标准摘要
[中文适用范围]: 本文档建立了适用于核电厂仪表与控制(I&C)可编程数字系统的计算机安全程序开发和管理的要求,并提供了指南。其内在标准是核电厂 I&C 可编程数字系统安全程序符合适用国家的要求。本文档定义了适当的措施,用于预防和检测针对 I&C 可编程数字系统的数字手段恶意行为(网络攻击),以及对这些行为可能导致的任何不安全情况、设备损坏或电厂性能下降的反应。这包括:影响系统完整性的恶意修改;干扰信息、数据或资源,从而可能破坏所需 I&C 可编程数字功能的交付或性能;干扰信息、数据或资源,从而可能破坏操作员显示或导致丧失对 I&C 可编程数字系统的管理;可编程逻辑控制器(PLC)层面的硬件、固件或软件的恶意更改。导致安全政策和/或助长上述恶意行为的错误也在本文档的范围内。本文档描述了一种基于资产与总体电厂安全、可用性和设备保护相关性的分级方法方案。排除在本文档范围之外的考虑包括:非恶意行为和事件(如意外故障、不影响网络安全控制性能的人类错误和自然事件);厂址物理安全、房间进入控制和厂址安全监视系统;关于 I&C 数字可编程系统信息机密性的方面(见 5.4.3.2.3)。 [外文原描述]: IEC 62645:2019 establishes requirements and provides guidance for the development and management of effective computer security programmes for I&C programmable digital systems. Inherent to these requirements and guidance is the criterion that the power plant I&C programmable digital system security programme complies with the applicable country’s requirements. This document defines adequate measures for the prevention of, detection of and reaction to malicious acts by digital means (cyberattacks) on I&C programmable digital systems. This includes any unsafe situation, equipment damage or plant performance degradation. This second edition cancels and replaces the first edition published in 2014. This edition includes the following significant technical changes with respect to the previous edition: a) to align the standard with the new revisions of ISO/IEC 27001; b) to review the existing requirements and to update the terminology and definitions; c) to take account of, as far as possible, requirements associated with standards published since the first edition; d) to take into account the fact that cybersecurity techniques, but also national practices evolve.
英文名称Nuclear power plants - Instrumentation, control and electrical power systems - Cybersecurity requirements