Beruflich Dokumente
Kultur Dokumente
5 296
Featured Articles
Trends and Developments in Security Standards for Secure
Social Infrastructure Systems
- 87 -
297 Trends and Developments in Security Standards for Secure Social Infrastructure Systems
SSA: System Security Assurance EDSA: Embedded Device Security Assurance NERC: North American Electric Reliability Corporation
CIP: Critical Infrastructure Protection IAEA: International Atomic Energy Agency NISTIR: National Institute of Standards and Technology Interagency Report
RAMS: reliability, availability, maintainability and safety
Common Criteria (ISO/IEC 15408(1)) is utilized in the also issued a cybersecurity framework(7). While this
procurement of security related products. In order to framework is not legally binding, it does act as a
counter the same threats as exist in the IT field, many guideline for ensuring corporate security, and the trend
control system security standards reference physical towards treating this guideline as a de facto standard
security standards(2) as well as IT security standards. must be noted.
Of these interrelated standards, this article will focus Although they are lagging a bit behind the industry
in particular on trends in control system security standards, international standards are being launched.
standards. At present, work is being done on consolidating
Fig. 1 shows an overview of international and the IEC 62443 standards, which address control
industry standards regarding control system security. systems overall. Also, in order to protect the crucial
The diagram indicates which standards in each field infrastructure of power systems, the US government
are international, and which are industry standards. has prepared the North American Electric Reliability
In addition to security standards, functional safety Corporation (NERC) Critical Infrastructure Protection
standards with a close relationship to the safe (CIP)(8) as a security standard for the power industry,
operation of control systems are included. and the standard has already gone into effect.
Starting in the 2000s, standards came together Hitachi has established guidelines for the secure
comparatively quickly in each industry, in response construction of control systems based on the
to the demands of control system user. In the specifications demanded by these standards. In order
diagram, this would be the ISASecure standard(3), to construct a system whereby continuous security
the WIB standard(4), and Achilles certification(5). In measures are possible, these guidelines are utilized
many cases, certification frameworks have also been while following the security implementation policy
provided along with the standards. These companies for control systems as described in the featured article
and organizations are in the business of guaranteeing “Control System Security for Social Infrastructure”
that products that comply with the standards achieve (see p. 277 in this issue).
a certain level.
As a related trend, the president of the USA is IEC 62443
moving forward with security efforts in the area of IEC 62443 is a series of international standards that
countering the threat of cyber-attacks(6). The National is drawing attention. The overall framework is shown
Institute of Standards and Technology (NIST) has in Table 1.
- 88 -
Hitachi Review Vol. 63 (2014), No. 5 298
- 89 -
299 Trends and Developments in Security Standards for Secure Social Infrastructure Systems
and countermeasures are selected and adopted [see Fig. 3—CSMS Achievement Flowchart.
(5) in the diagram]. After adoption, whether or not Procedures are stipulated for control system risk assessment
the organization conforms with CSMS policies and and security maintenance management.
- 90 -
Hitachi Review Vol. 63 (2014), No. 5 300
- 91 -