BS IEC 62859 pdf download

BS IEC 62859 pdf download.Nuclear power plants – Instrumentation and control systems – Requirements for coordinating safety and cybersecurity
1 Scope
This document provides a framework to manage the interactions between safety and cybersecurity for nuclear power plant (NPP) systems, taking into account the current SC 45A standards addressing these issues and the specifics of nuclear I&C programmable digital systems. NOTE In this document (as in IEC 62645), cybersecurity relates to prevention of, detection of, and reaction to malicious acts perpetrated by digital means (cyberattacks). In this context, it does not cover considerations related to non-malevolent actions and events such as accidental failures, natural events or human errors (except those degrading cybersecurity). Those aspects are of course of prime importance but they are covered by other SC 45A documents and standards, and are not considered as cybersecurity related in this document. This document establishes requirements and guidance to: – integrate cybersecurity provisions in nuclear I&C architectures and systems, which are fundamentally tailored for safety; – avoid potential conflicts between safety and cybersecurity provisions; – aid the identification and the leveraging of the potential synergies between safety and cybersecurity. This document is intended to be used for designing new NPPs, or modernizing existing NPPs, throughout I&C programmable digital systems lifecycle. It is also applicable for assessing the coordination between safety and cybersecurity of existing plants. It may also be applicable to other types of nuclear facilities. This document addresses I&C programmable digital systems important to safety and I&C programmable digital systems not important to safety. It does not address programmable digital systems dedicated to site physical security, room access control and site security surveillance. This document is limited to I&C programmable digital systems of NPPs, including their on-site maintenance and configuration tools. Annex A provides a rationale for and comments about the scope definition and the document application.
3 Terms and definitions
For the purposes of this document, the terms and definitions given in IEC 62645, in IEC 61 51 3 and the following apply. NOTE If for a given term, different definitions are provided in these three sources, the definition of the present document applies. ISO and IEC maintain terminological databases for use in standardization at the following addresses: • IEC Electropedia: available at http://www.electropedia.org/ • ISO Online browsing platform: available at http://www.iso.org/obp 3.1 computer-based item item that relies on software instructions running on microprocessors or microcontrollers Note 1 to entry: The term item can be replaced by the terms system, or equipment, or device. Note 2 to entry: A computer-based item is a kind of programmable digital item. Note 3 to entry: This term is equivalent to software-based item. 3.2 cyberattack attempt by digital means to destroy, expose, alter, disable, steal or gain unauthorized access to or make unauthorized use of an asset Note 1 to entry: Cyberattacks include targeted and non-targeted (e.g. malwares) attacks by digital means. Cyberattack is synonymous with digital attack.3.3 cybersecurity set of activities and measures the objective of which is to prevent, detect, and react to: – malicious disclosures of information (confidentiality) that could be used to perform malicious acts which could lead to an accident, an unsafe situation or plant performance degradation; – malicious modifications (integrity) of functions that may compromise the delivery or integrity of the required service by I&C programmable digital systems (incl. loss of control) which could lead to an accident, an unsafe situation or plant performance degradation; – malicious withholding or prevention of access to or communication of information, data or resources (incl. loss of view) that could compromise the delivery of the required service by I&C systems (availability) which could lead to an accident, an unsafe situation or plant performance degradation Note 1 to entry: This definition is tailored with respect to this standard scope and overall SC 45A document structure. It is recognized that the term “cybersecurity” has a broader meaning in other standards and guidance, often including non-malevolent threats, human errors and protection against natural disasters. Those aspects – except human errors degrading cybersecurity – are not included in the concept of cybersecurity used in the SC 45A standard series. See Annex A.4 for more detail about such exclusions. Note 2 to entry: Computer security, security and cybersecurity are considered synonymous in this document.