Maritime navigation and radiocommunication equipment and systems - Digital interfaces - Part 460: Multiple talkers and multiple listeners - Ethernet interconnection - Safety and security

NEW!IEC 61162-460:2018 is available as IEC 61162-460:2018 RLV which contains the International Standard and its Redline version, showing all changes of the technical content compared to the previous edition.IEC 61162-460:2018 is an add-on to IEC 61162-450 where higher safety and security standards are needed, for example due to higher exposure to external threats or to improve network integrity. This document provides requirements and test methods for equipment to be used in an IEC 61162-460 compliant network as well as requirements for the network itself and requirements for interconnection from the network to other networks. This document also contains requirements for a redundant IEC 61162-460 compliant network. This document does not introduce new application level protocol requirements to those that are defined in IEC 61162-450. This second edition of IEC 61162-460 cancels and replaces the first edition published in 2015. This edition constitutes a technical revision. This edition includes the following significant technical changes with respect to the previous edition: a) 460-Switches and 460-Forwarders are required to implement IGMP snooping; b) connection between secure and non-secure areas requires a 460-Forwarder as an isolation element; c) SFI collision detection added as function of network monitoring; d) 460-Gateway and 460-Wireless gateway are no longer required to report to the network monitoring; e) all alerts from network monitoring have standardized alert identifiers.

Navigations- und Funkkommunikationsgeräte und -systeme für die Seeschifffahrt - Digitale Schnittstellen - Teil 460: Mehrere Datensender und mehrere Datenempfänger - Ethernet-Verbund - Funktionale und Informationssicherheit

Matériels et systèmes de navigation et de radiocommunication maritimes - Interfaces numériques - Partie 460: Émetteurs multiples et récepteurs multiples - Interconnexion Ethernet - Sûreté et sécurité

NEW!IEC 61162-460:2018 est disponible sous forme de IEC 61162-460:2018 RLV qui contient la Norme internationale et sa version Redline, illustrant les modifications du contenu technique depuis l'édition précédente.L'IEC 61162-460:2018 vient s'ajouter à la norme IEC 61162-450 lorsque des normes plus rigoureuses en matière de sûreté et de sécurité sont nécessaires, par exemple en raison d'une exposition plus importante aux menaces externes ou afin de renforcer l'intégrité du réseau. Le présent document spécifie des exigences et des méthodes d'essai pour les matériels à utiliser dans un réseau conforme à l'IEC 61162-460 ainsi que des exigences relatives au réseau proprement dit et des exigences relatives à l'interconnexion du réseau avec d'autres réseaux. Le présent document comprend également des exigences s'appliquant aux réseaux redondants conformes à l'IEC 61162-460. Le présent document n'introduit pas de nouvelles exigences relatives aux protocoles des niveaux d'application par rapport à celles définies dans l'IEC 61162-450. Cette deuxième édition de l'IEC 61162-460 annule et remplace la première édition parue en 2015. Cette édition constitue une révision technique. Cette édition inclut les modifications techniques majeures suivantes par rapport à l'édition précédente: a) les commutateurs-460 et les redirecteurs-460 sont exigés pour la mise en œuvre de la surveillance du trafic des protocoles Internet de gestion de groupe (IGMP – Internet group management protocol); b) le raccordement entre des zones protégées et des zones non protégées exige un redirecteur-460 en tant qu'élément isolant; c) ajout de la détection de collision par ID de fonction du système (SFI – system function ID) comme fonction de surveillance du réseau; d) la consignation de la passerelle-460 et de la passerelle sans fil-460 à la surveillance du réseau n'est plus exigée; e) toutes les alertes issues de la surveillance du réseau ont des identificateurs d'alerte normalisés.

