iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
IEC

IEC TR 63415:2023

(Main)

Nuclear Power plants - Instrumentation and control systems - Use of formal security models for I&C security architecture design and assessment

Nuclear Power plants - Instrumentation and control systems - Use of formal security models for I&C security architecture design and assessment

IEC TR 63415:2023 provides an overview over the formalized modelling and designing of cybersecure architectures to apply for I&C system cybersecurity enforcement at NPPs. The plant-specific risk assessment can use the techniques covered by this TR. This document considers the complex problem of NPP I&C architecture synthesis to address particular issues:
- asset classification,
- barrier measures assignment,
- the information transfer and links conformity with security requirements.
This document provides guidance on creating a comprehensive security model applicable to NPP I&C systems that describes NPP I&C cybersecurity architecture and aids in accomplishing the main tasks of I&C system secure design, which are:
- specification of system designs with increased determinism that enhance security,
- mapping of the security requirements into the security architecture of the I&C system,
- definition of the security requirements for information exchange between components within the I&C system, operators and other systems,
- assistance in the determination of the security degree assignment with a model-based technique considering asset properties and formal grouping of the assets,
design and establishment of security zones boundaries.

General Information

Status
Published
Publication Date
29-Aug-2023
ICS
27.120.20 - Nuclear power plants. Safety
Technical Committee
SC 45A - Instrumentation, control and electrical power systems of nuclear facilities
Current Stage
PPUB - Publication issued
Start Date
20-Jul-2023
Completion Date
30-Aug-2023
Ref Project

Buy Standard

IEC TR 63415:2023 - Nuclear Power plants - Instrumentation and control systems - Use of formal security models for I&C security architecture design and assessment Released:8/30/2023IEC TR 63415:2023 - Nuclear Power plants - Instrumentation and control systems - Use of formal security models for I&C security architecture design and assessment Released:8/30/2023
PreviousNext
Technical report
IEC TR 63415:2023 - Nuclear Power plants - Instrumentation and control systems - Use of formal security models for I&C security architecture design and assessment Released:8/30/2023
English language
56 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)


IEC TR 63415 ®
Edition 1.0 2023-08
TECHNICAL
REPORT
colour
inside
Nuclear Power plants – Instrumentation and control systems – Use of formal
security models for I&C security architecture design and assessment

All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form
or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from
either IEC or IEC's member National Committee in the country of the requester. If you have any questions about IEC
copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or
your local IEC member National Committee for further information.

IEC Secretariat Tel.: +41 22 919 02 11
3, rue de Varembé info@iec.ch
CH-1211 Geneva 20 www.iec.ch
Switzerland
About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.

About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigendum or an amendment might have been published.

IEC publications search - webstore.iec.ch/advsearchform IEC Products & Services Portal - products.iec.ch
The advanced search enables to find IEC publications by a Discover our powerful search engine and read freely all the
variety of criteria (reference number, text, technical publications previews. With a subscription you will always have
committee, …). It also gives information on projects, replaced access to up to date content tailored to your needs.
and withdrawn publications.
Electropedia - www.electropedia.org
IEC Just Published - webstore.iec.ch/justpublished
The world's leading online dictionary on electrotechnology,
Stay up to date on all new IEC publications. Just Published
containing more than 22 300 terminological entries in English
details all new publications released. Available online and once
and French, with equivalent terms in 19 additional languages.
a month by email.
Also known as the International Electrotechnical Vocabulary

(IEV) online.
IEC Customer Service Centre - webstore.iec.ch/csc

If you wish to give us your feedback on this publication or need
further assistance, please contact the Customer Service
Centre: sales@iec.ch.
IEC TR 63415 ®
Edition 1.0 2023-08
TECHNICAL
REPORT
colour
inside
Nuclear Power plants – Instrumentation and control systems – Use of formal

security models for I&C security architecture design and assessment

INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
ICS 27.120.20  ISBN 978-2-8322-7340-1

