· 根据要求应用适当的合格评定 - 测试和认证级别
除了用于IT服务管理的ISO / IEC 27000系列标准和用于工业通信网络和国际退火铜标准（IACS）的IEC 62443系列平行出版物外，许多IEC技术委员会（TCs）和分委员会（SCs）已经制定了标准、技术规范（TSs）和特定行业的要求。
IEC CAB已建立第17工作组，以调查网络安全领域的产品、服务、人员和综合体系的市场需求和合格评定服务（全球认证计划）时间表。但是，这并不包括IECEE CMC WG 31所涵盖的工业自动化应用范围。CAB第17工作组还向其他行业领域传达了IECEE CMC 第31工作组所采用的通用网络安全途径及其在其他行业适用的可能性。
IECEE CMC 第31工作组的主要任务是“为IEC 62443系列的合格评定制定独特的方法”。为此，小组编写了OD-2061，即2018年6月发布的指导性操作文件，描述了如何解决合格评定并将其应用于IEC 62443系列中的某些标准。
OD-2061还解释了在哪些条件下可以提供IECEE网络合格证书 - 工业网络安全能力。只有“由经批准的认证机构（CB）测试实验室签署并附加国家认证机构（NCB）颁发的证书”才有效。
Cyber resilience can only be achieved by focusing both on information and operational technologies
In recent months, a number of international studies and reports have highlighted an alarming increase in cyber attacks targeting the supply chain. One such survey, conducted in the Americas, Asia and Europe, suggests that in the past year two thirds of companies have experienced a cyber attack on their supply chain.
Generally speaking, a supply chain is the journey that products and services make from supplier to customer. It is a system that encompasses organizations, people, activities, information and resources. Supply chains are especially vulnerable because of their complex interactions with plant operations, employees, customers and shippers, among others. It can be difficult to know, let alone control, the security procedures that are in use along the chain.
Another issue identified by a US Department of Defense report is that security in the manufacturing industry tends to focus on cloud services, data management and other types of information technology (IT), while overlooking security of the supply chain, much of which runs on operational technology (OT). The Pentagon’s primary concern is of course the American defence industry, but the issues covered in the report apply to all industrial sectors and critical infrastructure worldwide.
Cyber security for IT and OT
The crux of the problem identified in the 146-page publication is that cyber security programmes are too often IT-led. In reality, the operational constraints in industry sectors such as manufacturing, as well as in others including energy, healthcare and transport, mean that the approach employed in terms of cyber security also needs to safeguard OT.
The primary focus of IT is data and its ability to flow freely and securely. It exists in the virtual world, where data is stored, retrieved, transmitted and manipulated. IT is fluid and has many moving parts and gateways, rendering it vulnerable to, and offering a large basis for a wide variety of constantly evolving attacks. Defending against attacks is about safeguarding every layer as well as continuously identifying and correcting weaknesses so as to keep data flowing.
OT, in contrast, belongs to the physical world. While IT has to safeguard every layer of the system, OT is about maintaining control of systems: on or off, closed or open. OT ensures the correct execution of all actions. Everything in OT is geared to the physical movement and control of devices and processes to keep systems working as intended, with a primary focus on security and increased efficiency. For example, OT helps ensure that a generator comes online when there is an increase in electricity demand or that an overflow valve opens when a chemical tank is full, so as to avoid hazardous substances spilling.
In the past IT and OT had separate roles. OT teams were used to working with closed systems that relied heavily on physical security mechanisms to ensure integrity. With the emergence of the industrial internet of things (IIoT) and the integration of physical machines with networked sensors and software, the lines between the two are blurring. As more and more objects connect, communicate and interact with each other, there has been a surge in the number of endpoints and of potential ways for cyber criminals to gain access to networks and infrastructure systems.
Protecting supply chains
This brings us back to supply chains, where it seems likely that the vast majority of cyber breaches originate. Again, there are important differences between IT and OT.