Pomorska navigacijska in radiokomunikacijska oprema in sistemi - Digitalni vmesniki - 460. del: Več govorcev in poslušalcev - Povezovanje prek eterneta - Varnost in zaščita (IEC 61162-460:2018)

Ta del standarda IEC 61162 je dodatek k standardu IEC 61162-450 za področja, na katerih so zahtevani strožji standardi varnosti in zaščite, npr. zaradi visoke stopnje izpostavljenosti zunanjim nevarnostnim ali izboljšanja integritete omrežja. Ta dokument določa zahteve in preskusne metode za opremo, ki se uporabi v omrežju, skladnim s standardom IEC 61162-460, ter zahteve za omrežje samo in zahteve za povezovanje zadevnega omrežja z drugimi omrežji. Ta dokument vsebuje tudi zahteve za redundantno omrežje, skladno s standardom EC 61162-460.
Dokument ne uvaja novih zahtev za protokol aplikacijske plasti k zahtevam, opredeljenim v standardu IEC 61162-450.

General Information

Status
Published
Publication Date
16-Aug-2018
Current Stage
6060 - Document made available
Due Date
04-Jun-2018

RELATIONS

Buy Standard

Standard
EN IEC 61162-460:2018 - BARVE na PDF-str 39,63,68,69,70,71
English language
74 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (sample)

SLOVENSKI STANDARD
SIST EN IEC 61162-460:2018
01-oktober-2018
1DGRPHãþD
SIST EN 61162-460:2016
3RPRUVNDQDYLJDFLMVNDLQUDGLRNRPXQLNDFLMVNDRSUHPDLQVLVWHPL'LJLWDOQL
YPHVQLNLGHO9HþJRYRUFHYLQSRVOXãDOFHY3RYH]RYDQMHSUHNHWHUQHWD
9DUQRVWLQ]DãþLWD ,(&

Maritime navigation and radiocommunication equipment and systems - Digital interfaces

- Part 460: Multiple talkers and multiple listeners - Ethernet interconnection - Safety and

security (IEC 61162-460:2018)
Navigations- und Funkkommunikationsgeräte und -systeme für die Seeschifffahrt -

Digitale Schnittstellen - Teil 460: Mehrere Datensender und mehrere Datenempfänger -

Ethernet-Verbund - Funktionale und Informationssicherheit (IEC 61162-460:2018)

Matériels et systèmes de navigation et de radiocommunication maritimes - Interfaces

numériques - Partie 460 : Emetteurs multiples et récepteurs multiples - Interconnexion

Ethernet - Sûreté et sécurité (IEC 61162-460:2018)
Ta slovenski standard je istoveten z: EN IEC 61162-460:2018
ICS:
35.200 Vmesniška in povezovalna Interface and interconnection
oprema equipment
47.020.70 Navigacijska in krmilna Navigation and control
oprema equipment
SIST EN IEC 61162-460:2018 en

2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
SIST EN IEC 61162-460:2018
---------------------- Page: 2 ----------------------
SIST EN IEC 61162-460:2018
EUROPEAN STANDARD EN IEC 61162-460
NORME EUROPÉENNE
EUROPÄISCHE NORM
August 2018
ICS 47.020.70 Supersedes EN 61162-460:2015
English Version
Maritime navigation and radiocommunication equipment and
systems - Digital interfaces - Part 460: Multiple talkers and
multiple listeners - Ethernet interconnection - Safety and security
(IEC 61162-460:2018)

Matériels et systèmes de navigation et de Navigations- und Funkkommunikationsgeräte und -systeme

radiocommunication maritimes - Interfaces numériques - für die Seeschifffahrt - Digitale Schnittstellen -

Partie 460: Émetteurs multiples et récepteurs multiples - Teil 460: Mehrere Datensender und mehrere

Interconnexion Ethernet - Sûreté et sécurité Datenempfänger - Ethernet-Verbund - Funktionale und

(IEC 61162-460:2018) Informationssicherheit
(IEC 61162-460:2018)

This European Standard was approved by CENELEC on 2018-06-08. CENELEC members are bound to comply with the CEN/CENELEC

Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration.

Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC

Management Centre or to any CENELEC member.

This European Standard exists in three official versions (English, French, German). A version in any other language made by translation

under the responsibility of a CENELEC member into its own language and notified to the CEN-CENELEC Management Centre has the

same status as the official versions.

CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic,

Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia,

Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden,

Switzerland, Turkey and the United Kingdom.
European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung
CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels

© 2018 CENELEC All rights of exploitation in any form and by any means reserved worldwide for CENELEC Members.

Ref. No. EN IEC 61162-460:2018 E
---------------------- Page: 3 ----------------------
SIST EN IEC 61162-460:2018
EN IEC 61162-460:2018
European foreword
The text of document 80/879/FDIS, future edition 2 of IEC 61162-460, prepared by

IEC/TC 80 "Maritime navigation and radiocommunication equipment and systems" was submitted to

the IEC-CENELEC parallel vote and approved by CENELEC as EN IEC 61162-460:2018.
The following dates are fixed:
(dop) 2019-03-08
• latest date by which the document has to be
implemented at national level by
publication of an identical national
standard or by endorsement
• latest date by which the national (dow) 2021-06-08
standards conflicting with the
document have to be withdrawn
This document supersedes EN 61162-460:2015.

Attention is drawn to the possibility that some of the elements of this document may be the subject of

patent rights. CENELEC shall not be held responsible for identifying any or all such patent rights.

Endorsement notice

The text of the International Standard IEC 61162-460:2018 was approved by CENELEC as a

European Standard without any modification.

In the official version, for Bibliography, the following notes have to be added for the standards indicated:

IEC 60812 NOTE Harmonized as EN 60812.
IEC 61162 Series NOTE Harmonized as EN 61162 Series.
IEC 61162-1 NOTE Harmonized as EN 61162-1.
IEC 61162-2 NOTE Harmonized as EN 61162-2.
IEC 62388 NOTE Harmonized as EN 62388.
IEC 62439 Series NOTE Harmonized as EN 62439 Series.
IEC 62439-1 NOTE Harmonized as EN 62439-1.
IEC 62439-2 NOTE Harmonized as EN 62439-2.
IEC 62439-3 NOTE Harmonized as EN 62439-3.
IEC 62439-4 NOTE Harmonized as EN 62439-4.
IEC 62439-5 NOTE Harmonized as EN 62439-5.
IEC 62439-6 NOTE Harmonized as EN 62439-6.
IEC 62940 NOTE Harmonized as EN 62940.
ISO 9241-12 NOTE Harmonized as EN ISO 9241-12 .

Superseded by EN ISO 9241-112 (ISO 9241-112) and EN ISO 9241-125 (ISO 9241-125).

---------------------- Page: 4 ----------------------
SIST EN IEC 61162-460:2018
EN IEC 61162-460:2018
Annex ZA
(normative)
Normative references to international publications
with their corresponding European publications

The following documents are referred to in the text in such a way that some or all of their content

constitutes requirements of this document. For dated references, only the edition cited applies. For

undated references, the latest edition of the referenced document (including any amendments)

applies.

NOTE 1 Where an International Publication has been modified by common modifications, indicated by (mod), the relevant

EN/HD applies.

NOTE 2 Up-to-date information on the latest versions of the European Standards listed in this annex is available here:

www.cenelec.eu.
Publication Year Title EN/HD Year
IEC 60945 - Maritime navigation and EN 60945 -
radiocommunication equipment and
systems - General requirements - Methods
of testing and required test results
Maritime navigation and
IEC 61162-450 2018 EN IEC 61162-450 2018
radiocommunication equipment and
systems - Digital interfaces -
Part 450: Multiple talkers and multiple
listeners - Ethernet interconnection
IEC 61924-2 2012 Maritime navigation and EN 61924-2 2013
radiocommunication equipment and
systems - Integrated navigation systems -
Part 2: Modular structure for INS -
Operational and performance
requirements, methods of testing and
required test results
IEC 62288 2014 Maritime navigation and EN 62288 2014
radiocommunication equipment and
systems - Presentation of navigation-
related information on shipborne
navigational displays - General
requirements, methods of testing and
required test results
IEEE 802.1D 2004 IEEE Standard for local and metropolitan - -
area networks - Media Access Control
(MAC) Bridges
IEEE 802.1Q - IEEE Standard for Local and metropolitan - -
area networks - Media Access Control
(MAC) Bridges and Virtual Bridges
IETF RFC 792 1981 Internet Control Message Protocol (ICMP) - -
IETF RFC 1112 1989 Host Extensions for IP Multicasting - -
(SNMP)
IETF RFC 1157 1990 Simple Network Management Protocol - -
(SNMP)
Remote Network Monitoring Management
IETF RFC 2021 1997 - -
Information Base
---------------------- Page: 5 ----------------------
SIST EN IEC 61162-460:2018
EN IEC 61162-460:2018
Publication Year Title EN/HD Year
IETF RFC 2236 1997 Internet Group Management Protocol, - -
Version 2
IETF RFC 2819 2000 Remote Network Monitoring Management - -
Information Base
IETF RFC 3411 2002 An Architecture for Describing Simple - -
Network Management Protocol (SNMP)
Management Frameworks
IETF RFC 3577 2003 Introduction to the RMON family of MIB - -
modules
IETF RFC 4604 2006 Using Internet Group Management - -
Protocol Version 3 (IGMPv3) and Multicast
Listener Discovery Protocol Version 2
(MLDv2) for Source-Specific Multicast
IETF RFC 5424 2009 The Syslog Protocol - -
---------------------- Page: 6 ----------------------
SIST EN IEC 61162-460:2018
IEC 61162-460
Edition 2.0 2018-05
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
colour
inside
Maritime navigation and radiocommunication equipmentand systems – Digital
interfaces –
Part 460: Multiple talkers and multiple listeners – Ethernet interconnection –
Safety and security
Matériels et systèmes de navigation et de radiocommunication maritimes –
Interfaces numériques –
Partie 460: Émetteurs multiples et récepteurs multiples – Interconnexion
Ethernet – Sûreté et sécurité
INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
COMMISSION
ELECTROTECHNIQUE
INTERNATIONALE
ICS 47.020.70 ISBN 978-2-8322-5522-3

Warning! Make sure that you obtained this publication from an authorized distributor.

Attention! Veuillez vous assurer que vous avez obtenu cette publication via un distributeur agréé.

® Registered trademark of the International Electrotechnical Commission
Marque déposée de la Commission Electrotechnique Internationale
---------------------- Page: 7 ----------------------
SIST EN IEC 61162-460:2018
– 2 – IEC 61162-460:2018 © IEC 2018
CONTENTS

FOREWORD ........................................................................................................................... 6

1 Scope .............................................................................................................................. 8

2 Normative references ...................................................................................................... 8

3 Terms and definitions ...................................................................................................... 9

4 High-level requirements ................................................................................................. 15

4.1 Overview............................................................................................................... 15

4.2 Description ........................................................................................................... 15

4.3 General requirements ........................................................................................... 16

4.3.1 Equipment and system requirements ............................................................. 16

4.3.2 Physical composition requirements ................................................................ 16

4.3.3 Logical composition requirements .................................................................. 17

4.4 Physical component requirements ......................................................................... 17

4.4.1 450-Node....................................................................................................... 17

4.4.2 460-Node....................................................................................................... 17

4.4.3 460-Switch .................................................................................................... 18

4.4.4 460-Forwarder ............................................................................................... 18

4.4.5 460-Gateway and 460-Wireless gateway ....................................................... 18

4.5 Logical component requirements ........................................................................... 18

4.5.1 Network monitoring function .......................................................................... 18

4.5.2 System management function ........................................................................ 18

4.6 System documentation requirements .................................................................... 19

4.7 Secure area requirements ..................................................................................... 19

5 Network traffic management requirements ..................................................................... 19

5.1 460-Node requirements......................................................................................... 19

5.2 460-Switch requirements....................................................................................... 20

5.2.1 Resource allocation ....................................................................................... 20

5.2.2 Loop prevention ............................................................................................. 20

5.3 460-Forwarder requirements ................................................................................. 20

5.3.1 Traffic separation ........................................................................................... 20

5.3.2 Resource allocation ....................................................................................... 21

5.3.3 Traffic prioritization ........................................................................................ 21

5.4 System design requirements ................................................................................. 22

5.4.1 Documentation .............................................................................................. 22

5.4.2 Traffic ............................................................................................................ 22

