Most recent
DS/EN IEC 62859:2020
Nuclear power plants - Instrumentation and control systems - Requirements for coordinating safety and cybersecurity
This document provides a framework to manage the interactions between safety and*cybersecurity for nuclear power plant (NPP) systems, taking into account the current SC 45A*standards addressing these issues and the specifics of nuclear I&C programmable digital*systems.*NOTE – In this document (as in IEC 62645), cybersecurity relates to prevention of, detection of, and reaction to*malicious acts perpetrated by digital means (cyberattacks). In this context, it does not cover considerations related*to non-malevolent actions and events such as accidental failures, natural events or human errors (except those*degrading cybersecurity). Those aspects are of course of prime importance but they are covered by other SC 45A*documents and standards, and are not considered as cybersecurity related in this document.*This document establishes requirements and guidance to:*– integrate cybersecurity provisions in nuclear I&C architectures and systems, which are*fundamentally tailored for safety;*– avoid potential conflicts between safety and cybersecurity provisions;*– aid the identification and the leveraging of the potential synergies between safety and*cybersecurity.*This document is intended to be used for designing new NPPs, or modernizing existing NPPs,*throughout I&C programmable digital systems lifecycle. It is also applicable for assessing the*coordination between safety and cybersecurity of existing plants. It may also be applicable to*other types of nuclear facilities.*This document addresses I&C programmable digital systems important to safety and I&C*programmable digital systems not important to safety. It does not address programmable*digital systems dedicated to site physical security, room access control and site security*surveillance.*This document is limited to I&C programmable digital systems of NPPs, including their on-site*maintenance and configuration tools.*Annex A provides a rationale for and comments about the scope definition and the document*application, in particular about the exclusions and limitations previously mentioned.*This document comprises three normative clauses:*• Clause 5 deals with the overall I&C architecture;*• Clause 6 focuses on the system level;*• Clause 7 deals with organizational and operational issues.*
Danish Standards [ds]