GB/T 33009 Industrial Automation and Control System Security—Distributed Control System (DCS) and GB/T 33008 Industrial Automation and Control System Security—Programmable Logic Controller (PLC) jointly constitute the series standard in regard to industrial automation and control system security.
The following parts of GB/T 33008 are planned to be published under the general title of Industrial Automation and Control System Security—Programmable Logic Controller (PLC):
——Part 1: System Requirements;
——Part 2: Implementation Guideline for System Evaluation;
...
This part is Part 1 of GB/T 33008.
This part is developed in accordance with the rules given in GB/T 1.1-2009.
This part was proposed by the China Machinery Industry Federation.
This standard is under the jurisdiction of the National Technical Committee 124 on Industrial Process Measurement and Control of Standardization Administration of China (SAC/TC 124) and the National Technical Committee 260 on Information Technology Security of Standardization Administration of China (SAC/TC 260).
Drafting organizations of this part: HollySys Automation Technologies Ltd., Instrumentation Technology and Economy Institute, P.R.China, China Electronics Standardization Institute, State Grid Smart Grid Research Institute, China Nuclear Power Engineering Co., Ltd., Shanghai Automation Instrument Co., Ltd., Tsinghua University, Siemens Ltd. China, Schneider Electric China, Central Iron & Steel Research Institute, Huazhong University of Science and Technology, Beijing Austintec Co. Ltd., Rockwell Automation China, China Instrument and Control Society, The Fifth Electronics Research Institute of the Ministry of Industry and Information Technology, Kyland Technology Co., Ltd., Beijing Haitai Fangyuan Technologies Co,. Ltd., Tofino Security Technology Co., Ltd., Beijing GuoDianZhiShen Control Technology Co., Ltd., Beijing Likong Huacon Technologies Co., Ltd., Chongqing University of Posts and Telecommunications, Shenyang Institute of Automation Chinese Academy of Sciences, Southwest University, China Petroleum Pipeline Engineering Co., Ltd., Beijing Grace Network Technology Co., Ltd., Southwest Electric Power Design Institute, Beijing Venustech Co., Ltd., Guangdong Hangyu Satellite Technology Co., Ltd., North China Power Engineering Co., Ltd., HUAWEI Technologies Co., Ltd., The 30th Research Institute of China Electronics Technology Group Corporation, Shenzhen Maxonic Automation Control Co. Ltd., Yokogawa Beijing Development Center.
Chief drafters of this part: Wang Tao, Wang Yumin, Fan Kefeng, Liang Xiao, Sun Jing, Feng Dongqin, Zhu Yiming, Mei Ke, Wang Hao, Xu Aidong, Liu Feng, Wang Yijun, Zhang Jianjun, Xue Baihua, Xu Bin, Chen Xiaocong, Hua Rong, Gao Kunlun, Wang Xue, Zhou Chunjie, Zhang Li, Liu Jie, Liu Anzheng, Tian Yucong, Wei Qinzhi, Ma Xinxin, Wang Yong, Du Jialin, Chen Rigang, Ding Lu, Li Rui, Liu Wenlong, Meng Yahui, Liu Limin, Hu Boliang, Kong Yong, Huang Min, Zhu Jingling, Zhang Zhi, Zhang Jianxun, Lan Kun, Zhang Jinbin, Cheng Jixun, Shang Wenli, Zhong Cheng, Liang Meng, Chen Xiaofeng, Bu Zhijun, Li Lin, Yang Yingliang, Yang Lei.
Industrial Automation and Control System Security—Programmable Logic Controller (PLC)—Part 1: System Requirements
1 Scope
This part of GB/T 33008 specifies the security requirements of programmable controller system, including those of communications, direct or indirect, between PLC and other systems.
This part is applicable to engineering designer, equipment manufacturer, system integrator, user, and assessment & certification body, etc.
2 Normative References
The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
GB/T 30976.1-2014 Industrial Control System Security—Part 1: Assessment Specification
3 Terms, Definitions and Abbreviations
3.1 Terms and Definitions
For the purposes of this standard, the following terms and definitions apply.