5.4.3 Connections between secure and non-secure areas ...................................... 22

6 Security requirements .................................................................................................... 23

6.1 Security scenarios ................................................................................................ 23

6.1.1 Threat scenarios ............................................................................................ 23

6.1.2 Internal threats .............................................................................................. 23

6.1.3 External threats ............................................................................................. 23

6.2 Internal security requirements ............................................................................... 24

6.2.1 General ......................................................................................................... 24

6.2.2 Denial of service protection ........................................................................... 24

6.2.3 REDS security ............................................................................................... 24

6.2.4 Access control ............................................................................................... 25

6.3 External security requirements .............................................................................. 26

---------------------- Page: 8 ----------------------
SIST EN IEC 61162-460:2018
IEC 61162-460:2018 © IEC 2018 – 3 –

6.3.1 Overview ....................................................................................................... 26

6.3.2 Firewalls ........................................................................................................ 26

6.3.3 Direct communication .................................................................................... 26

6.3.4 460-Node....................................................................................................... 27

6.3.5 460-Gateway ................................................................................................. 27

6.3.6 460-Wireless gateway.................................................................................... 28

6.4 Additional security issues ...................................................................................... 29

7 Redundancy requirements ............................................................................................. 29

7.1 General requirements ........................................................................................... 29

7.1.1 General ......................................................................................................... 29

7.1.2 Interface redundancy ..................................................................................... 30

7.1.3 Device redundancy ........................................................................................ 30

7.2 460-Node requirements......................................................................................... 30

7.3 460-Switch requirements....................................................................................... 31

7.4 460-Forwarder requirements ................................................................................. 31

7.5 460-Gateway and 460-Wireless gateway requirements ......................................... 31

7.6 Network monitoring function requirements ............................................................ 31

7.7 System design requirements ................................................................................. 31

8 Network monitoring requirements .................................................................................. 31

8.1 Network status monitoring ..................................................................................... 31

8.1.1 460-Network .................................................................................................. 31

8.1.2 460-Node....................................................................................................... 31

8.1.3 460-Switch .................................................................................................... 32

8.1.4 460-Forwarder ............................................................................................... 32

8.2 Network monitoring function .................................................................................. 32

8.2.1 General ......................................................................................................... 32

8.2.2 Network load monitoring function ................................................................... 33

8.2.3 Redundancy monitoring function .................................................................... 34

8.2.4 Network topology monitoring function ............................................................ 34

8.2.5 Syslog recording function .............................................................................. 35

8.2.6 Redundancy of network monitoring function ................................................... 36

8.2.7 Alert management ......................................................................................... 36

9 Controlled network requirements ................................................................................... 37

10 Methods of testing and required test results .................................................................. 38

10.1 Subject of tests ..................................................................................................... 38

10.2 Test site ................................................................................................................ 38

10.3 General requirements ........................................................................................... 38

10.4 450-Node .............................................................................................................. 39

10.5 460-Node .............................................................................................................. 39

10.5.1 Network traffic management .......................................................................... 39

10.5.2 Security ......................................................................................................... 40

10.5.3 Redundancy .................................................................................................. 41

10.5.4 Monitoring ..................................................................................................... 42

10.6 460-Switch ............................................................................................................ 42

10.6.1 Resource allocation ....................................................................................... 42

10.6.2 Loop prevention ............................................................................................. 42

10.6.3 Security ......................................................................................................... 43

10.6.4 Monitoring ..................................................................................................... 44

---------------------- Page: 9 ----------------------
SIST EN IEC 61162-460:2018
– 4 – IEC 61162-460:2018 © IEC 2018

10.7 460-Forwarder ...................................................................................................... 44

10.7.1 Traffic separation ........................................................................................... 44

10.7.2 Resource allocation ....................................................................................... 45

10.7.3 Traffic prioritisation ........................................................................................ 45

10.7.4 Security ......................................................................................................... 46

10.7.5 Monitoring ..................................................................................................... 47

