cybersecurity for iacs - overview · cybersecurity for iacs -overview version 1.0 effective date:...

Cybersecurity for IACS - Overview

T MU SY 10010 ST

Standard

Version 1.0

Issue date: 25 May 2018

Effective date: 01 July 2018

© State of NSW through Transport for NSW 2018

T MU SY 10010 ST Cybersecurity for IACS - Overview

Version 1.0 Effective date: 01 July 2018

Important message This document is one of a set of standards developed solely and specifically for use on

Transport Assets (as defined in the Asset Standards Authority Charter). It is not suitable for any

other purpose.

The copyright and any other intellectual property in this document will at all times remain the

property of the State of New South Wales (Transport for NSW).

You must not use or adapt this document or rely upon it in any way unless you are providing

products or services to a NSW Government agency and that agency has expressly authorised

you in writing to do so. If this document forms part of a contract with, or is a condition of

approval by a NSW Government agency, use of the document is subject to the terms of the

contract or approval. To be clear, the content of this document is not licensed under any

Creative Commons Licence.

This document may contain third party material. The inclusion of third party material is for

illustrative purposes only and does not represent an endorsement by NSW Government of any

third party product or service.

If you use this document or rely upon it without authorisation under these terms, the State of

New South Wales (including Transport for NSW) and its personnel does not accept any liability

to you or any other person for any loss, damage, costs and expenses that you or anyone else

may suffer or incur from your use and reliance on the content contained in this document. Users

should exercise their own skill and care in the use of the document.

This document may not be current and is uncontrolled when printed or downloaded. Standards

may be accessed from the Transport for NSW website at www.transport.nsw.gov.au

For queries regarding this document, please email the ASA at [email protected] or visit www.transport.nsw.gov.au © State of NSW through Transport for NSW 2018



Standard governance

Owner: Lead Telecommunications Engineer, Asset Standards Authority

Authoriser: Chief Engineer, Asset Standards Authority

Approver: Executive Director, Asset Standards Authority on behalf of the ASA Configuration Control Board

Document history

Version Summary of changes

1.0 First issue.

© State of NSW through Transport for NSW 2018 of 23



Preface

The Asset Standards Authority (ASA) is a key strategic branch of Transport for NSW (TfNSW).

As the network design and standards authority for NSW Transport Assets, as specified in the

ASA Charter, the ASA identifies, selects, develops, publishes, maintains and controls a suite of

requirements documents on behalf of TfNSW, the asset owner.

The ASA deploys TfNSW requirements for asset and safety assurance by creating and

managing TfNSW's governance models, documents and processes. To achieve this, the ASA

focuses on four primary tasks:

• publishing and managing TfNSW's process and requirements documents including TfNSW

plans, standards, manuals and guides

• deploying TfNSW's Authorised Engineering Organisation (AEO) framework

• continuously improving TfNSW’s Asset Management Framework

• collaborating with the Transport cluster and industry through open engagement

The AEO framework authorises engineering organisations to supply and provide asset related

products and services to TfNSW. It works to assure the safety, quality and fitness for purpose of

those products and services over the asset's whole-of-life. AEOs are expected to demonstrate

how they have applied the requirements of ASA documents, including TfNSW plans, standards

and guides, when delivering assets and related services for TfNSW.

Compliance with ASA requirements by itself is not sufficient to ensure satisfactory outcomes for

NSW Transport Assets. The ASA expects that professional judgement be used by competent

personnel when using ASA requirements to produce those outcomes.

About this document

This document forms part of a series of cybersecurity for industrial automation and control

systems (IACS) standards.

This document provides an overview of the cybersecurity for IACS series of standards and

standardises the adoption and application of the IEC 62443 series of standards for the

cybersecurity of IACS for TfNSW Transport Network. This document describes the tailored

conformance of certain parts of IEC 62443.

This document has been prepared by the ASA in consultation with TfNSW agencies and

industry representatives.

This document has been informed by concepts contained in IEC/TS 62443-1-1 Industrial

communication networks - Network and system security - Part 1-1: Terminology, concepts and

models and includes extracts from that standard.




