收藏本站   设为首页
当前位置:国际标准化动态 > IEC > 正文

IEC制定标准保护供应链免遭网络攻击

发布时间: 2019-01-10 09:19:46   审校:睿智  

重视信息和运营技术,才能实现网络弹性

近几月,许多国际研究和报道强调,针对供应链的网络攻击有了骇人的增长。在美洲、亚洲和欧洲进行的相关调查显示,去年有三分之二的公司的供应链遭到了网络攻击。

一般而言,供应链是将产品和服务从供应商传递给客户的过程,这是一个涉及组织、人员、活动、信息和资源的系统。供应链因其与工厂运营、员工、客户和运货商等方面存在复杂的互动,故而尤其容易受到攻击。人们很难了解供应链当中运用的安全程序,而要进行控制则是难上加难。

美国国防部报告指出了另一个问题,制造业的安全问题更倾向于关注云服务、数据管理以及其他形式的信息技术(IT),但却忽视了供应链的安全性,后者很大程度上关乎运营技术(OT)。美国国防部的核心关注点无疑是美国国防业,但该报告涉及的问题适用于全球所有工业部门和关键基础设施领域。

一、信息技术和运营技术的网络安全

美国国防部发表长达146页的报告中指出,问题的症结在于网络安全程序对信息技术的过分依赖。实际上,制造业以及包括能源、医疗和运输在内的其他行业的运营限制意味着,在网络安全方面采用的方法也需要保障运营技术。

信息技术主要关注数据及其自由安全流动的能力。信息技术存在于虚拟世界中,并对数据进行存储、检索、传输和操纵。信息技术具有流动性,包含许多活动部件和网关,这就为各种不断演变的攻击提供了大量平台,使其易受侵害。防御攻击是为了保护每一层次,以及不断识别和改进弱点,以保持数据流动。

与此相反,运营技术属于物理世界。信息技术必须保护系统的每一层,而运营技术要保障对系统的控制:开启或断开,关闭或打开。运营技术确保正确执行所有操作。运营技术中的所有内容都适用于设备和流程的物理运动与控制,以保证系统按预期工作,同时优先考虑安全性和高效性。例如,运营技术有助于确保当电力需求增加时发电机要上线,或者当化学品罐满时溢流阀要打开,以避免有害物质溢出。

过去,信息技术和运营技术各司其职。运营技术团队习惯使用严重依赖物理安全机制的封闭系统来确保完整性。随着工业物联网(IIoT)的出现以及物理机器与网络传感器和软件的集成,信息技术和运营技术两者之间的界限变得模糊。随着越来越多的事物开始产生联系、交流和互动,设备终端在增多,但网络犯罪分子获取网络和基础设施系统的可能途径也在激增。

二、保护供应链

由此回到供应链这个话题,绝大多数网络漏洞似乎都来自供应链。此外,信息技术和运营技术之间存在重要差异。

信息技术供应链的定义是“由相互连接的资源和流程组成的组织结构,各组织充当收购方、供应方或两者,以形成下达采购订单、协议或其他正式采购协议的连续供应关系。”

智能制造工厂供应链的定义不仅包括信息技术供应链,还包括运营技术供应链。这涉及到人员(开发商、供应商、分销商和运营技术人员)和流程以及产品:这是运营技术的核心部分和系统,如工业自动化和控制系统(IACS),以及越来越多的物联网(IoT)元素。

 

在保护供应链方面,投入安全技术至关重要。传统技术问题严峻,特别是当受损设备成为工业控制或者数据采集与监视控制(SCADA)系统的网关时尤为如此。最近,研究人员用传真线路就访问到了一台一体式打印机的网络设备。

三、风险管理的意义

安全技术只是应对挑战的一方面;安全技术本身并不能确保网络弹性。最安全的方法是理解风险、减轻风险,以便在系统的适当位置予以合适的保护。这既适用于信息技术,也适用于运营技术。

重要的是,此流程与组织目标高度一致,因为减轻风险的决定可能会对运营产生严重影响。理想情况下,该流程所基于的系统方法会涉及整个组织的利益相关者。

一旦组织熟悉了系统,并确定了需要最多保护的有价值的部分,就需要采取三个步骤来应对网络攻击的风险和后果:

·         通过威胁建模和风险评估了解已知威胁

·         借助反映全球最佳实践的国际标准,确定风险并实施保护

·         根据要求应用适当的合格评定 - 测试和认证级别

基于风险的系统方法不仅显示了基于最佳实践的安全措施的运用,而且还证明了组织有效且高效地实施了正确的措施,从而提高了所有利益相关者的信心。

三、用标准和合格评定保护供应链

IEC制定了许多标准来保护工业和关键基础设施资产,包括适用于许多不同情况和专业标准的广泛标准,例如适用于核电厂或医疗领域的标准。同时,IEC还通过其合格评定局(CAB)和IECEE认证管理委员会(CMC)(即IEC电工设备和部件的合格评估体系)建立的工作组(WGs)开展合格评定(CA)和全球认证计划。

除了用于IT服务管理的ISO / IEC 27000系列标准和用于工业通信网络和国际退火铜标准(IACS)的IEC 62443系列平行出版物外,许多IEC技术委员会(TCs)和分委员会(SCs)已经制定了标准、技术规范(TSs)和特定行业的要求。

IEC CAB已建立第17工作组,以调查网络安全领域的产品、服务、人员和综合体系的市场需求和合格评定服务(全球认证计划)时间表。但是,这并不包括IECEE CMC WG 31所涵盖的工业自动化应用范围。CAB第17工作组还向其他行业领域传达了IECEE CMC 第31工作组所采用的通用网络安全途径及其在其他行业适用的可能性。

IECEE CMC 第31工作组的主要任务是“为IEC 62443系列的合格评定制定独特的方法”。为此,小组编写了OD-2061,即2018年6月发布的指导性操作文件,描述了如何解决合格评定并将其应用于IEC 62443系列中的某些标准。

OD-2061还解释了在哪些条件下可以提供IECEE网络合格证书 - 工业网络安全能力。只有“由经批准的认证机构(CB)测试实验室签署并附加国家认证机构(NCB)颁发的证书”才有效。

目前,这些证书是用于以下评定的,每个评定适用于IEC 62443系列中的一项或多项标准:

·         产品功能

·         流程功能

·         产品功能应用

·         流程功能应用

·         解决方案功能应用

和IEC网络相关的安全标准一样,最近采用的全面合格评定认证体系应确保,依赖工业通信网络和IACS的系统(包括供应链)能够更好地抵御网络威胁。

Protecting supply chains against cyber attacks

Cyber resilience can only be achieved by focusing both on information and operational technologies

In recent months, a number of international studies and reports have highlighted an alarming increase in cyber attacks targeting the supply chain.  One such survey, conducted in the Americas, Asia and Europe, suggests that in the past year two thirds of companies have experienced a cyber attack on their supply chain.

Generally speaking, a supply chain is the journey that products and services make from supplier to customer. It is a system that encompasses organizations, people, activities, information and resources. Supply chains are especially vulnerable because of their complex interactions with plant operations, employees, customers and shippers, among others. It can be difficult to know, let alone control, the security procedures that are in use along the chain. 

Another issue identified by a US Department of Defense report is that security in the manufacturing industry tends to focus on cloud services, data management and other types of information technology (IT), while overlooking security of the supply chain, much of which runs on operational technology (OT). The Pentagon’s primary concern is of course the American defence industry, but the issues covered in the report apply to all industrial sectors and critical infrastructure worldwide.

Cyber security for IT and OT

The crux of the problem identified in the 146-page publication is that cyber security programmes are too often IT-led. In reality, the operational constraints in industry sectors such as manufacturing, as well as in others including energy, healthcare and transport, mean that the approach employed in terms of cyber security also needs to safeguard OT.

The primary focus of IT is data and its ability to flow freely and securely. It exists in the virtual world, where data is stored, retrieved, transmitted and manipulated. IT is fluid and has many moving parts and gateways, rendering it vulnerable to, and offering a large basis for a wide variety of constantly evolving attacks. Defending against attacks is about safeguarding every layer as well as continuously identifying and correcting weaknesses so as to keep data flowing.

OT, in contrast, belongs to the physical world. While IT has to safeguard every layer of the system, OT is about maintaining control of systems: on or off, closed or open. OT ensures the correct execution of all actions. Everything in OT is geared to the physical movement and control of devices and processes to keep systems working as intended, with a primary focus on security and increased efficiency. For example, OT helps ensure that a generator comes online when there is an increase in electricity demand or that an overflow valve opens when a chemical tank is full, so as to avoid hazardous substances spilling.

In the past IT and OT had separate roles. OT teams were used to working with closed systems that relied heavily on physical security mechanisms to ensure integrity. With the emergence of the industrial internet of things (IIoT) and the integration of physical machines with networked sensors and software, the lines between the two are blurring. As more and more objects connect, communicate and interact with each other, there has been a surge in the number of endpoints and of potential ways for cyber criminals to gain access to networks and infrastructure systems.