3.1.1
programmable (logic) controller; PLC
digitally operating electronic system, designed for use in an industrial environment, which uses a programmable memory for the internal storage of user-oriented instructions for implementing specific functions such as logic, sequencing, timing, counting and arithmetic, to control, through digital or analogue inputs and outputs, various types of machines or processes. Both the PLC and its associated peripherals are such designed that they can be easily integrated into an industrial control system and easily used in all their intended functions.
Note: The abbreviation PLC is used in this standard to stand for programmable controllers, as is the common practice in the automation industry. The use of PC as an abbreviation for programmable controllers leads to confusion with personal computers.
[GB/T 15969.1-2007, Definition 3.5]
3.1.2
programmable controller system or PLC-system
user-built configuration, consisting of a programmable controller and associated peripherals, that is necessary for the intended automated system. It consists of units interconnected by cables or plug-in connections for permanent installation and by cables or other means for portable and transportable peripherals.
[GB/T 15969.1-2007, Definition 3.6]
3.1.3
vulnerability
defect or weakness in terms of system design, implementation or operation and management, which may be improperly used to compromise the system integrity or security policy
[GB/T 30976.1-2014, Definition 3.1.1]
3.1.4
identify
identification and discrimination of a certain assessment factor
[GB/T 30976.1-2014, Definition 3.1.2]
3.1.5
acceptance
a method used to end the project implementation in risk assessment activities, namely, the organization will, under the organization of the assessed party, inspect and accept the assessment activities one by one based on whether the assessment objectives are met
[GB/T 30976.1-2014, Definition 3.1.4]
3.1.6
risk treatment
process of selecting and implementing the measures to change the risk
[GB/T 30976.1-2014, Definition 3.1.5]
3.1.7
residual risk
risk remained after risk treatment
[GB/T 30976.1-2014, Definition 3.1.6]
3.1.8
risk analysis
identification of risk source and estimation of risk in a systematic way using the information
[GB/T 30976.1-2014, Definition 3.1.8]
3.1.9
risk assessment
overall process of risk analysis and risk assessment
[GB/T 30976.1-2014, Definition 3.1.9]
3.1.10
risk management
coordinated activities to direct and control an organization with regard to risk
[GB/T 30976.1-2014, Definition 3.1.10]
3.1.11
security
a) measures taken by the protection system;
b) system status as a result of measures for establishing and maintaining the protection system;
c) status of system resources exempt from unauthorized access and unauthorized or unexpected change, damage or loss;
d) capable of providing adequate assurance based on the PLC system capability to prevent unauthorized personnel and system from modifying the software and its data and from accessing the system functions, and simultaneously ensuring the authorized personnel and system will not be prevented;
e) capable of preventing against illegal or harmful intrusion into the PLC system or interference with correct and planned operations.
Note 1: The measures may be control means in regard to physical security (assets for controlling physical access to computer) or logic security (capability of logging into the given system and application).
Note 2: It is revised from GB/T 30976.1-2014, Definition 3.1.14.
3.2 Abbreviations
For the purposes of this document, the following abbreviations apply.
PLC: Programmable (Logic) Controller
FR: Foundational Requirement
SR: System Requirement
RE: Requirement Enhancement
PKI: Public Key Infrastructure
CA: Certificate Authority
CL: Capability Level
USB: Universal Serial Bus
ID: Identification
API: Application Programming Interface
4 Overview of PLC Security
4.1 General
This part, in relation to security requirements of PLC system, only and mainly describes the risk contents and security requirements, security management, detection and acceptance, providing basis and guidelines for PLC security. PLC security is in connection with engineering design, management, environmental conditions and other factors. PLC system security shall cover all system-related activities at all stages of the whole life cycle of the system, such as design & development, installation, operation & maintenance, withdrawal, etc. Changes of risk the system has faced within the whole life cycle shall be identified and the PLC system security risk shall be minimized or reduced to an acceptable level in the aspect of technology and management.