10.8 460-Gateway ........................................................................................................ 47

10.8.1 Denial of service behaviour............................................................................ 47

10.8.2 Access control to configuration setup............................................................. 47

10.8.3 Communication security ................................................................................. 47

10.8.4 Firewall .......................................................................................................... 48

10.8.5 Application server .......................................................................................... 49

10.8.6 Interoperable access to file storage of DMZ ................................................... 49

10.8.7 Additional security ......................................................................................... 49

10.9 460-Wireless gateway ........................................................................................... 49

10.9.1 General ......................................................................................................... 49

10.9.2 Security ......................................................................................................... 49

10.10 Controlled network ................................................................................................ 50

10.11 Network monitoring function .................................................................................. 50

10.11.1 General ......................................................................................................... 50

10.11.2 Network load monitoring function ................................................................... 51

10.11.3 Redundancy monitoring function .................................................................... 51

10.11.4 Network topology monitoring function ............................................................ 51

10.11.5 Syslog recording function .............................................................................. 52

10.11.6 Alert management ......................................................................................... 52

10.12 System level ......................................................................................................... 53

10.12.1 General ......................................................................................................... 53

10.12.2 System management function ........................................................................ 54

10.12.3 System design ............................................................................................... 54

10.12.4 Network monitoring function .......................................................................... 56

10.12.5 Network load monitoring function ................................................................... 56

10.12.6 Redundancy monitoring function .................................................................... 56

10.12.7 Network topology monitoring function ............................................................ 56

Annex A (informative) Communication scenarios between an IEC 61162-460 network

and uncontrolled networks .................................................................................................... 57

A.1 General ................................................................................................................. 57

A.2 Routine off-ship .................................................................................................... 57

A.3 Routine on-ship..................................................................................................... 58

A.4 460-Gateway usage for direct connection with equipment ..................................... 58

Annex B (informative) Summary of redundancy protocols in IEC 62439 (all parts) ................ 59

Annex C (informative) Guidance for testing .......................................................................... 60

C.1 Methods of test ..................................................................................................... 60

C.2 Observation .......................................................................................................... 60

C.3 Inspection of documented evidence ...................................................................... 60

C.4 Measurement ........................................................................................................ 60

C.5 Analytical evaluation ............................................................................................. 61

Annex D (informative) Some examples to use this document ............................................... 62

Annex E (normative) IEC 61162 interfaces for the network monitoring function .................... 66

---------------------- Page: 10 ----------------------
SIST EN IEC 61162-460:2018
IEC 61162-460:2018 © IEC 2018 – 5 –

Annex F (informative) Distribution of functions around 460-Network ..................................... 67

Bibliography .......................................................................................................................... 69

Figure 1 – Functional overview of IEC 61162-460 requirement applications .......................... 16

Figure 2 – 460-Network with 460-Gateway ............................................................................ 26

Figure 3 –Example of redundancy ......................................................................................... 30

Figure 4 – Example of network status recording information ................................................. 33

Figure A.1 – Usage model for communication between a IEC 61162-460 network and

shore networks ..................................................................................................................... 57

Figure D.1 – 460-Forwarder used between two networks ...................................................... 62

Figure D.2 – 460-Forwarder used between two networks ...................................................... 62

Figure D.3 – 460-Gateway used for e-Navigation services .................................................... 63

Figure D.4 – 460-Gateway used for remote maintenance ...................................................... 63

Figure D.5 – 460-Forwarder used to separate an INS system based on its own

controlled network from a network of -460 devices ................................................................ 64

Figure D.6 – 460-Forwarder used to separate a radar system based on its own

controlled network from a network of -460 devices ................................................................ 65

Figure E.1 – Network monitoring function logical interfaces .................................................. 66

Table 1 – Traffic prioritization with CoS and DSCP ............................................................... 21

Table 2 – Summary of alert of network monitoring ................................................................ 36

Table B.1 – Redundancy protocols and recovery times ......................................................... 59

Table E.1 – Sentences received by the network monitoring function ..................................... 66

Table E.2 – Sentences transmitted by the network monitoring function ....................

...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.