The ASA thanks the International Electrotechnical Commission (IEC) for permission to

reproduce information from its international standards. All such extracts are copyright of IEC,

Geneva, Switzerland. All rights reserved.

Further information on the IEC is available from www.iec.ch.

IEC has no responsibility for the placement and context in which the extracts and contents are

reproduced by the author, nor is IEC in any way responsible for the other content or accuracy

therein.

This document is a first issue.




Table of contents 1. Introduction .............................................................................................................................................. 7

2. Purpose .................................................................................................................................................... 8 2.1. Scope ..................................................................................................................................................... 8 2.2. Application ............................................................................................................................................. 8

3. Reference documents ............................................................................................................................. 8

4. Terms and definitions ........................................................................................................................... 10

5. Overview of cybersecurity for IACS series of standards .................................................................. 11

6. Tailored conformance of IEC 62443 parts ........................................................................................... 12 6.1. Tailored conformance of IEC/TS 62443 Part: 1-1 ............................................................................... 12 6.2. Tailored conformance of IEC 62443 Part: 3-2 ..................................................................................... 13 6.3. Tailored conformance of IEC 62443 Part: 3-3 ..................................................................................... 13

7. Cyber risk management and Transport standards ............................................................................ 13

8. Reference models .................................................................................................................................. 14 8.1. Functional hierarchy reference model ................................................................................................. 14 8.2. Security zones and conduits reference model..................................................................................... 15

9. Glossary of terms and definitions ....................................................................................................... 20




1. Introduction As the Transport for NSW (TfNSW) Transport Network modernises, expands and develops, the

exposure to, and the challenge of managing cybersecurity risks grows. In particular, risks of

attack to industrial automation and control systems (IACS), such as signalling systems, train

control systems, supervisory control and data acquisition (SCADA) systems, intelligent transport

systems and operational management systems need to be managed.

TfNSW defines cyber risk as being the potential for unauthorised use, disclosure, damage or

disruption to assets through the use of technology.

Australia’s Cybersecurity Strategy sets out the Australian Government program to raise the bar

on cybersecurity performance. The strategy has noted that both public sector and private sector

organisations should better understand cyber risks and provide stronger cyber defences.

Foundational to the NSW Government NSW Digital Government Strategy is that NSW

Government systems are secure and resilient through the consistent application of minimum

cybersecurity standards.

Further to this, the NSW Government Digital Information Security Policy (DISP) establishes the

NSW Government security requirements for digital information and is based on

ISO/IEC 27001 Information technology - Security techniques - Information security management

systems - Requirements. However the DISP is limited in its scope to digital information and

information and communication technology.

Compliance with DISP alone is not sufficient for IACS on the TfNSW Transport Network as

attacks on IACS – unlike enterprise systems – may have significant and immediate health and

safety, environmental, customer experience and operational impacts to the provision of

transport services.

In this context, the Asset Standards Authority (ASA), on behalf of TfNSW has developed a

series of standards for the cybersecurity of IACS.

Consistent with Australian Government and NSW Government approaches, a hybrid approach

is used consisting of minimum cybersecurity requirements supplemented by risk-based controls

developed using a tailored cybersecurity risk assessment procedure.

The ASA has adopted the IEC 62443 series of standards; however, conformance to certain

parts has been tailored to suit the needs of TfNSW. The tailored conformance is explained in

Section 6.

The ASA considers the IEC 62443 series of standards to be suitable for IACS on the TfNSW

Transport Network for the following reasons:

• international open standard with broad participation and adoption from IACS product

suppliers




• specifically addresses IACS

• contains a full suite from policies and procedures, systems and components

• aligned to ISO/IEC 27001 and other frameworks and standards

2. PurposeThis document provides an overview of the cybersecurity for IACS series of standards and

forms part of the series.

This document establishes a common reference of technical information for cybersecurity for

IACS across TfNSW, its agencies and Authorised Engineering Organisations (AEOs).

2.1. Scope This document covers the overview of the series of standards for cybersecurity for IACS.

This document describes the tailored conformance to parts of IEC 62443. It also describes the

cybersecurity concepts and models and standardises the glossary of cybersecurity terms and

definitions.

