1
/
of
12
PayPal, credit cards. Download editable-PDF & invoice In 1 second!
GB/T 33009.4-2016 English PDF (GBT33009.4-2016)
GB/T 33009.4-2016 English PDF (GBT33009.4-2016)
Regular price
$150.00 USD
Regular price
Sale price
$150.00 USD
Unit price
/
per
Shipping calculated at checkout.
Couldn't load pickup availability
Delivery: 3 seconds. Download true-PDF + Invoice.
Get QUOTATION in 1-minute: Click GB/T 33009.4-2016
Historical versions: GB/T 33009.4-2016
Preview True-PDF (Reload/Scroll if blank)
GB/T 33009.4-2016: Industrial automation and control system security -- Distributed control system (DCS) -- Part 4: Risk and vulnerability detection requirements
GB/T 33009.4-2016
GB
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 25.040
N 10
Industrial automation and control system security -
Distributed control system (DCS) -
Part 4. Risk and vulnerability detection requirements
ISSUED ON. OCTOBER 13, 2016
IMPLEMENTED ON. MAY 01, 2017
Issued by. General Administration of Quality Supervision, Inspection and
Quarantine of the People's Republic of China
Standardization Administration of the People's Republic of
China.
3. No action is required - Full-copy of this standard will be automatically and
immediately delivered to your EMAIL address in 0~60 minutes.
Table of Contents
Foreword ... 3
1 Scope .. 5
2 Normative references ... 5
3 Terms, definitions, abbreviations ... 6
3.1 Terms and definitions ... 6
3.2 Abbreviations .. 9
4 Overview of DCS risk and vulnerability detection .. 10
4.1 DCS system overview ... 10
4.2 DCS risk and vulnerability detection objectives .. 12
4.3 Basic principles of DCS risk and vulnerability detection ... 12
4.4 DCS risk and vulnerability detection content ... 13
4.5 Basic work unit of DCS risk and vulnerability detection ... 13
4.6 Implementation of DCS risk and vulnerability detection ... 15
4.7 Disposal of DCS risk and vulnerability detection results ... 16
5 DCS software security risk and vulnerability .. 16
5.1 Operating system of server and control station .. 16
5.2 Database management system ... 18
5.3 OPC software ... 21
5.4 DCS monitoring software .. 22
5.5 DCS configuration software ... 24
5.6 Other software ... 26
6 DCS network communications security risk and vulnerability ... 26
6.1 Commercial Ethernet protocol communication mechanism ... 26
6.2 Industrial network protocol communication mechanism ... 27
6.3 DCS communication data security .. 29
6.4 DCS communication services ... 30
6.5 DCS status conversion .. 31
References ... 33
Foreword
GB/T 33009 “Industrial automation and control system security - Distributed
control system (DCS)” and GB/T 33008 “Industrial automation and control
system security - Programmable logic controller (PLC)” and other standards
together constitute the industrial automation and control systems network
security series standard.
GB/T 33009 “Industrial automation and control system security - Distributed
control system (DCS)” is divided into 4 parts.
- Part 1. Protection requirements;
- Part 2. Management requirements;
- Part 3. Assessment guidelines;
- Part 4. Risk and vulnerability detection requirements.
This part is part 4 of GB/T 33009.
This part was drafted in accordance with the rules given GB/T 1.1-2009.
This part was proposed by China Machinery Industry Federation.
This part shall be under the jurisdiction of the National Industrial Process
Measurement, Control and Automation Standardization Technical Committee
(SAC/TC 124) and the National Information Security Standardization Technical
Committee (SAC/TC 260).
The drafting organizations of this part. Zhejiang University, Zhejiang Institute of
Control Technology Co., Ltd., Machinery Industry Instrumentation Technology
Institute of Economics, Chongqing University of Posts and Telecommunications,
Chinese Academy of Sciences Shenyang Institute of Automation, Southwest
University, Fujian Institute of Technology, Hangzhou Institute of Technology,
Beijing Venus Information Security Technology Co., Ltd., China Electronics
Standardization Institute, State Grid Smart Grid Research Institute, China
Nuclear Power Engineering Co., Ltd., Shanghai Automation Instrumentation
Co., Ltd., Dongtu Technology Co., Ltd., Tsinghua University, Siemens (China)
Limited, Schneider Electric (China) Co., Ltd., Beijing Iron and Steel Design and
Research Institute, Huazhong University of Science and Technology, Beijing
Austin Technology Co., Ltd., Rockwell Automation (China) Co., Ltd., China
Instrument Society, Ministry of Industry and Information Technology Electronics
Fifth Research Institute, Beijing Haitai Fangyuan Science and Technology Co.,
Ltd., Qingdao Tofino Information Security Technology Co., Ltd., Beijing Guodian
Zhishen Control Technology Co., Ltd., Beijing Likong Huakang Technology Co.,
Industrial automation and control system security -
Distributed control system (DCS) -
Part 4. Risk and vulnerability detection requirements
1 Scope
This part of GB/T 33009 specifies the risk and vulnerability detection of the
distributed control system (DCS) before and after being put into operation,
proposes specific requirements for the risk and vulnerability detection of the
DCS software, Ethernet network communication protocol and industrial control
network protocol.
