GB/T 33009.2-2016 English PDF (GBT33009.2-2016)
GB/T 33009.2-2016 English PDF (GBT33009.2-2016)
Regular price
$150.00 USD
Regular price
Sale price
$150.00 USD
Unit price
/
per
Delivery: 3 seconds. Download true-PDF + Invoice.
Get QUOTATION in 1-minute: Click GB/T 33009.2-2016
Historical versions: GB/T 33009.2-2016
Preview True-PDF (Reload/Scroll if blank)
GB/T 33009.2-2016: Industrial automation and control system security -- Distributed control system (DCS) -- Part 2: Management requirements
GB/T 33009.2-2016
GB
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 25.040
N 10
Industrial automation and control system security -
Distributed control system (DCS) -
Part 2. Management requirements
ISSUED ON. OCTOBER 13, 2016
IMPLEMENTED ON. MAY 01, 2017
Issued by. General Administration of Quality Supervision, Inspection and
Quarantine of the People's Republic of China
Standardization Administration of the People's Republic of
China.
3. No action is required - Full-copy of this standard will be automatically and
immediately delivered to your EMAIL address in 0~60 minutes.
Table of Contents
Foreword ... 3
1 Scope .. 5
2 Normative references ... 5
3 Terms, definitions, abbreviations ... 5
3.1 Terms and definitions ... 5
3.2 Abbreviations .. 9
4 DCS security management overview .. 9
4.1 DCS system overview ... 9
4.2 DCS network security management system ... 12
5 DCS security management elements ... 18
5.1 Guidelines, strategies and procedures ... 18
5.2 Management organization ... 19
5.3 Asset management .. 21
5.4 Staff .. 22
5.5 Cryptography ... 23
5.6 Physical and environmental ... 23
5.7 Security control measures ... 24
5.8 Communication security ... 32
5.9 System operation and maintenance .. 33
5.10 Supplier relations ... 35
5.11 Information and document management ... 36
5.12 Business continuity planning .. 37
5.13 Security incident planning and response ... 38
5.14 Compliance ... 39
References ... 40
Foreword
GB/T 33009 “Industrial automation and control system security - Distributed
control system (DCS)” and GB/T 33008 “Industrial automation and control
system security - Programmable logic controller (PLC)” and other standards
together constitute the industrial automation and control systems network
security series standard.
GB/T 33009 “Industrial automation and control system security - Distributed
control system (DCS)” is divided into 4 parts.
- Part 1. Protection requirements;
- Part 2. Management requirements;
- Part 3. Assessment guidelines;
- Part 4. Risk and vulnerability detection requirements.
This part is part 2 of GB/T 33009.
This part was drafted in accordance with the rules given GB/T 1.1-2009.
This part was proposed by China Machinery Industry Federation.
This part shall be under the jurisdiction of the National Industrial Process
Measurement, Control and Automation Standardization Technical Committee
(SAC/TC 124) and the National Information Security Standardization Technical
Committee (SAC/TC 260).
The drafting organizations of this part. Zhejiang Institute of Control Technology
Co., Ltd., Zhejiang University, Machinery Industry Instrumentation Technology
and Economy Institute, Chongqing University of Posts and Telecommunications,
Chinese Academy of Sciences Shenyang Institute of Automation, Southwest
University, Fujian Institute of Technology, Hangzhou Institute of Science and
Technology, Beijing Venus Information Security Technology Co., Ltd., China
Electronics Standardization Institute, State Grid Smart Grid Research Institute,
China Nuclear Power Engineering Co., Ltd., Shanghai Automation
Instrumentation Co., Ltd., Dongtu Technology Co., Ltd., Tsinghua University,
Siemens (China) Limited, Schneider Electric (China) Co., Ltd., Beijing Iron and
Steel Design and Research Institute, Huazhong University of Science and
Technology, Beijing Austin Technology Co., Ltd., Rockwell Automation (China)
Co., Ltd., China Instrument Society, Ministry of Industry and Information
Technology Electronics Fifth Research Institute, Beijing Haitai Fangyuan
Technology Co., Ltd., Qingdao Tofino Information Security Technology Co., Ltd.,
Beijing Guodian Zhishen Control Technology Co., Ltd., Beijing Likong Huakang
Industrial automation and control system security -
Distributed control system (DCS) -
Part 2. Management requirements
1 Scope
This part of GB/T 33009 specifies the specific requirements of the distributed
control system network security management system and its related security
management elements.
This part applies to the security management in the operation and maintenance
process of the distributed control system.