The IT supply chain is defined as consisting of “a set of organizations with linked sets of resources and processes, each of which acts as an acquirer, supplier, or both to form successive supplier relationships established upon placement of a purchase order, agreement, or other formal sourcing agreement”.
A definition of supply chain for smart manufacturing plants would encompass not only IT but also the OT supply chain. This includes people (developers, suppliers, vendors and staff working on OT) and processes as well as products: components and systems central to OT, such as industrial automation and control systems (IACS), and, increasingly, internet of things (IoT) elements.
When it comes to protecting the supply chain, installing secure technology is of crucial importance. Legacy technology is an acute problem, especially when compromised devices become gateways into industrial control or supervisory control and data acquisition (SCADA) systems. Researchers recently used a fax line to access network devices connected to an all-in-one printer.
The importance of risk management
Secure technology only represents part of the challenge; on its own it will not ensure resilience. The safest approach involves understanding and mitigating risks in order to apply the right protection at the appropriate points in the system. This applies to both IT and OT.
It is vital that this process is very closely aligned with organizational goals because mitigation decisions may have a serious impact on operations. Ideally, the process would be based on a systems approach that involves stakeholders from throughout the organization.
Once an organization has understood the system and identified what is valuable and needs most protection, there are three steps to take in order to deal with the risk and consequences of a cyber attack:
· Understand the known threats through threat modelling and risk assessment
· Address the risks and implement protection with the help of International Standards, which reflect global best practices
· Apply the appropriate level of conformity assessment – testing and certification – against the requirements
A risk-based systems approach increases the confidence of all stakeholders by demonstrating not only the use of security measures based on best practices, but also that an organization has implemented the right measures efficiently and effectively.
Standards and CA to protect the supply chain
The IEC has developed many Standards to protect industrial and critical infrastructure assets, including broad Standards that apply to many different situations and specialized Standards, for instance, for nuclear power plants or healthcare. At the same time, the IEC also works on conformity assessment (CA) and global certification schemes through Working Groups (WGs) set up by its Conformity Assessment Board (CAB) and by the Certification Management Committee (CMC) of IECEE, the IEC System for Conformity Assessment Schemes for Electrotechnical Equipment and Components.
In addition to the ISO/IEC 27000 family of Standards for IT service management and the IEC 62443 series of horizontal publications for industrial communication networks and IACS, a number of IEC technical committees (TCs) and subcommittees (SCs) have developed Standards, Technical Specifications (TSs) and Requirements for specific sectors.
IEC CAB has set up WG 17 to investigate market needs and a timeframe for CA services (global certification schemes) for products, services, personnel and integrated systems in the domain of cyber security. However, it excludes the scope of industrial automation applications covered by IECEE CMC WG 31. CAB WG 17 also communicates to other industry sectors the generic cyber security approach taken by IECEE CMC WG 31 and how this may apply to those other sectors.
The main task of IECEE CMC WG 31 is to “make a unique approach for CA to the IEC 62443 series”. To this end, it has prepared OD-2061, a guidance Operational Document published in June 2018, to describe how the conformity assessment can be handled and applied to certain Standards in the IEC 62443 series.
OD-2061 also explains under which conditions IECEE Cyber Certificates of Conformity – Industrial Cyber Security Capability – can be delivered. They are valid only when “signed by an approved Certification Body (CB) Testing Laboratory and appended to a Certificate issued by a National CB (NCB)”.
Currently these certificates are defined for the following assessments, each applying to one or more Standards in the IEC 62443 series:
· Product capability
· Process capability
· Product application of capabilities
· Process application of capabilities
· Solution application of capabilities
Together with IEC cyber-related security Standards, the recent introduction of comprehensive CA certification schemes should ensure that systems which rely on industrial communication networks and IACS, including supply chains, are better protected against cyber threats.
地址：北京海淀区马甸东路9号 邮编：100088 邮箱：email@example.com