This part applies to vulnerability detection of the following objects in the DCS.
a) Monitoring software, configuration software, database software and other
DCS application software;
b) Operating systems such as DCS operator stations and control stations;
c) Functions and components in the DCS with network protocol
implementation and network communication capabilities.
This part does not apply to intelligent instrumentation and industrial wireless
vulnerability detection.
2 Normative references
The following documents are essential to the application of this document. For
the dated documents, only the versions with the dates indicated are applicable
to this document; for the undated documents, only the latest version (including
all the amendments) are applicable to this document.
GB 17859-1999 Classified criteria for security protection of computer
information system
GB/T 20271-2006 Information security technology - Common security
techniques requirement for information system
GB/T 20984-2007 Information security technology - Risk assessment
specification for information security
GB/T 28449-2012 Information security technology - Testing and evaluation
process guide for classified protection of information system security
GB/T 30976.1-2014 Industrial control system security - Part 1. Assessment
specification
GB/T 33009.1-2016 Industrial automation and control system security -
Distributed control system (DCS) - Part 1. Protection requirements
GB/T 33009.2-2016 Industrial automation and control system security -
Distributed control system (DCS) - Part 2. Management requirements
3 Terms, definitions, abbreviations
3.1 Terms and definitions
The terms and definitions as defined in GB/T 20984-2007 and GB/T 30976.1-
2014 AND the following terms and definitions apply to this document. For ease
of use, some terms and definitions from GB/T 20984-2007 and GB/T 30976.1-
2014 are repeatedly listed below.
3.1.1
Availability
Characteristics of data or resources that can be accessed and used by the
authorized entities as required.
[GB/T 20984-2007, Definition 3.3]
3.1.2
Authentication
The act of verifying the entity's claimed identity.
3.1.3
Authorized user
A user who can perform an action based on security policy.
3.1.4
Confidentiality
4 Overview of DCS risk and vulnerability detection
4.1 DCS system overview
4.1.1 Network structure of common DCS system application
DCS system applications are usually a vertical hierarchical network structure,
from top to bottom including process monitoring layer, field control layer and
field equipment layer. Each layer is connected by a communication network,
and each equipment in each layer is commun...
Get QUOTATION in 1-minute: Click GB/T 33009.4-2016
Historical versions: GB/T 33009.4-2016
Preview True-PDF (Reload/Scroll if blank)
GB/T 33009.4-2016: Industrial automation and control system security -- Distributed control system (DCS) -- Part 4: Risk and vulnerability detection requirements
GB/T 33009.4-2016
GB
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 25.040
N 10
Industrial automation and control system security -
Distributed control system (DCS) -
Part 4. Risk and vulnerability detection requirements
ISSUED ON. OCTOBER 13, 2016
IMPLEMENTED ON. MAY 01, 2017
Issued by. General Administration of Quality Supervision, Inspection and
Quarantine of the People's Republic of China
Standardization Administration of the People's Republic of
China.
3. No action is required - Full-copy of this standard will be automatically and
immediately delivered to your EMAIL address in 0~60 minutes.
Table of Contents
Foreword ... 3
1 Scope .. 5
2 Normative references ... 5
3 Terms, definitions, abbreviations ... 6
3.1 Terms and definitions ... 6
3.2 Abbreviations .. 9
4 Overview of DCS risk and vulnerability detection .. 10
4.1 DCS system overview ... 10
4.2 DCS risk and vulnerability detection objectives .. 12
4.3 Basic principles of DCS risk and vulnerability detection ... 12
4.4 DCS risk and vulnerability detection content ... 13
4.5 Basic work unit of DCS risk and vulnerability detection ... 13
4.6 Implementation of DCS risk and vulnerability detection ... 15
4.7 Disposal of DCS risk and vulnerability detection results ... 16
5 DCS software security risk and vulnerability .. 16
5.1 Operating system of server and control station .. 16
5.2 Database management system ... 18
5.3 OPC software ... 21
5.4 DCS monitoring software .. 22
5.5 DCS configuration software ... 24
5.6 Other software ... 26
6 DCS network communications security risk and vulnerability ... 26
6.1 Commercial Ethernet protocol communication mechanism ... 26
6.2 Industrial network protocol communication mechanism ... 27
6.3 DCS communication data security .. 29
6.4 DCS communication services ... 30
6.5 DCS status conversion .. 31
References ... 33
Foreword
GB/T 33009 “Industrial automation and control system security - Distributed
control system (DCS)” and GB/T 33008 “Industrial automation and control
system security - Programmable logic controller (PLC)” and other standards
together constitute the industrial automation and control systems network
security series standard.