2 Normative references
The following documents are essential to the application of this document. For
the dated documents, only the versions with the dates indicated are applicable
to this document; for the undated documents, only the latest version (including
all the amendments) are applicable to this document.
GB/T 20984-2007 Information security technology - Risk assessment
specification for information security
GB/T 22080-2008 Information technology - Security techniques - Information
security management systems - Requirements
GB/T 30976.1-2014 Industrial control system security - Part 1. Assessment
specification
ISO/IEC 27002.2013 Information technology - Security techniques - Code of
practice for information security controls
3 Terms, definitions, abbreviations
3.1 Terms and definitions
The terms and definitions as defined in GB/T 20984-2007 and GB/T 30976.1-
2014 AND the following terms and definitions apply to this document. For ease
3.1.16
Vulnerability
Defects or weaknesses in system design, implementation, or operation and
management, which can be exploited to compromise system integrity or
security policies.
[GB/T 30976.1-2014, Definition 3.1.1]
3.1.17
Asset
Anything that is valuable to the organization.
3.2 Abbreviations
The following abbreviations apply to this document.
DCS. Distributed Control System
DoS. Denial of Service
HSE. Health, Safety and Environmental Management System
SMS. Security Management System
MES. Manufacturing Execution System
PSM. Process Safety Management
4 DCS security management overview
4.1 DCS system overview
4.1.1 General DCS system application network structure
DCS system applications are usually a vertical hierarchical network structure,
from top to bottom including process monitoring layer, field control layer and
field equipment layer. Each layer is connected by a communication network,
each equipment in each layer is communicated through a communication
network of the same level. The typical network structure is as shown in Figure
1. This part mainly proposes requirements for security requirements of the
4.1.2.3 Security requirements
DCS has security requirements. DCS is generally deployed in important
production areas, the system does not allow security incidents.
4.1.2.4 Integrity requirements
DCS has integrity requirements, it does not allow unauthorized users or
malicious programs to alter the information and data.
4.1.2.5 Stability requirements
DCS has stability requirements. Once the DCS works unstably, there will be a
serious threat, resulting in a large number of unqualified products outflow, AND
meanwhile it also exacerbates the loss of equipment.
4.1.2.6 High reliability requirements
DCS has reliability requirements. DCS can carry out the control function of its
setting under the stipulated conditions for a long time, during which no
shutdown is allowed, AND it shall have good durability and maintainability.
4.2 DCS network security management system
4.2.1 General requirements
The core of DCS network security management is to establish, maintain and
improve the network security management system. Appropriate organizat...
Get QUOTATION in 1-minute: Click GB/T 33009.2-2016
Historical versions: GB/T 33009.2-2016
Preview True-PDF (Reload/Scroll if blank)
GB/T 33009.2-2016: Industrial automation and control system security -- Distributed control system (DCS) -- Part 2: Management requirements
GB/T 33009.2-2016
GB
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 25.040
N 10
Industrial automation and control system security -
Distributed control system (DCS) -
Part 2. Management requirements
ISSUED ON. OCTOBER 13, 2016
IMPLEMENTED ON. MAY 01, 2017
Issued by. General Administration of Quality Supervision, Inspection and
Quarantine of the People's Republic of China
Standardization Administration of the People's Republic of
China.
3. No action is required - Full-copy of this standard will be automatically and
immediately delivered to your EMAIL address in 0~60 minutes.
Table of Contents
Foreword ... 3
1 Scope .. 5
2 Normative references ... 5
3 Terms, definitions, abbreviations ... 5
3.1 Terms and definitions ... 5
3.2 Abbreviations .. 9
4 DCS security management overview .. 9
4.1 DCS system overview ... 9
4.2 DCS network security management system ... 12
5 DCS security management elements ... 18
5.1 Guidelines, strategies and procedures ... 18
5.2 Management organization ... 19
5.3 Asset management .. 21
5.4 Staff .. 22
5.5 Cryptography ... 23
5.6 Physical and environmental ... 23
5.7 Security control measures ... 24
5.8 Communication security ... 32
5.9 System operation and maintenance .. 33
5.10 Supplier relations ... 35
5.11 Information and document management ... 36
5.12 Business continuity planning .. 37
5.13 Security incident planning and response ... 38
5.14 Compliance ... 39
References ... 40
Foreword
GB/T 33009 “Industrial automation and control system security - Distributed
control system (DCS)” and GB/T 33008 “Industrial automation and control
system security - Programmable logic controller (PLC)” and other standards
together constitute the industrial automation and control systems network
security series standard.
GB/T 33009 “Industrial automation and control system security - Distributed
control system (DCS)” is divided into 4 parts.