This series of standards addresses IACS as defined by the functional hierarchy reference model

for enterprise and control systems as described in IEC 62264-1 Enterprise-control system

integration – Part 1: Models and terminology and IEC/TS 62443-1-1.

This document does not explicitly address enterprise systems.

This document does not address the cybersecurity governance arrangement of the asset

owner, including the operator and maintainer.

2.2. Application This document applies to the asset owners, system integrators and product suppliers of IACS

systems.

This document shall be read in conjunction with IEC 62443 series of standards.

3. Reference documentsThe following documents are cited in the text. For dated references, only the cited edition

applies. For undated references, the latest edition of the referenced document applies.

International standards

IEC 62264-1 Enterprise-control system integration – Part 1: Models and terminology

IEC/TS 62443-1-1 Industrial communication networks - Network and system security - Part 1-1:

Terminology, concepts and models




IEC 62443-2-1 Industrial communication networks - Network and system security - Part 2-1:

Establishing an industrial automation and control system security program

IEC 62443-3-3 Industrial communication networks - Network and system security - Part 3-3:

System security requirements and security levels

ISO/IEC 27001:2005 Information technology - Security techniques - Information security

management systems - Requirements

Australian standards

AS/NZS ISO 31000 Risk management – Principles and guidelines

Transport for NSW standards

TS 10753: 2014 Assurance and Governance Plan Requirements

T MU AM 04001 PL TfNSW Configuration Management Plan

T MU AM 06006 ST Systems Engineering

T MU AM 06008 ST Operations Concept Definition

T MU AM 06009 ST Maintenance Concept Definition

T MU MD 20001 ST System Safety Standard for New or Altered Assets

T MU SY 10012 ST Cybersecurity for IACS - Baseline Technical Cybersecurity System

Requirements and Countermeasures

T MU SY 10013 PR Cybersecurity for IACS - Cyber Risk Management Procedure

Legislation

Rail Safety National Law National Regulations 2012 (NSW)

Transport Administration Act 1988

Other reference documents

Commonwealth of Australia, Department of the Prime Minister and Cabinet, Australia’s Cyber

Security Strategy

Commonwealth of Australia Australian Cyber Security Centre Threat Report

Commonwealth of Australia CERT Australia ICS Remote Access Protocol

NSW Government Department of Finance, Services and Innovation, Digital Information Security

Policy

Senate of the United States Bill S.1691 — 115th Congress (2017-2018) Internet of Things (IoT)

Cybersecurity Improvement Act of 2017




4. Terms and definitions The following terms and definitions apply in this document:

ASA Asset Standards Authority

asset owner individual or company responsible for one or more IACS (IEC 62443-3-3 ed.1.0)

automation solution control system and any complementary hardware and software

components that have been installed and configured to operate in an IACS (IEC 62443-2-4

ed.1.0)

cyber risk the potential for unauthorised use, disclosure, damage or disruption to assets

through the use of technology

cybersecurity actions required to preclude unauthorized use of, denial of service to,

modifications to, disclosure of, loss of revenue from, or destruction of critical systems or

informational assets (IEC/TS 62443-1-1 ed.1.0)

DISP Digital Information Security Policy

IACS industrial automation and control systems; collection of personnel, hardware, and

software that can affect or influence the safe, secure, and reliable operation of an industrial

process (IEC/TS 62443-1-1 ed.1.0)

product supplier manufacturer of hardware and/or software product (IEC 62443-3-3 ed.1.0)

SuC system under consideration

system integrator person or company that specializes in bringing together component

subsystems into a whole and ensuring that those subsystems perform in accordance with

project specifications (IEC 62443-3-3 ed.1.0)

All definitions from IEC/TS 62443-1-1 ed.1.0 are Copyright © 2009 IEC Geneva,

Switzerland. www.iec.ch

All definitions from IEC 62443-2-4 ed.1.0 are Copyright © 2017 IEC Geneva,




Transport Network the transport system (transport services and transport infrastructure)

owned and operated by TfNSW, its operating agencies or private entities upon which TfNSW

has power to exercise its functions as conferred by the Transport Administration Act or any

other Act.




