标准摘要
[中文适用范围]: 本技术规范确定了IEC 62443系列中与安全威胁和漏洞相关的方面,这些方面考虑了可能导致机器安全操作能力丧失的安全相关控制系统(SCS)的设计和实施。与机器相关的典型安全方面可能涉及SCS: - SCS的漏洞,可以直接或通过机器的其他部分间接利用安全威胁,可能导致安全攻击(安全漏洞); - 对SCS的安全特性和正确执行其功能的能力的影响; - 典型用例定义和相应威胁模型的应用。 本文件不考虑非安全相关的安全威胁和漏洞方面。 注:机器控制系统的非安全相关部分也可能受到安全威胁的影响,可能影响机器的操作,如生产率、性能或质量。对于这些方面,请参考IEC 62443系列。 本文件的重点是有意恶意的行为。然而,本文件不考虑有意的硬件操作(如接线、组件更换)或通过物理操作SCS(如物理旁路)的可预见的误用。 本文件不包括信息技术(IT)产品的安全要求和SCS中使用的设备设计(例如,可能有产品特定标准,如IEC TS 63208)。 [外文原描述]: IEC TS 63074:2023 identifies the relevant aspects of the IEC 62443 series related to security threats and vulnerabilities that are considered for the design and implementation of safety-related control systems (SCS) which can lead to the loss of the ability to maintain safe operation of a machine. Typical security aspects related to the machine with potential relation to SCS are: – vulnerabilities of the SCS either directly or indirectly through the other parts of the machine which can be exploited by security threats that can result in security attacks (security breach); – influence on the safety characteristics and ability of the SCS to properly perform its function(s); – typical use case definition and application of a corresponding threat model. Non-safety-related aspects of security threats and vulnerabilities are not considered in this document. The focus of this document is on intentional malicious actions. However, intentional hardware manipulation (e.g. wiring, exchange of components) or foreseeable misuse by physical manipulation of SCS (e.g. physical bypass) is not considered in this document. This document does not cover security requirements for information technology (IT) products and for the design of devices used in the SCS (e.g., product specific standards can be available, such as IEC TS 63208).
英文名称Safety of machinery - Security aspects related to functional safety of safety-related control systems