4.2 Overview of Security-related Contents
4.2.1 Hazard source
Hazard source mainly includes access point of non-secure equipment, system and network. Hazard source may come from both interior and exterior of the PLC system. Security threat may do harm to the receptor through hazard lead-in point and transmission route. The hazard lead-in point may be classified into, but not limited to, the following categories:
a) Network communication connection point:
For example: open network connection of PLC system, other network connection interconnected with PLC system through private network, remote technical support and access point, wireless access point, Internet or IoT connection;
b) Mobile media:
For example: USB device, CD, mobile hard disk, etc.;
c) Improper operation:
For example: malicious attack, unconscious misoperation, etc.;
d) Third-party equipment:
For example: infected industrial control system and other site equipment.
4.2.2 Transmission route
Hazard source may do harm to the receptor through transmission route. Generally, single transmission route may be identified, but in most cases, a complete transmission route is composed of several single types of transmission routes. The transmission route is generally classified into, but not limited to, the following categories:
a) External public network, e.g. Internet, Wi-Fi;
b) Local area network (looped network, point-to-point, wireless communication);
c) Mobile storage device.
4.2.3 Environmental conditions
Restriction factors of environmental conditions shall be taken into consideration for PLC system security; especially for industrial automation control system in service, influences of site testing and introduction of security technical measures on normal production process shall be considered.
4.2.4 System capability level (CL)
System capability level is as follows:
a) CL1: provide mechanism protection control system to prevent accidental or light attack.
b) CL2: provide mechanism protection control system to prevent intentional attack that may achieve minor damage using fewer resources by simple means of common technology.
c) CL3: provide mechanism protection control system to prevent malicious attack that may achieve major damage using medium amount of resources by complicated means of PLC special technology.
d) CL4: provide mechanism protection control system to prevent malicious attack that may achieve severe damage using expansion resources by complicated means and tools of PLC special technology.
GB/T 33009 Industrial Automation and Control System Security—Distributed Control System (DCS) and GB/T 33008 Industrial Automation and Control System Security—Programmable Logic Controller (PLC) jointly constitute the series standard in regard to industrial automation and control system security.
The following parts of GB/T 33008 are planned to be published under the general title of Industrial Automation and Control System Security—Programmable Logic Controller (PLC):
——Part 1: System Requirements;
——Part 2: Implementation Guideline for System Evaluation;
...
This part is Part 1 of GB/T 33008.
This part is developed in accordance with the rules given in GB/T 1.1-2009.
This part was proposed by the China Machinery Industry Federation.
This standard is under the jurisdiction of the National Technical Committee 124 on Industrial Process Measurement and Control of Standardization Administration of China (SAC/TC 124) and the National Technical Committee 260 on Information Technology Security of Standardization Administration of China (SAC/TC 260).
Drafting organizations of this part: HollySys Automation Technologies Ltd., Instrumentation Technology and Economy Institute, P.R.China, China Electronics Standardization Institute, State Grid Smart Grid Research Institute, China Nuclear Power Engineering Co., Ltd., Shanghai Automation Instrument Co., Ltd., Tsinghua University, Siemens Ltd. China, Schneider Electric China, Central Iron & Steel Research Institute, Huazhong University of Science and Technology, Beijing Austintec Co. Ltd., Rockwell Automation China, China Instrument and Control Society, The Fifth Electronics Research Institute of the Ministry of Industry and Information Technology, Kyland Technology Co., Ltd., Beijing Haitai Fangyuan Technologies Co,. Ltd., Tofino Security Technology Co., Ltd., Beijing GuoDianZhiShen Control Technology Co., Ltd., Beijing Likong Huacon Technologies Co., Ltd., Chongqing University of Posts and Telecommunications, Shenyang Institute of Automation Chinese Academy of Sciences, Southwest University, China Petroleum Pipeline Engineering Co., Ltd., Beijing Grace Network Technology Co., Ltd., Southwest Electric Power Design Institute, Beijing Venustech Co., Ltd., Guangdong Hangyu Satellite Technology Co., Ltd., North China Power Engineering Co., Ltd., HUAWEI Technologies Co., Ltd., The 30th Research Institute of China Electronics Technology Group Corporation, Shenzhen Maxonic Automation Control Co. Ltd., Yokogawa Beijing Development Center.
