能够细分超级用户功能,并将其打包到特殊用户账户中,称为角色,根据相关职责分配给特定个人。这种细分使安全政策能够确定谁或哪些系统被允许访问其他系统中的哪些数据。因此,RBAC提供了一种根据组织政策重新分配系统控制的手段。特别是,RBAC可以保护敏感系统操作免受未经授权用户的无意(或故意)行为的影响。显然,RBAC不仅限于人类用户;它同样适用于自动化系统和软件应用程序,即独立于用户交互运行的软件部分。 以下交互在范围内: - 人类用户、本地和自动化计算机代理或内置HMI或面板对对象的本地(直接有线)访问; - 人类用户对对象的远程(通过拨号或无线媒体)访问; - 远程自动化计算机代理(例如,另一个变电站的另一个对象、终端用户设施的分布式能源资源或控制中心应用)对对象的远程(通过拨号或无线媒体)访问。 虽然本文件定义了一组必须支持的角色,但定义特定或自定义角色的交换格式也在本文件的范围内。 本文件范围外的所有与本地和远程访问的角色和访问令牌定义不直接相关的主题,特别是管理或组织任务,例如: - 用户名和密码定义/政策; - 密钥和/或密钥交换的管理; - 角色的工程过程; - 角色的分配; - 选择可信证书颁发机构颁发凭证(访问令牌); - 定义安全官员的任务; - 在RBAC中整合本地政策; 注:具体来说,证书管理在IEC 62351-9中解决。 过程控制行业和访问控制(RFC 2904和RFC 2905)中的现有标准(参见ANSI INCITS 359-2004、IEC 62443(所有部分)和IEEE 802.1X-2004)不足,因为它们既没有指定确切的角色名称和相关权限,也没有指定访问令牌的格式,也没有指定访问令牌传输到目标系统并由其认证的详细机制——所有这些信息对于互操作性都是必需的。 另一方面,IEEE 1686已经定义了必须支持的最小角色数量以及角色应处理的权限。注意,IEEE 1686目前正在修订中。 在整个文件中,安全事件被定义为警告和警报。这些安全事件旨在支持错误处理,从而提高系统弹性。重要的是,实现提供了一种宣布安全事件的机制。 请注意,对于安全日志事件和监控信息产生的安全警告和警报的处理,有单独的文件指定处理。更具体地说,安全事件处理在IEC 62351-14中指定,而监控对象的处理由IEC 62351-7指定。 请注意,警告和警报用于从安全角度指示事件的严重性。使用以下概念: - 警告旨在提高意识,但表示可以安全进行; - 警报表示不应进行。 在任何情况下,预计操作员的安全政策将根据操作环境确定最终处理。 [外文原描述]: IEC 62351-8: 2020 is to facilitate role-based access control (RBAC) for power system management. RBAC assigns human users, automated systems, and software applications (collectively called "subjects" in this document) to specified "roles", and restricts their access to only those resources, which the security policies identify as necessary for their roles. As electric power systems become more automated and cyber security concerns become more prominent, it is becoming increasingly critical to ensure that access to data (read, write, control, etc.) is restricted. As in many aspects of security, RBAC is not just a technology; it is a way of running a business. RBAC is not a new concept; in fact, it is used by many operating systems to control access to system resources. Specifically, RBAC provides an alternative to the all-or-nothing super-user model in which all subjects have access to all data, including control commands. RBAC is a primary method to meet the security principle of least privilege, which states that no subject should be authorized more permissions than necessary for performing that subject’s task. With RBAC, authorization is separated from authentication. RBAC enables an organization to subdivide super-user capabilities and package them into special user accounts termed roles for assignment to specific individuals according to their associated duties. This subdivision enables security policies to determine who or what systems are permitted access to which data in other systems. RBAC provides thus a means of reallocating system controls as defined by the organization policy. In particular, RBAC can protect sensitive system operations from inadvertent (or deliberate) actions by unauthorized users. Clearly RBAC is not confined to human users though; it applies equally well to automated systems and software applications, i.e., software parts operating independent of user interactions. The following interactions are in scope: – local (direct wired) access to the object by a human user; by a local and automated computer agent, or built-in HMI or panel; – remote (via dial-up or wireless media) access to the object by a human user; – remote (via dial-up or wireless media) access to the object by a remote automated computer agent, e.g. another object at another substation, a distributed energy resource at an end-user’s facility, or a control centre application. While this document defines a set of mandatory roles to be supported, the exchange format for defined specific or custom roles is also in scope of this document. Out of scope for this document are all topics which are not directly related to the definition of roles and access tokens for local and remote access, especially administrative or organizational tasks.
英文名称Power systems management and associated information exchange - Data and communications security - Part 8: Role-based access control for power system management