– 2 – IEC TR 63415:2023 © IEC 2023
CONTENTS
FOREWORD . 5
INTRODUCTION . 7
1 Scope . 9
2 Normative references . 10
3 Terms and definitions . 10
4 Abbreviated terms . 12
5 I&C system security life cycle and security modelling activities . 13
6 Description of a typical NPP I&C system . 15
7 Security requirements and security architecture . 16
7.1 General framework . 16
7.2 Integrated security model . 18
7.3 Basics of the information exchange model (DM) . 18
7.4 Basics of the security model (SLM) . 18
7.5 Basic principles of the secure design . 19
7.6 Asset ranking and ordering . 19
7.7 Information property of the asset. 19
7.8 Security degrees concept and security architecture. 20
7.9 Establishing a relation between the data model and the security model . 21
8 Procedure of I&C security modelling . 21
8.1 General . 21
8.2 General approach to asset classification . 24
8.3 Security degree assignment and the analysis of model conformance . 24
8.4 Classification in hierarchical systems . 24
9 Case study of I&C security architecture synthesis . 26
9.1 General . 26
9.2 Definition of the security model . 26
9.3 Selecting the detail level in system analysis . 27
9.4 Asset classification . 27
9.5 Identification and initial classification of assets . 28
9.6 Data model . 28
9.7 Analysis of the model and synthesis of architecture . 29
9.8 Assessment of the modified security architecture . 33
10 NPP cybersecurity simulation for security assessment of I&C systems . 34
11 Conclusion . 35
Annex A (informative) Data model . 37
Annex B (informative) Security model definition (SLM) . 40
Annex C (informative) Justification of the secure by design principle . 41
Annex D (informative) Mapping of security and data model . 43
Annex E (informative) Formal approach to asset clustering and classification . 46
E.1 Input data types and the choice of data representation for the analysis . 46
E.2 Order relation on a security graph . 46
E.3 Data renormalization . 47
E.4 Criteria and clustering method . 47
Annex F (informative) Some algorithmic aspects for security architecture synthesis . 49
Annex G (informative) Asset classification using clustering method: an example . 50

Annex H (informative) Mathematical notations in the integrated security mode . 53
H.1 Integrated cybersecurity model, ICM . 53
H.2 Model of information exchange, DM . 53
H.3 Allowed transformation of a security graph . 53
H.4 Relationship of secure information transfer between two assets . 53
H.5 Relationship of simple information transfer between two assets . 53
H.6 Asymmetric operations between two assets . 53
H.7 Access rules model . 53
H.8 Relationship of simple information transfer between security degrees . 54
H.9 Relationship of secure information transfer between security degrees . 54
H.10 Operator R of mapping between two models . 54
Bibliography . 55

Figure 1 – Structure of a typical I&C system . 16
Figure 2 – Procedure of security architecture synthesis . 23
Figure 3 – I&C information model with subsystem hierarchy (left) and without it (right) . 25
Figure 4 – Simplified information model of security. (secure relation between degrees

are shown by dashed lines) . 27
Figure 5 – General security graph for I&C subsystem without taking into account
security controls. The borders show boundaries for workstation server and gate
subsystem. . 29
Figure 6 – Changes in the security graph for I&C subsystem when OS_WS asset is
targeting allocation to a separate zone. The edges belonging to the minimal cut are
shown with bold lines. . 30
Figure 7 – General view of the security graph for I&C subsystem, taking into account
security controls for OS assets. The security degree structure is shown in a) and the
zone structure is shown in b). Degrees and zones are shown in a solid rectangle. The
degree is numbered. . 31
Figure 8 – Changes in the security graph for I&C subsystem when server assets are
targeting allocation to a separate zone from the workstation. The edges belonging to
minimal cut are highlighted with bold line. . 32
Figure 9 – General representation of the security graph for practical I&C subsystem,
taking into account all assigned security controls for the assets. The security degree
structure is shown in a) and zone structure is shown in b). The degrees and zones are
shown in solid rectangle. The degrees are numbered. . 33
Figure 10 – General scenario of use of the digital twin for stress tests . 35
Red and orange arrows mean secure information transfer, black arrows mean
“common” information transfer. . 43
Figure D.1 – Sketch of link transformation . 43
Figure D.2 – Example of domains of connectivity in a graph – Here the graph splits
into three domains . 44
Figure G.1 – Security graph of the system in the information exchange model . 50
Figure G.2 – Transitive closure of the security graph by the relation w . 51
Figure G.3 – Asset partitioning by security degrees . 51

Table 1 – I&C life cycle stages and corresponding scenarios for the use of security
modelling . 13
Table 2 – List of assets of a typical control system channel and IS target
characteristics . 28

– 4 – IEC TR 63415:2023 © IEC 2023
Table 3 – Information security characteristics for assets in the architecture of a I&C
subsystem . 34
Table A.1 – Correspondence of the physical properties of I&C systems with the

properties of the security graph . 37
Table E.1 – NPP I&C asset properties . 46
Table F.1 – Computational methods for analyzing the security graph . 49
Table G.1 – Table of attributes . 50
Table G.2 – Partition of the assets into security degrees . 52

INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
NUCLEAR POWER PLANTS – INSTR
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

IEC
IEC TR 63468:2023(Main)
Nuclear facilities - Instrumentation and control, and electrical power systems - Artificial Intelligence applications

IEC TR 63468:2023 overviews the fundamentals of artificial intelligence (AI) as it could potentially be applied within nuclear facilities and identifies proven or potential applications, with the objective to foster better understanding and adoption of AI technologies within such facilities. With the objective of supporting future standard development work of IEC SC 45A in this technical area, this document takes the initiative to propose a structure for SC 45A standard series on nuclear AI applications and recommends setting up a new dedicated working group to be responsible for and coordinate standard development efforts in this particular area, taking into account its cross-cutting nature.