5. Overview of cybersecurity for IACS series of standards TfNSW has adopted the IEC 62443 series of standards for the cybersecurity of IACS; however,

certain parts of IEC 62443 have been tailored.

Note: The IEC 62443 series is being jointly developed by the IEC and International

Society of Automation (ISA) and is under active development. Not all of the parts of

the series have been published.

All published parts of IEC 62443 series shall be complied with at the time of application of this

standard.

The cybersecurity for IACS series of standards aim to achieve the following:

• standardise cybersecurity terminologies, concepts and models across TfNSW, agencies

and Authorised Engineering Organisations (AEOs)

• standardise the baseline technical cybersecurity system requirements and

countermeasures that protect against casual and coincidental violations and intentional

violation using simple means

• standardise the cyber risk management procedure to align with the IEC 62443 series and

TfNSW risk criteria

This series supports compliance to AS/NZS ISO 31000 Risk management – Principles and

guidelines and the IEC 62443 series.

The IACS series of standards applies to IACS that provide functions necessary for achieving the

business objectives and functions as stated in the Transport Administration Act 1988.

This series applies to the plan, acquire and operate/maintain stages of the asset life cycle.

This series applies to new systems and automation solutions.

This series applies to new subsystems or products integrated into an existing automation

solution as part of a configuration change.

The asset owner may direct the retrospective application of this document to an existing

automation solution.

This series applies to IACS as defined by the functional hierarchy reference model for

enterprise and control systems as described in IEC 62264-1 Enterprise-control system

integration – Part 1: Models and terminology and IEC/TS 62443-1-1.

This series applies to the following levels as defined within the reference model:

• level 1 local or basic control systems, level 2 supervisory control systems and level 3

operations management systems




• interfaces between level 3 operations management systems and level 4 enterprise systems

• may be applied to level 4 enterprise systems

The allocation to levels within the functional hierarchy reference model to a system or

subsystem is the responsibility of the asset owner. The functional hierarchy model is explained

in Section 8.1.

Note: Standards for the security of enterprise systems and information technology are

developed by the People and Corporate Services division, TfNSW and owned by the

Group Chief Information Officer, TfNSW.

This series does not replace obligations to comply with applicable statutes, statutory licences,

policies and contractual requirements. This includes the NSW Government Digital Information

Security Policy (DISP).

Notes:

1. Parts from the IEC 62443 series can be used to support compliance to

ISO/IEC 27001 management systems and DISP

2. A mapping is provided between ISO/IEC 27001:2005 and IEC 62443-2-1 in

Annex C of IEC 62443-2-1

Some transport modes are subject to industry specific requirements. For example, in railway

applications this document supports railway transport operators’ compliance to the security

management plan requirements of the Rail Safety National Law 2012 (NSW).

6. Tailored conformance of IEC 62443 parts ASA intends to tailor the conformance of parts of the IEC 62443 series through the publication

of ASA standards.

Note: Tailored conformance of a part of IEC 62443 is not intended to conflict with the

base IEC 62443 part or series.

Where ASA has tailored the conformance of parts of IEC 62443, the ASA standards shall take

precedence over the base IEC 62443 parts.

6.1. Tailored conformance of IEC/TS 62443 Part: 1-1 ASA has tailored the conformance of IEC/TS 62443-1-1 Industrial communication networks -

Network and system security – Part: 1-1: Terminology, concepts and models.

This document tailors the conformance of IEC/TS 62443-1-1 in the following ways:

• adopts terminology from IEC/TS 62443-1-1




• aligns and maps terminology to risk and asset management terminologies used within

TfNSW

• provides informative examples and reference models for the functional hierarchy and

security zones and conduits

6.2. Tailored conformance of IEC 62443 Part: 3-2 IEC 62443 Part: 3-2 addresses system risk assessment and system design.

ASA intends to tailor the conformance of IEC 62443 Part: 3-2 following publication by the IEC.