Chief drafters of this part: Wang Tao, Wang Yumin, Fan Kefeng, Liang Xiao, Sun Jing, Feng Dongqin, Zhu Yiming, Mei Ke, Wang Hao, Xu Aidong, Liu Feng, Wang Yijun, Zhang Jianjun, Xue Baihua, Xu Bin, Chen Xiaocong, Hua Rong, Gao Kunlun, Wang Xue, Zhou Chunjie, Zhang Li, Liu Jie, Liu Anzheng, Tian Yucong, Wei Qinzhi, Ma Xinxin, Wang Yong, Du Jialin, Chen Rigang, Ding Lu, Li Rui, Liu Wenlong, Meng Yahui, Liu Limin, Hu Boliang, Kong Yong, Huang Min, Zhu Jingling, Zhang Zhi, Zhang Jianxun, Lan Kun, Zhang Jinbin, Cheng Jixun, Shang Wenli, Zhong Cheng, Liang Meng, Chen Xiaofeng, Bu Zhijun, Li Lin, Yang Yingliang, Yang Lei.
Industrial Automation and Control System Security—Programmable Logic Controller (PLC)—Part 1: System Requirements
1 Scope
This part of GB/T 33008 specifies the security requirements of programmable controller system, including those of communications, direct or indirect, between PLC and other systems.
This part is applicable to engineering designer, equipment manufacturer, system integrator, user, and assessment & certification body, etc.
2 Normative References
The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
GB/T 30976.1-2014 Industrial Control System Security—Part 1: Assessment Specification
3 Terms, Definitions and Abbreviations
3.1 Terms and Definitions
For the purposes of this standard, the following terms and definitions apply.
3.1.1
programmable (logic) controller; PLC
digitally operating electronic system, designed for use in an industrial environment, which uses a programmable memory for the internal storage of user-oriented instructions for implementing specific functions such as logic, sequencing, timing, counting and arithmetic, to control, through digital or analogue inputs and outputs, various types of machines or processes. Both the PLC and its associated peripherals are such designed that they can be easily integrated into an industrial control system and easily used in all their intended functions.
Note: The abbreviation PLC is used in this standard to stand for programmable controllers, as is the common practice in the automation industry. The use of PC as an abbreviation for programmable controllers leads to confusion with personal computers.
[GB/T 15969.1-2007, Definition 3.5]
3.1.2
programmable controller system or PLC-system
user-built configuration, consisting of a programmable controller and associated peripherals, that is necessary for the intended automated system. It consists of units interconnected by cables or plug-in connections for permanent installation and by cables or other means for portable and transportable peripherals.
[GB/T 15969.1-2007, Definition 3.6]
3.1.3
vulnerability
defect or weakness in terms of system design, implementation or operation and management, which may be improperly used to compromise the system integrity or security policy
[GB/T 30976.1-2014, Definition 3.1.1]
3.1.4
identify
identification and discrimination of a certain assessment factor
[GB/T 30976.1-2014, Definition 3.1.2]
3.1.5
acceptance
a method used to end the project implementation in risk assessment activities, namely, the organization will, under the organization of the assessed party, inspect and accept the assessment activities one by one based on whether the assessment objectives are met
[GB/T 30976.1-2014, Definition 3.1.4]
3.1.6
risk treatment
process of selecting and implementing the measures to change the risk
[GB/T 30976.1-2014, Definition 3.1.5]
3.1.7
residual risk
risk remained after risk treatment
[GB/T 30976.1-2014, Definition 3.1.6]
3.1.8
risk analysis
identification of risk source and estimation of risk in a systematic way using the information
[GB/T 30976.1-2014, Definition 3.1.8]
3.1.9
risk assessment
overall process of risk analysis and risk assessment
[GB/T 30976.1-2014, Definition 3.1.9]
3.1.10
risk management
coordinated activities to direct and control an organization with regard to risk
[GB/T 30976.1-2014, Definition 3.1.10]
3.1.11
security
a) measures taken by the protection system;
b) system status as a result of measures for establishing and maintaining the protection system;
c) status of system resources exempt from unauthorized access and unauthorized or unexpected change, damage or loss;
d) capable of providing adequate assurance based on the PLC system capability to prevent unauthorized personnel and system from modifying the software and its data and from accessing the system functions, and simultaneously ensuring the authorized personnel and system will not be prevented;
e) capable of preventing against illegal or harmful intrusion into the PLC system or interference with correct and planned operations.