  • Technical report
    44 pages
    English language
    sale 15% off
IEC
IEC 60951-1:2022(Main)
Nuclear facilities - Instrumentation systems important to safety - Radiation monitoring for accident and post-accident conditions - Part 1: General requirements

IEC 60951-1:2022 is available as IEC 60951-1:2022 RLV which contains the International Standard and its Redline version, showing all changes of the technical content compared to the previous edition.IEC 60951-1:2022 provides general guidance on the design principles and performance criteria for equipment to measure radiation and fluid (gaseous effluents or liquids) radioactivity levels at nuclear facilities during and after design basis accidents (DBA) and design extension conditions (DEC), including severe accident (SA). This document is limited to equipment for continuous monitoring of radioactivity in design basis accidents (DBA), design extension conditions (DEC), including severe accident (SA) and post-accident conditions. The purpose of this document is to lay down general requirements and give examples of acceptable methods for equipment for continuous monitoring of radioactivity within the facility during and after design basis accidents (DBA), design extension conditions (DEC), including severe accident (SA) in nuclear facilities. This third edition cancels and replaces the second edition published in 2009.The main technical changes with regard to the previous edition are as follows.
- title modified.
- to be consistent with the categorization of the accident condition.
- to update the references to new standards published since the second edition.
- to update the terms and definitions.

  • Standard
    147 pages
    English language
    sale 15% off
  • Standard
    97 pages
    English and French language
    sale 15% off
IEC
IEC 62397:2022(Main)
Nuclear power plants - Instrumentation and control important to safety - Resistance temperature detectors

IEC 62397:2022 describes the requirements for resistance temperature detectors (RTDs) suitable for applications in I&C systems important to safety of nuclear power plants. The requirements of RTDs include design, materials, manufacturing, testing, calibration, procurement, and inspection. RTDs used for safety applications in Nuclear Power Plants can be categorized into direct-immersed and thermowell-mounted RTDs.
This standard describes the requirements for the design, material selection, procurement, construction, and testing of resistance temperature detectors (RTDs) used in nuclear power plants (NPPs). These RTDs may be used in both the nuclear safety I&C systems and/or in the non-safety-related instrumentation systems.
This second edition cancels and replaces the first edition, published in 2007; it also cancels and replaces the first edition of IEC 61224:1993. This edition includes the following significant technical changes with respect to the previous edition.

  • Standard
    79 pages
    English and French language
    sale 15% off
IEC
IEC 62705:2022(Main)
Nuclear facilities - Instrumentation and control important to safety - Radiation monitoring systems (RMS): Characteristics and lifecycle

IEC 62705:2022 is available as IEC 62705:2022 RLV which contains the International Standard and its Redline version, showing all changes of the technical content compared to the previous edition.
IEC 62705:2022 gives requirements for the lifecycle management of radiation monitoring systems (RMS) and gives guidance on the application of existing IEC standards covering the design and qualification of systems and equipment. The purpose of this document is to lay down requirements for the lifecycle management of RMSs and give application guidance. This document is intended to be consistent with the latest versions of International Standards dealing with radiation monitors, sampling of radioactive materials, instruments calibration, hardware and software design, classification, and qualification. This document is applicable to RMSs installed in nuclear facilities intended for use during normal operation, anticipated operational occurrences (AOO), design basis accidents (DBA) and design extension conditions (DEC), including severe accidents (SA). This second edition cancels and replaces the first edition published in 2014. This edition includes the following significant technical changes with respect to the previous edition:
- modification of the title.
- to be consistent with the categorization of the accident condition.
- to update the references to new standards published since the first edition.
- to update the terms and definitions.

  • Standard
    78 pages
    English language
    sale 15% off
  • Standard
    52 pages
    English and French language
    sale 15% off
IEC
IEC 60910:2022(Main)
Nuclear power plants - Instrumentation important to safety - Containment monitoring for early detection of developing deviations from normal operation in light water reactors

IEC 60910:2022 provides requirements for primary and secondary containment parameter monitoring that enable the operator to identify developing deviations from normal operation. The operator can then take corrective action at an early stage to prevent a minor failure from developing into a serious plant failure or an accident condition. This document is directed towards monitoring the primary and secondary containment under normal conditions only.
This second edition cancels and replaces the first edition, published in 1988. This edition includes the following significant technical changes with respect to the previous edition:
a. Modification of title;
b. Integration of new technology and knowledge;
c. Drafting directed towards monitoring conditions in containment under normal conditions.