T MU SY 10013 PR Cybersecurity for IACS - Cyber Risk Management Procedure has been

based on draft ISA committee work products to minimise future work.

6.3. Tailored conformance of IEC 62443 Part: 3-3 ASA has tailored the conformance of IEC 62443-3-3 Industrial communication networks -

Network and system security – Part: 3-3: System security requirements and security levels and

published as T MU SY 10012 ST Cybersecurity for IACS - Baseline Technical Cybersecurity

System Requirements and Countermeasures.

T MU SY 10012 ST tailors the conformance of IEC 62443-3-3 in the following ways:

• setting the minimum security level to 2

• specifying additional system requirements for portable and mobile devices and networks

7. Cyber risk management and Transport standards Cyber risks shall be identified and managed as part of risk management and engineering

management processes using this series of IACS standards.

Cyber risks shall be included in the application of all relevant ASA standards.

Standards of particular relevance include the following:

• TS 10753: 2014 Assurance and Governance Plan Requirements

• T MU AM 04001 PL TfNSW Configuration Management Plan

• T MU AM 06006 ST Systems Engineering

• T MU AM 06008 ST Operations Concept Definition

• T MU AM 06009 ST Maintenance Concept Definition

• T MU MD 20001 ST System Safety Standard for New or Altered Assets




Technical standards can also contain control requirements for cyber risks; however, the term

'cyber' may not have been explicitly used. Terms such as ‘information security’, ‘security’ or

‘hardening’ may have been used.

8. Reference models The reference models show the functional levels of IACS, the relationship between the IACS

and the enterprise systems, and a model for partitioning IACS into security zones and conduits.

The reference models shall be adapted to suit the specific system under consideration (SuC).

The reference models should be considered in the option and design development of the SuC.

8.1. Functional hierarchy reference model The functional hierarchy reference model described in IEC 62264-1 and IEC/TS 62443-1-1

should be used to classify systems.

Notes:

1. IEC/TS 62443-1-1 adopts and tailors the functional hierarchy reference model from

IEC 62264-1.

2. The functional hierarchy does not relate to technological or organisational divisions.

IACS functions typically operate in timeframes from sub-seconds at level 1 to days at level 3 of

the reference model as described in IEC 62264-1.

Table 1 provides a railway specific example of systems at level 0 to level 4 of the reference

model to provide transport context to the model.

Table 1 – Examples of systems classified using the functional hierarchy reference model

Level Description Examples

4 Enterprise systems Timetable management, crew scheduling, network and asset planning

3 Operations management systems Operations and incident management

2 Supervisory control systems Traffic management

1 Local or basic control systems Signalling interlocking

0 Process Train detection, signal, trainstop, points

The reference model is applicable to all transport modes, and the railway specific example is

not intended to limit the application of this document.




8.2. Security zones and conduits reference model The baseline cybersecurity system requirements defined in T MU SY 10012 ST include all

security level 2 (SL2) capabilities and additional context specific capabilities defined in

IEC 62443-3-3.

The security zones and conduits reference model depicted in Figure 1 and Figure 2 has been

developed to accommodate changes in the threat environment and the organisational risk

tolerance over time. The model does this by incorporating relevant system requirements for

security level 4 (SL4) capabilities as defined by IEC 62443-3-3.

Note: Studies have shown that costs associated with changes to systems, such as in

response to a change in the threat environment, escalate through the asset life cycle.

The model can be implemented using variety of conventional and software defined networking

protocols.

An overview of the model is depicted as follows in Figure 1:

• physical security zones using round-edged rectangles with solid lines

• logical security zones using round-edged rectangles with dotted lines

• security zones are not part of the SuC using hatched fill

• external conduits using solid lines

A detailed view of model is depicted as follows in Figure 2:

• physical security zones using round-edged rectangles with solid lines

• logical security zones using round-edged rectangles with dotted lines

• security zones are not part of the SuC using hatched fill

• external conduits using black lines with grey fill

• internal conduits using black lines with white fill

Note: The conduits in the model assume that networks are used; however some

conduits can use local mechanisms such as portable storage media.