- Part 1. Protection requirements;
- Part 2. Management requirements;
- Part 3. Assessment guidelines;
- Part 4. Risk and vulnerability detection requirements.
This part is part 2 of GB/T 33009.
This part was drafted in accordance with the rules given GB/T 1.1-2009.
This part was proposed by China Machinery Industry Federation.
This part shall be under the jurisdiction of the National Industrial Process
Measurement, Control and Automation Standardization Technical Committee
(SAC/TC 124) and the National Information Security Standardization Technical
Committee (SAC/TC 260).
The drafting organizations of this part. Zhejiang Institute of Control Technology
Co., Ltd., Zhejiang University, Machinery Industry Instrumentation Technology
and Economy Institute, Chongqing University of Posts and Telecommunications,
Chinese Academy of Sciences Shenyang Institute of Automation, Southwest
University, Fujian Institute of Technology, Hangzhou Institute of Science and
Technology, Beijing Venus Information Security Technology Co., Ltd., China
Electronics Standardization Institute, State Grid Smart Grid Research Institute,
China Nuclear Power Engineering Co., Ltd., Shanghai Automation
Instrumentation Co., Ltd., Dongtu Technology Co., Ltd., Tsinghua University,
Siemens (China) Limited, Schneider Electric (China) Co., Ltd., Beijing Iron and
Steel Design and Research Institute, Huazhong University of Science and
Technology, Beijing Austin Technology Co., Ltd., Rockwell Automation (China)
Co., Ltd., China Instrument Society, Ministry of Industry and Information
Technology Electronics Fifth Research Institute, Beijing Haitai Fangyuan
Technology Co., Ltd., Qingdao Tofino Information Security Technology Co., Ltd.,
Beijing Guodian Zhishen Control Technology Co., Ltd., Beijing Likong Huakang
Industrial automation and control system security -
Distributed control system (DCS) -
Part 2. Management requirements
1 Scope
This part of GB/T 33009 specifies the specific requirements of the distributed
control system network security management system and its related security
management elements.
This part applies to the security management in the operation and maintenance
process of the distributed control system.
2 Normative references
The following documents are essential to the application of this document. For
the dated documents, only the versions with the dates indicated are applicable
to this document; for the undated documents, only the latest version (including
all the amendments) are applicable to this document.
GB/T 20984-2007 Information security technology - Risk assessment
specification for information security
GB/T 22080-2008 Information technology - Security techniques - Information
security management systems - Requirements
GB/T 30976.1-2014 Industrial control system security - Part 1. Assessment
specification
ISO/IEC 27002.2013 Information technology - Security techniques - Code of
practice for information security controls
3 Terms, definitions, abbreviations
3.1 Terms and definitions
The terms and definitions as defined in GB/T 20984-2007 and GB/T 30976.1-
2014 AND the following terms and definitions apply to this document. For ease
3.1.16
Vulnerability
Defects or weaknesses in system design, implementation, or operation and
management, which can be exploited to compromise system integrity or
security policies.
[GB/T 30976.1-2014, Definition 3.1.1]
3.1.17
Asset
Anything that is valuable to the organization.
3.2 Abbreviations
The following abbreviations apply to this document.
DCS. Distributed Control System
DoS. Denial of Service
HSE. Health, Safety and Environmental Management System
SMS. Security Management System
MES. Manufacturing Execution System
PSM. Process Safety Management
4 DCS security management overview
4.1 DCS system overview
4.1.1 General DCS system application network structure
DCS system applications are usually a vertical hierarchical network structure,
from top to bottom including process monitoring layer, field control layer and
field equipment layer. Each layer is connected by a communication network,
each equipment in each layer is communicated through a communication
network of the same level. The typical network structure is as shown in Figure
1. This part mainly proposes requirements for security requirements of the
4.1.2.3 Security requirements
DCS has security requirements. DCS is generally deployed in important
production areas, the system does not allow security incidents.
4.1.2.4 Integrity requirements
DCS has integrity requirements, it does not allow unauthorized users or
malicious programs to alter the information and data.
4.1.2.5 Stability requirements
DCS has stability requirements. Once the DCS works unstably, there will be a
serious threat, resulting in a large number of unqualified products outflow, AND
meanwhile it also exacerbates the loss of equipment.
4.1.2.6 High reliability requirements
DCS has reliability requirements. DCS can carry out the control function of its
setting under the stipulated conditions for a long time, during which no
shutdown is allowed, AND it shall have good durability and maintainability.
4.2 DCS network security management system
4.2.1 General requirements
The core of DCS network security management is to establish, maintain and
improve the network security management system. Appropriate organizat...