Note 1: The measures may be control means in regard to physical security (assets for controlling physical access to computer) or logic security (capability of logging into the given system and application).
Note 2: It is revised from GB/T 30976.1-2014, Definition 3.1.14.
3.2 Abbreviations
For the purposes of this document, the following abbreviations apply.
PLC: Programmable (Logic) Controller
FR: Foundational Requirement
SR: System Requirement
RE: Requirement Enhancement
PKI: Public Key Infrastructure
CA: Certificate Authority
CL: Capability Level
USB: Universal Serial Bus
ID: Identification
API: Application Programming Interface
4 Overview of PLC Security
4.1 General
This part, in relation to security requirements of PLC system, only and mainly describes the risk contents and security requirements, security management, detection and acceptance, providing basis and guidelines for PLC security. PLC security is in connection with engineering design, management, environmental conditions and other factors. PLC system security shall cover all system-related activities at all stages of the whole life cycle of the system, such as design & development, installation, operation & maintenance, withdrawal, etc. Changes of risk the system has faced within the whole life cycle shall be identified and the PLC system security risk shall be minimized or reduced to an acceptable level in the aspect of technology and management.
4.2 Overview of Security-related Contents
4.2.1 Hazard source
Hazard source mainly includes access point of non-secure equipment, system and network. Hazard source may come from both interior and exterior of the PLC system. Security threat may do harm to the receptor through hazard lead-in point and transmission route. The hazard lead-in point may be classified into, but not limited to, the following categories:
a) Network communication connection point:
For example: open network connection of PLC system, other network connection interconnected with PLC system through private network, remote technical support and access point, wireless access point, Internet or IoT connection;
b) Mobile media:
For example: USB device, CD, mobile hard disk, etc.;
c) Improper operation:
For example: malicious attack, unconscious misoperation, etc.;
d) Third-party equipment:
For example: infected industrial control system and other site equipment.
4.2.2 Transmission route
Hazard source may do harm to the receptor through transmission route. Generally, single transmission route may be identified, but in most cases, a complete transmission route is composed of several single types of transmission routes. The transmission route is generally classified into, but not limited to, the following categories:
a) External public network, e.g. Internet, Wi-Fi;
b) Local area network (looped network, point-to-point, wireless communication);
c) Mobile storage device.
4.2.3 Environmental conditions
Restriction factors of environmental conditions shall be taken into consideration for PLC system security; especially for industrial automation control system in service, influences of site testing and introduction of security technical measures on normal production process shall be considered.
4.2.4 System capability level (CL)
System capability level is as follows:
a) CL1: provide mechanism protection control system to prevent accidental or light attack.
b) CL2: provide mechanism protection control system to prevent intentional attack that may achieve minor damage using fewer resources by simple means of common technology.
c) CL3: provide mechanism protection control system to prevent malicious attack that may achieve major damage using medium amount of resources by complicated means of PLC special technology.
d) CL4: provide mechanism protection control system to prevent malicious attack that may achieve severe damage using expansion resources by complicated means and tools of PLC special technology.