Protecting supply chains

This brings us back to supply chains, where it seems likely that the vast majority of cyber breaches originate. Again, there are important differences between IT and OT.

The IT supply chain is defined as consisting of “a set of organizations with linked sets of resources and processes, each of which acts as an acquirer, supplier, or both to form successive supplier relationships established upon placement of a purchase order, agreement, or other formal sourcing agreement”.

A definition of supply chain for smart manufacturing plants would encompass not only IT but also the OT supply chain. This includes people (developers, suppliers, vendors and staff working on OT) and processes as well as products: components and systems central to OT, such as industrial automation and control systems (IACS), and, increasingly, internet of things (IoT) elements.

When it comes to protecting the supply chain, installing secure technology is of crucial importance. Legacy technology is an acute problem, especially when compromised devices become gateways into industrial control or supervisory control and data acquisition (SCADA) systems. Researchers recently used a fax line to access network devices connected to an all-in-one printer.

The importance of risk management

Secure technology only represents part of the challenge; on its own it will not ensure resilience. The safest approach involves understanding and mitigating risks in order to apply the right protection at the appropriate points in the system. This applies to both IT and OT.

It is vital that this process is very closely aligned with organizational goals because mitigation decisions may have a serious impact on operations. Ideally, the process would be based on a systems approach that involves stakeholders from throughout the organization.

Once an organization has understood the system and identified what is valuable and needs most protection, there are three steps to take in order to deal with the risk and consequences of a cyber attack:

·         Understand the known threats through threat modelling and risk assessment

·         Address the risks and implement protection with the help of International Standards, which reflect global best practices

·         Apply the appropriate level of conformity assessment  – testing and certification  – against the requirements

A risk-based systems approach increases the confidence of all stakeholders by demonstrating not only the use of security measures based on best practices, but also that an organization has implemented the right measures efficiently and effectively.

Standards and CA to protect the supply chain

The IEC has developed many Standards to protect industrial and critical infrastructure assets, including broad Standards that apply to many different situations and specialized Standards, for instance, for nuclear power plants or healthcare.  At the same time, the IEC also works on conformity assessment (CA) and global certification schemes through Working Groups (WGs) set up by its Conformity Assessment Board (CAB) and by the Certification Management Committee (CMC) of IECEE, the IEC System for Conformity Assessment Schemes for Electrotechnical Equipment and Components.

In addition to the ISO/IEC 27000 family of Standards for IT service management and the IEC 62443 series of horizontal publications for industrial communication networks and IACS, a number of IEC technical committees (TCs) and subcommittees (SCs) have developed Standards, Technical Specifications (TSs) and Requirements for specific sectors.

IEC CAB has set up WG 17 to investigate market needs and a timeframe for CA services (global certification schemes) for products, services, personnel and integrated systems in the domain of cyber security. However, it excludes the scope of industrial automation applications covered by IECEE CMC WG 31. CAB WG 17 also communicates to other industry sectors the generic cyber security approach taken by IECEE CMC WG 31 and how this may apply to those other sectors.

The main task of IECEE CMC WG 31 is to “make a unique approach for CA to the IEC 62443 series”. To this end, it has prepared OD-2061, a guidance Operational Document published in June 2018, to describe how the conformity assessment can be handled and applied to certain Standards in the IEC 62443 series.

OD-2061 also explains under which conditions IECEE Cyber Certificates of Conformity – Industrial Cyber Security Capability – can be delivered. They are valid only when “signed by an approved Certification Body (CB) Testing Laboratory and appended to a Certificate issued by a National CB (NCB)”.

Currently these certificates are defined for the following assessments, each applying to one or more Standards in the IEC 62443 series:

·         Product capability

·         Process capability

·         Product application of capabilities

·         Process application of capabilities

·         Solution application of capabilities

Together with IEC cyber-related security Standards, the recent introduction of comprehensive CA certification schemes should ensure that systems which rely on industrial communication networks and IACS, including supply chains, are better protected against cyber threats.


来源: IEC 官网
京ICP备09001239号
网站管理:国家标准化管理委员会标准信息中心
地址:北京海淀区马甸东路9号 邮编:100088 邮箱:info@sac.gov.cn
客服热线:010-82261056 QQ号:3433774297
  • 版权所有 侵权必究
  • 主管:国家标准化管理委员会
  • 主办:国家标准化管理委员会标准信息中心
  • 运营:北京中标赛宇科技有限公司
  • 经营许可证编号 京ICP证 号
  • 盗版侵权 举报热线:400-650-6190
  • 关于我们
  • 技术团队
  • 合作伙伴
  • 法律声明
  • 知识产权