SuC Field Loc. Zone

SuC Field Loc. Zone

SuC Internal Zone

(Primary)

SuC Internal Zone

(Primary)

SuCControl Centre

Zone(Primary)

SuCControl Centre

Zone(Primary)

SuCControl Centre

Zone(Secondary)

SuCControl Centre

Zone(Secondary)

SuC InternalZone

(Secondary)

SuC InternalZone

(Secondary)

Enterprise Zone (Primary)

SuC ServicesZone

(Primary)

SuC ServicesZone

(Primary)

SuC ServicesZone

(Secondary)

SuC ServicesZone

(Secondary)

SuC External Zone (Primary)

SuC External Zone (Primary)

Internet Zone (Primary)

SuC External Zone (Secondary)

SuC External Zone (Secondary)

Internet Zone (Secondary)

Enterprise Zone (Secondary)


Figure 1 – Overview of security zones and conduits reference model



SuC Internal Zone (Primary)SuC Internal Zone (Primary)

SuC Field Location ZoneSuC Field Location Zone

Controller

ActuatorSensorActuatorSensor

LAN

Remote terminal

unit

Local HMI terminal

SuC Control Centre Zone (Primary)SuC Control Centre Zone (Primary)

Local HMI terminal Controller

LAN

SuC External Zone (Primary)SuC External Zone (Primary)

Configuration server WorkstationHistorianHMI

terminalDatabase

serverApplication

server

Gateway Firewall

(Primary)

Gateway Firewall

(Secondary)

Gateway Firewall

(Primary)

Gateway Firewall

(Secondary)

Gateway Firewall

Enterprise Zone (Primary)

Conduit to secondary– not developed.

Zone not developed.

Conduit to secondary – not developed.

Gateway Firewall

Patchserver

Network servicesserver

Security services server

Webserver HistorianDatabase

server

Internet Zone (Primary)

Zone not developed.

Jumpserver

Gateway Firewall

Gateway Firewall

SuC Services Zone (Primary)SuC Services Zone (Primary)


Figure 2 – Detailed view of security zones and conduits reference model



The model is informed by four primary design principles:

a. centralised traffic management

b. dedicated internet connectivity

c. wide area networks are untrusted

d. on-demand remote access

8.2.1. Centralised traffic management A design principle of the model is the redundant centralised physical security zone ‘SuC Internal

Zone’ which logically includes ‘SuC Services Zone’.

As all SuC traffic from network segments flows through the ‘SuC Internal Zones’, network

segments can be logically and physically isolated from central sites (IEC 62443-3-3 SR 5.1 and

RE 1, RE 2 and RE 3).

As all SuC traffic from network segments flows through the ‘SuC Internal Zones’, traffic can be

monitored, controlled, filtered, and logged from central sites (IEC 62443-3-3 SR 5.2 and RE 1,

RE 2 and RE 3).

8.2.2. Dedicated internet connectivity A design principle of the model is the dedicated redundant internet connectivity from the ‘SuC

External Zone’.

Notes:

1. A common historical practice is to use enterprise systems as a means of providing

internet connectivity. This practice is not suitable if the connectivity is used for remote

operations or maintenance functions with timeframes between sub-seconds and days.

This includes fault, configuration, accounting, performance and security management.

2. Internet connectivity should be justified in the definition of the operations concept in

the plan stage of the asset life cycle.

As the SuC needs to be able to function independently from level 4 enterprise systems

(IEC 62443-3-3 SR 5.1 RE 2), connectivity through the ‘Enterprise Zone’ to the internet is not

suitable.




8.2.3. Wide area networks are untrusted

A design principle of the model is that all wide area networks (WAN) are considered untrusted.

Notes:

1. A common historical practice is to use organisational multi-service networks and

third party carriage services to interconnect physical sites without explicitly

establishing trust of the communications channel.

2. Local area networks (LAN) comprising dedicated communication assets and

contained wholly within a single physical security zone are considered trusted.

Gateways use cryptographic algorithms with mutual authentication and encryption (SR 3.1 RE 1

and SR 4.1 RE 1) to establish trust of the communication channel over WANs.

