ARCHITECT’S GUIDE:
ICS SECURITY USING TNC TECHNOLOGY
Trusted Computing Group
3855 SW 153rd Drive
Beaverton, OR 97006
Tel (503) 619-0562
Fax (503) 644-6708
admin@trustedcomputinggroup.org
www.trustedcomputinggroup.org
October 2013
Executive Summary and Action Items
Industrial Control Systems (ICSs) are increasingly being
connected to networks and exposed to viruses, malware,
and attacks that affect other network-connected systems.
As a result, many standards organizations including the
International Society of Automation (ISA), the International
Electrotechnical Commission (IEC), and the Trusted Com-
puting Group (TCG) [as well as the Internet Engineering
Task Force (IETF), The Open Group and others] are devel-
oping standards-based approaches for increased control
system security.
ISA/IEC-62443 denes a zone and conduit strategy to pro-
vide ICS security. The zones are layers or subdivisions of
the logical or physical assets of a control system, based on
their control function. Conduits connect the zones, provid-
ing a path for data ow, and must be managed to protect
network trafc.
TCG standards developed by the Trusted Network Connect
(TNC) workgroup (
see sidebar, page 5
) can be implemented
today to provide increased security and protection from un-
authorized ICS access. These standards help implement
the security dened in ISA/IEC specications. Specically,
the Interface for a Metadata Access Point (IF-MAP) Metada-
ta for ICS Security specication facilitates the deployment,
management, and protection of large-scale industrial control
systems by creating virtual overlay networks on top of stan-
dard shared Internet Protocol (IP) network infrastructure.
This Architect’s Guide shows information technology (IT)
and control systems executives and architects how to im-
plement a standards-based, interoperable approach to ICS
security as specied in ISA 99 (now IEC 62443) and ISA
100.15.
Critical strategies for architects include:
1. Dene the zones to account for all ICS assets
2. Dene the attributes of each zone
3. Map all channels or means of data transfer including
mobile transfers
4. Dene conduits to contain all discovered channels
5. Dene controls for the ow of digital information
for each zone and conduit in the facility
下载后可阅读完整内容,剩余5页未读,立即下载
书香度年华
- 粉丝: 1w+
- 资源: 383
我的内容管理
展开
最新资源
- Hadoop生态系统与MapReduce详解
- MDS系列三相整流桥模块技术规格与特性
- MFC编程:指针与句柄获取全面解析
- LM06:多模4G高速数据模块,支持GSM至TD-LTE
- 使用Gradle与Nexus构建私有仓库
- JAVA编程规范指南:命名规则与文件样式
- EMC VNX5500 存储系统日常维护指南
- 大数据驱动的互联网用户体验深度管理策略
- 改进型Booth算法:32位浮点阵列乘法器的高速设计与算法比较
- H3CNE网络认证重点知识整理
- Linux环境下MongoDB的详细安装教程
- 压缩文法的等价变换与多余规则删除
- BRMS入门指南:JBOSS安装与基础操作详解
- Win7环境下Android开发环境配置全攻略
- SHT10 C语言程序与LCD1602显示实例及精度校准
- 反垃圾邮件技术:现状与前景
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
