Most recent
DS/EN IEC 62645:2020
Nuclear power plants - Instrumentation, control and electrical power systems - Cybersecurity requirements
1.1 General*This document establishes requirements and provides guidance for the development and*management of effective computer security programmes for I&C programmable digital*systems. Inherent to these requirements and guidance is the criterion that the power plant*I&C programmable digital system security programme complies with the applicable country’s*requirements.*This document defines adequate measures for the prevention of, detection of and reaction to*malicious acts by digital means (cyberattacks) on I&C programmable digital systems. This*includes any unsafe situation, equipment damage or plant performance degradation that could*result from such an act, such as:*– malicious modifications affecting system integrity;*– malicious interference with information, data or resources that could compromise the*delivery of or performance of the required I&C programmable digital functions;*– malicious interference with information, data or resources that could compromise operator*displays or lead to loss of management of I&C programmable digital systems;*– malicious changes to hardware, firmware or software at the programmable logic controller*(PLC) level.*Human errors leading to violation of the security policy and/or easing the aforementioned*malicious acts are also in the scope of this document.*This document describes a graded approach scheme for assets subject to digital compromise,*based on their relevance to the overall plant safety, availability, and equipment protection.*Excluded from the scope of this document are considerations related to:*– non-malevolent actions and events such as accidental failures, human errors (except*those impacting the performance of cybersecurity controls) and natural events. In*particular, good practices for managing applications and data, including back-up and*restoration related to accidental failure, are out of scope;*NOTE 1 – Although such aspects are often covered by security programme in other normative contexts (e.g., in*the ISO/IEC 27000 series or in the IEC 62443 series), this document is only focused on the protection against*malicious acts by digital means (cyberattacks) on I&C programmable digital systems. The main reason is that*in the nuclear generation domain, other standards and practices already cover accidental failures,*unintentional human errors, natural events, etc. The focus of IEC 62645 is made to provide the maximum*consistency and the minimum overlap with these other nuclear standards and practices.*– site physical security, room access control and site security surveillance systems. These*systems, while not specifically addressed in this document, are to be covered by plant*operating procedures and programmes;*NOTE 2 – This exclusion does not deny that cybersecurity has clear dependencies on the security of the*physical environment (e.g., physical protection, power delivery systems, heating/ventilation/air-conditioning*systems (HVAC), etc.).*– the aspect of confidentiality of information about I&C digital programmable systems is out*of the scope of this document (see 5.4.3.2.3).*Annex A provides a rationale for and comments about the scope, definition and the*document's application, and in particular about the exclusions and limitations previously*mentioned.*Standards such as ISO/IEC 27001 and ISO/IEC 27002 are not directly applicable to the cyber*protection of nuclear I&C programmable digital systems. This is mainly due to the specificities*of these systems, including the regulatory and safety requirements inherent to nuclear*facilities. However, this document builds upon the valid high level principles and main*concepts of ISO/IEC 27001:2013, adapts them and completes them to fit the nuclear context.*This document follows the general principles given in the IAEA reference manual NSS17.*1.2 Application*This document is limited to computer security of I&C programmable digital systems (including*non-safety systems) used in a NPP as well as associated computer-based tools. This*document is applicable to the parts of electrical power systems covered by IEC 63046 which*rely on digital programmable technology.*NOTE 1 – For the sake of simplicity, the terms “I&C programmable digital systems” in the text refer both to I&C and*the parts of electrical power systems covered by IEC 63046 which rely on digital programmable technology.*This document is intended for use in evaluating or changing established NPP security*programmes for I&C programmable digital systems, and in establishing new programmes.*This document is applied to all NPP I&C programmable digital systems throughout the life*cycles of these systems, as specified in this document. It may also be applicable to other*types of nuclear facilities.*NOTE 2 – The term NPP is understood in its “physical site” meaning, NPP I&C programmable digital systems*including systems within the NPP buildings, but also systems in the nuclear plant switchyard, water treatment*facilities, etc.*1.3 Framework*The requirements and recommendations of this document are structured along three main*normative clauses.*Clause 5 deals with cybersecurity on the programme life-cycle level; its approach is*completely consistent with ISO/IEC 27001:2013. It is based on its structure and content,*which are when needed, adapted and completed to fit the nuclear context specificities.*Annex C provides a clause-to-clause correspondence table between the IEC 62645 structure*and the ISO/IEC 27001:2013 structure. When direct references to ISO/IEC 27001:2013*content are made, the following terminological substitutions are to be made:*– the terms “information security management system” used in the referenced ISO/IEC*27001:2013 content correspond to “I&C digital programmable system cybersecurity*program” in this document (as defined in Clause 3);*NOTE 1 – This document focuses on the part of the program, or the dedicated program, related to I&C. This can be*part of a larger program at the corporate level, which is out of the scope of this document.*– the term “information security” used in the referenced ISO/IEC 27001:2013 content*correspond to “cybersecurity” in this document (as defined in Clause 3);*– the terms “information security policy” used in the referenced ISO/IEC 27001:2013 content*correspond to “I&C digital programmable system policy” in this document.*NOTE 2 – Some subclauses of ISO/IEC 27001:2013 contain internal references to other subclauses of ISO/IEC*27001. When relevant, the references used in these subclauses are to be considered in the IEC 62645 context,*however, they do not reference IEC 62645 subclauses. See Annex C for help in the correspondences.*The subclauses related to the graded approach and security categorization are organized in a*similar way to IEC 61226.*Clause 6 deals with cybersecurity on a system life-cycle level. It is structured along the*system life-cycle of IEC 61513, adapted to take into account specifics of cybersecurity.*Clause 7 deals with cybersecurity at the cybersecurity control level. It provides the high level*principles of an approach consistent with ISO/IEC 27002:2013, further detailed in IEC 63096.*Additional requirements for software of systems supporting category A functions are provided*in IEC 60880 and IEC 62566. Additional requirements for software of systems supporting*category B and C functions are provided in IEC 62138.*This document also covers security requirements for I&C programmable digital systems which*are not in the scope of IEC 61513, IEC 60880, IEC 62138 and IEC 62566 but have a potential*impact on plant equipment, availability and performance.
Content Provider
Danish Standards [ds]