8.2.4. On-demand remote access A design principle of the model is on-demand remote access from the internet.

Internet connectivity for interactive remote access is managed by the firewall and jump server in

the ‘SuC External Zone’.

Normally the firewall does not allow any inbound traffic from the ‘Internet Zone’ unless it has first

been established by, or is related to outbound traffic from the ‘SuC Internal Zone’.

Note: Services within the ‘SuC Services Zone’ are normally allowed restricted access

to the internet to perform predefined functions, such as obtaining threat intelligence,

vulnerability and exposure advisories, and software updates and upgrades.

On-demand remote access can be established in response to an incident.

After the request for remote access is approved, the jump server is physically connected to the

firewall and predefined traffic is allowed between the firewall and jump server for the duration of

the incident (IEC 62443-3-3 SR 1.13 RE 1). After the incident is resolved the jump server is

physically disconnected.

Notes:

1. As these changes are actions taken in response to an incident, they are not subject

to TfNSW safety change management.

2. Refer to CERT Australia ICS Remote Access Protocol for further information.

Remote access users are uniquely identified and authenticated on the jump server using

multifactor authentication (IEC 62443-3-3 SR 1.1 RE 3, SR 1.2 RE 1) before allowing access to

the ‘SuC Internal Zone’. One of the authentication factors is a one-time password associated

with the incident. After the incident is resolved the one-time password expires.

The jump server allows authorised remote access users to interact with predefined IACS assets.




9. Glossary of terms and definitions TfNSW considers cyber risk as a business risk that can, like any business risk, affect the

achievement of its business objectives and functions.

However, terminologies associated with security, and in particular cybersecurity, are widely

used but not clearly understood as discussed in the Australian Government Australian Cyber

Security Centre Threat Report. Terms such as cyber attack and cyber war are frequently used,

often in sensationalist ways ‘generating an emotive response and a disproportionate sense of

threat’.

This document standardises the vocabulary, and the terms and definitions provided in Table 2

shall be applied throughout the IACS series of standards. The majority of terms and definitions

provided in Table 2 are from IEC/TS 62443-1-1, IEC 62443-2-4 and IEC 62443-3-3.

Notes:

All definitions from IEC/TS 62443-1-1 ed.1.0 are Copyright © 2009 IEC Geneva,






A common foundational understanding of cybersecurity aligned to existing risk management

vocabulary is important to be established. Table 2 also contains the generic definitions from

ISO Guide 73 for some of terms related to risk management.

Table 2 – Glossary of terms and definitions

Term Definition Source

asset owner individual or company responsible for one or more IACS

IEC 62443-3-3 ed.1.0

attack assault on a system that derives from an intelligent threat — i.e., an intelligent act that is a deliberate attempt (especially in the sense of a method or technique) to evade security services and violate the security policy of a system

IEC/TS 62443-1-1 ed.1.0

authenticate verify the identity of a user, user device, or other entity, or the integrity of data stored, transmitted, or otherwise exposed to unauthorized modification in an information system, or to establish the validity of a transmission

IEC/TS 62443-1-1 ed.1.0


http://www.iec.ch/

http://www.iec.ch/




automation solution control system and any complementary hardware and software components that have been installed and configured to operate in an IACS

IEC 62443-2-4 ed.1.0

communications channel

specific logical or physical communication link between assets

IEC 62443-3-3 ed.1.0

communication system

arrangement of hardware, software, and propagation media to allow the transfer of messages from one application to another

IEC/TS 62443-1-1 ed.1.0

conduit logical grouping of communication channels, connecting two or more zones, that share common security requirements

IEC 62443-3-3 ed.1.0

countermeasure action, device, procedure, or technique that reduces a threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that corrective action can be taken Referred as 'control' in ISO Guide 73 and defined as 'measure that is modifying risk'

IEC/TS 62443-1-1 ed.1.0

cryptographic algorithm

algorithm based upon the science of cryptography, including encryption algorithms, cryptographic hash algorithms, digital signature algorithms, and key agreement algorithms

IEC/TS 62443-1-1 ed.1.0

cybersecurity actions required to preclude unauthorized use of, denial of service to, modifications to, disclosure of, loss of revenue from, or destruction of critical systems or informational assets