  • Standard
    32 pages
    English and French language
    sale 15% off
IEC
IEC 60951-3:2022(Main)
Nuclear facilities - Instrumentation systems important to safety - Radiation monitoring for accident and post-accident conditions - Part 3: Equipment for continuous high range area gamma monitoring

IEC 60951-3:2022 is available as IEC 60951-3:2022 RLV which contains the International Standard and its Redline version, showing all changes of the technical content compared to the previous edition.
IEC 60951-3:2022 provides general guidance on the design principles and performance criteria for equipment for continuous high range area gamma monitoring in nuclear facilities for accident and post-accident conditions. This document categorizes accident conditions into design basis accidents (DBA) and design extension conditions (DEC), including severe accident (SA). The purpose of this document is to lay down general requirements for equipment for continuous high range area gamma monitoring of radiation within the facility during and after accident conditions in nuclear facilities. This document is applicable to installed dose rate meters that are used to monitor high levels of gamma radiation during and after an accident. This third edition cancels and replaces the second edition published in 2009.The main technical changes with regard to the previous edition are as follows:
- Title modified.
- To be consistent with the categorization of the accident condition.
- To update the references to new standards published since the second edition.
- To update the terms and definitions.
This standard is to be read in conjunction with IEC 60951-1.

  • Standard
    53 pages
    English language
    sale 15% off
  • Standard
    35 pages
    English and French language
    sale 15% off
IEC
IEC/IEEE 62582-2:2022(Main)
Nuclear power plants - Instrumentation and control important to safety - Electrical equipment condition monitoring methods - Part 2: Indenter measurements

IEC/IEEE 62582-2:2022 is available as IEC/IEEE 62582-2:2022 RLV which contains the International Standard and its Redline version, showing all changes of the technical content compared to the previous edition.
IEC/IEEE 62582-2:2022 contains methods for condition monitoring of organic and polymeric materials in instrumentation and control systems using the indenter measurement technique in the detail necessary to produce accurate and reproducible measurements. It includes the requirements for the selection of samples, the measurement system and measurement conditions, and the reporting of the measurement results. This document is intended for application to non-energised equipment. This document is published as an IEC/IEEE Dual Logo standard. This second edition cancels and replaces the first edition published in 2011, and its Amendment 1:2016. This edition includes the following significant technical changes with respect to the previous edition:
- Modification of the title;
- Consideration of publication of IEC/IEEE 60780-323.

  • Standard
    70 pages
    English language
    sale 15% off
  • Standard
    46 pages
    English and French language
    sale 15% off
IEC
IEC/IEEE 62582-4:2022(Main)
Nuclear power plants - Instrumentation and control important to safety - Electrical equipment condition monitoring methods - Part 4: Oxidation induction techniques

IEC/IEEE 62582-4:2022 is available as IEC/IEEE 62582-4:2022 RLV which contains the International Standard and its Redline version, showing all changes of the technical content compared to the previous edition.IEC/IEEE 62582-4:2022 specifies methods for condition monitoring of organic and polymeric materials in instrumentation and control systems using oxidation induction techniques in the detail necessary to produce accurate and reproducible measurements. It includes the requirements for sample preparation, the measurement system and conditions, and the reporting of the measurement results. This second edition cancels and replaces the first edition published in 2011, and its Amendment 1:2016. This edition includes the following significant technical changes with respect to the previous edition:
- Consideration of publication of IEC/IEEE 60780-323;
- An example added in Annex B and update;
- Annex C added.

  • Standard
    92 pages
    English language
    sale 15% off
  • Standard
    60 pages
    English and French language
    sale 15% off
IEC
IEC TR 63400:2021(Main)
Nuclear facilities - Instrumentation, control and electrical power systems important to safety - Structure of the IEC SC 45A standards series

IEC TR 63400:2021 is intended to augment that description to enable users of individual IEC SC 45A standards to obtain a more comprehensive understanding of the overall structure of the series and its relationship with other standards bodies and standards. This document outlines the scope of the IEC SC 45A standards series and describes the basic structure of the IEC SC 45A standards series, with particular reference to a hierarchy of levels and subdivision into a set of broad topic areas. it presents the structure of the IEC SC 45A standards series in diagrammatic form.

  • Technical report
    63 pages
    English language
    sale 15% off
IEC
IEC 63186:2021(Main)
Nuclear power plants - Instrumentation and control systems important to safety - Criteria for seismic trip system

IEC 63186:2021 specifies the minimum requirements for the design of the seismic trip system, and the components thereof, used in a nuclear power plant to mitigate seismic effects. This system is intended to shut down the reactor in operation automatically before it is significantly impacted by the vibratory ground motion incurred by strong earthquakes. This document is applicable to both the design of new built plants and the upgrading of plants in operation. It may be used for the design of other types of nuclear facilities where normal operation shall be stopped in case of strong seismic motions.

  • Standard
    42 pages
    English and French language
    sale 15% off