GB/T 33009 “Industrial automation and control system security - Distributed
control system (DCS)” is divided into 4 parts.
- Part 1. Protection requirements;
- Part 2. Management requirements;
- Part 3. Assessment guidelines;
- Part 4. Risk and vulnerability detection requirements.
This part is part 4 of GB/T 33009.
This part was drafted in accordance with the rules given GB/T 1.1-2009.
This part was proposed by China Machinery Industry Federation.
This part shall be under the jurisdiction of the National Industrial Process
Measurement, Control and Automation Standardization Technical Committee
(SAC/TC 124) and the National Information Security Standardization Technical
Committee (SAC/TC 260).
The drafting organizations of this part. Zhejiang University, Zhejiang Institute of
Control Technology Co., Ltd., Machinery Industry Instrumentation Technology
Institute of Economics, Chongqing University of Posts and Telecommunications,
Chinese Academy of Sciences Shenyang Institute of Automation, Southwest
University, Fujian Institute of Technology, Hangzhou Institute of Technology,
Beijing Venus Information Security Technology Co., Ltd., China Electronics
Standardization Institute, State Grid Smart Grid Research Institute, China
Nuclear Power Engineering Co., Ltd., Shanghai Automation Instrumentation
Co., Ltd., Dongtu Technology Co., Ltd., Tsinghua University, Siemens (China)
Limited, Schneider Electric (China) Co., Ltd., Beijing Iron and Steel Design and
Research Institute, Huazhong University of Science and Technology, Beijing
Austin Technology Co., Ltd., Rockwell Automation (China) Co., Ltd., China
Instrument Society, Ministry of Industry and Information Technology Electronics
Fifth Research Institute, Beijing Haitai Fangyuan Science and Technology Co.,
Ltd., Qingdao Tofino Information Security Technology Co., Ltd., Beijing Guodian
Zhishen Control Technology Co., Ltd., Beijing Likong Huakang Technology Co.,
Industrial automation and control system security -
Distributed control system (DCS) -
Part 4. Risk and vulnerability detection requirements
1 Scope
This part of GB/T 33009 specifies the risk and vulnerability detection of the
distributed control system (DCS) before and after being put into operation,
proposes specific requirements for the risk and vulnerability detection of the
DCS software, Ethernet network communication protocol and industrial control
network protocol.
This part applies to vulnerability detection of the following objects in the DCS.
a) Monitoring software, configuration software, database software and other
DCS application software;
b) Operating systems such as DCS operator stations and control stations;
c) Functions and components in the DCS with network protocol
implementation and network communication capabilities.
This part does not apply to intelligent instrumentation and industrial wireless
vulnerability detection.
2 Normative references
The following documents are essential to the application of this document. For
the dated documents, only the versions with the dates indicated are applicable
to this document; for the undated documents, only the latest version (including
all the amendments) are applicable to this document.
GB 17859-1999 Classified criteria for security protection of computer
information system
GB/T 20271-2006 Information security technology - Common security
techniques requirement for information system
GB/T 20984-2007 Information security technology - Risk assessment
specification for information security
GB/T 28449-2012 Information security technology - Testing and evaluation
process guide for classified protection of information system security
GB/T 30976.1-2014 Industrial control system security - Part 1. Assessment
specification
GB/T 33009.1-2016 Industrial automation and control system security -
Distributed control system (DCS) - Part 1. Protection requirements
GB/T 33009.2-2016 Industrial automation and control system security -
Distributed control system (DCS) - Part 2. Management requirements
3 Terms, definitions, abbreviations
3.1 Terms and definitions
The terms and definitions as defined in GB/T 20984-2007 and GB/T 30976.1-
2014 AND the following terms and definitions apply to this document. For ease
of use, some terms and definitions from GB/T 20984-2007 and GB/T 30976.1-
2014 are repeatedly listed below.
3.1.1
Availability
Characteristics of data or resources that can be accessed and used by the
authorized entities as required.
[GB/T 20984-2007, Definition 3.3]
3.1.2
Authentication
The act of verifying the entity's claimed identity.
3.1.3
Authorized user
A user who can perform an action based on security policy.
3.1.4
Confidentiality
4 Overview of DCS risk and vulnerability detection
4.1 DCS system overview
4.1.1 Network structure of common DCS system application
DCS system applications are usually a vertical hierarchical network structure,
from top to bottom including process monitoring layer, field control layer and
field equipment layer. Each layer is connected by a communication network,
and each equipment in each layer is commun...
Share