IEC/TS 62443-1-1 ed.1.0

cyber risk the potential for unauthorised use, disclosure, damage or disruption to assets through the use of technology

TfNSW

encryption cryptographic transformation of plaintext into ciphertext that conceals the data’s original meaning to prevent it from being known or used

IEC/TS 62443-1-1 ed.1.0

enterprise system collection of information technology elements (i.e., hardware, software and services) installed with the intent to facilitate an organization’s business process or processes (administrative or project)

IEC/TS 62443-1-1 ed.1.0

firewall inter-network connection device that restricts data communication traffic between two connected networks

IEC/TS 62443-1-1 ed.1.0

gateway relay mechanism that attaches to two (or more) computer networks that have similar functions but dissimilar implementations and that enables host computers on one network to communicate with hosts on the other

IEC/TS 62443-1-1 ed.1.0





geographic site subset of an enterprise’s physical, geographic, or logical group of assets

IEC/TS 62443-1-1 ed.1.0

hardcoded credential

a value, such as a password, token, private or shared cryptographic key used for authentication, that is – • established by a manufacture or

supplier • incapable of being modified or revoked

by the user

TfNSW; adapted from Senate of the United States Bill S.1691

IACS industrial automation and control systems; collection of personnel, hardware, and software that can affect or influence the safe, secure, and reliable operation of an industrial process

IEC/TS 62443-1-1 ed.1.0

local area network communications network designed to connect computers and other intelligent devices in a limited geographic area (typically less than 10 km)

IEC/TS 62443-1-1 ed.1.0

product supplier manufacturer of hardware and/or software product

IEC 62443-3-3 ed.1.0

risk expectation of loss expressed as the probability that a particular threat will exploit a particular vulnerability with a particular consequence Defined in ISO Guide 73 as 'effect of uncertainty on objectives'

IEC/TS 62443-1-1 ed.1.0

risk assessment process that systematically identifies potential vulnerabilities to valuable system resources and threats to those resources, quantifies loss exposures and consequences based on probability of occurrence, and (optionally) recommends how to allocate resources to countermeasures to minimize total exposure Defined in ISO Guide 73 as 'overall process of risk identification, risk analysis and risk evaluation'

IEC/TS 62443-1-1 ed.1.0

risk management process of identifying and applying countermeasures commensurate with the value of the assets protected, based on a risk assessment Defined in ISO Guide 73 as 'coordinated activities to direct and control an organization with regard to risk'

IEC/TS 62443-1-1 ed.1.0

security event occurrence in a system that is relevant to the security of the system Defined in ISO Guide 73 as 'occurrence or change of a particular set of circumstances'

IEC/TS 62443-1-1 ed.1.0





security level level corresponding to the required effectiveness of countermeasures and inherent security properties of devices and systems for a zone or conduit based on assessment of risk for the zone or conduit

IEC/TS 62443-1-1 ed.1.0

security zone grouping of logical or physical assets that share common security requirements

IEC/TS 62443-1-1 ed.1.0

system integrator person or company that specializes in bringing together component subsystems into a whole and ensuring that those subsystems perform in accordance with project specifications

IEC 62443-3-3 ed.1.0

threat potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm

IEC/TS 62443-1-1 ed.1.0

trust confidence that an operation, data transaction source, network or software process can be relied upon to behave as expected

IEC 62443-3-3 ed.1.0

untrusted not meeting predefined requirements to be trusted

IEC 62443-3-3 ed.1.0

vulnerability flaw or weakness in a system's design, implementation, or operation and management that could be exploited to violate the system's integrity or security policy Defined in ISO Guide 73 as 'intrinsic properties of something resulting in susceptibility to a risk source than can lead to an event with a consequence'

IEC/TS 62443-1-1 ed.1.0

wide area network communications network designed to connect computers, networks and other devices over a large distance, such as across a country or the world

IEC/TS 62443-1-1 ed.1.0


cybersecurity for iacs - overview · cybersecurity for iacs -overview version 1.0 effective date:...

Documents