Most recent
DS/IEC TS 62443-1-1:2009
Industrial communication networks - Network and system security - Part 1-1: Terminology, concepts and models
1.1 General*This part of the IEC 62443 series is a technical specification which defines the terminology,*concepts and models for Industrial Automation and Control Systems (IACS) security. It*establishes the basis for the remaining standards in the IEC 62443 series.*To fully articulate the systems and components the IEC 62443 series address, the range of*coverage may be defined and understood from several perspectives, including the following:*a) range of included functionality;*b) specific systems and interfaces;*c) criteria for selecting included activities;*d) criteria for selecting included assets.*Each of these is described in the following subclauses:*1.2 Included functionality*The scope of this technical specification can be described in terms of the range of functionality*within an organization’s information and automation systems. This functionality is typically*described in terms of one or more models.*This technical specification focuses primarily on industrial automation and control, as described*in a reference model (see Clause 6). Business planning and logistics systems are not explicitly*addressed within the scope of this technical specification, although the integrity of data*exchanged between business and industrial systems is considered.*Industrial automation and control includes the supervisory control components typically found in*process industries. It also includes SCADA (Supervisory Control and Data Acquisition) systems*that are commonly used by organizations that operate in critical infrastructure industries. These*include the following:*a) electricity transmission and distribution;*b) gas and water distribution networks;*c) oil and gas production operations;*d) gas and liquid transmission pipelines.*This is not an exclusive list. SCADA systems may also be found in other critical and non-critical*infrastructure industries.*1.3 Systems and interfaces*In encompassing all IACS, this technical specification covers systems that can affect or*influence the safe, secure, and reliable operation of industrial processes. They include, but are*not limited to: *a) Industrial control systems and their associated communications networks1, including*distributed control systems (DCSs), programmable logic controllers (PLCs), remote terminal*units (RTUs), intelligent electronic devices, SCADA systems, networked electronic sensing*and control, metering and custody transfer systems, and monitoring and diagnostic*systems. (In this context, industrial control systems include basic process control system*and Safety-Instrumented System (SIS) functions, whether they are physically separate or*integrated.)*b) Associated systems at level 3 or below of the reference model described in Clause 6.*Examples include advanced or multivariable control, online optimizers, dedicated*equipment monitors, graphical interfaces, process historians, manufacturing execution*systems, pipeline leak detection systems, work management, outage management, and*electricity energy management systems.*c) Associated internal, human, network, software, machine or device interfaces used to*provide control, safety, manufacturing, or remote operations functionality to continuous,*batch, discrete, and other processes.*1.4 Activity-based criteria*IEC 62443-2-12 provides criteria for defining activities associated with manufacturing*operations. A similar list has been developed for determining the scope of this technical*specification. A system should be considered to be within the range of coverage of the*IEC 62443 series if the activity it performs is necessary for any of the following:*a) predictable operation of the process;*b) process or personnel safety;*c) process reliability or availability;*d) process efficiency;*e) process operability;*f) product quality;*g) environmental protection;*h) regulatory compliance;*i) product sales or custody transfer.*1.5 Asset-based criteria*The coverage of this technical specification includes those systems in assets that meet any of*the following criteria, or whose security is essential to the protection of other assets that meet*these criteria:*a) The asset has economic value to a manufacturing or operating process.*b) The asset performs a function necessary to operation of a manufacturing or operating*process.*c) The asset represents intellectual property of a manufacturing or operating process.*d) The asset is necessary to operate and maintain security for a manufacturing or operating*process.*e) The asset is necessary to protect personnel, contractors, and visitors involved in a*manufacturing or operating process.*f) The asset is necessary to protect the environment.*g) The asset is necessary to protect the public from events caused by a manufacturing or*operating process.*h) The asset is a legal requirement, especially for security purposes of a manufacturing or*operating process.*i) The asset is needed for disaster recovery.*j) The asset is needed for logging security events.*This range of coverage includes systems whose compromise could result in the endangerment*of public or employees health or safety, loss of public confidence, violation of regulatory*requirements, loss or invalidation of proprietary or confidential information, environmental*contamination, and/or economic loss or impact on an entity or on local or national security.
Danish Standards [ds]