EN IEC 62645:2020
(Main)Nuclear power plants - Instrumentation, control and electrical power systems - Cybersecurity requirements
Nuclear power plants - Instrumentation, control and electrical power systems - Cybersecurity requirements
See the scope of IEC 62645:2019. Adoption of IEC 62645:2019 is to be done without modification.
Kernkraftwerke - Leittechnische und elektrische Systeme - Anforderungen an die Cybersicherheit
Centrales nucléaires de puissance - Systèmes d’instrumentation, de contrôlecommande et d’alimentation électrique - Exigences relatives à la cybersécurité
L’IEC 62645:2019 établit des exigences et fournit des recommandations pour le développement et la gestion des programmes de sécurité informatique des systèmes numériques programmables d’I&C. Le critère de conformité du programme de sécurité des systèmes numériques programmables d’I&C de la centrale nucléaire aux exigences nationales applicables est inhérent aux exigences et recommandations du présent document. Le présent document définit les mesures adéquates pour ce qui concerne la prévention, la détection et la réaction à des actes malveillants, réalisés en utilisant des moyens informatiques (cyberattaques), portant atteinte aux systèmes numériques programmables d’I&C. Ceci comprend les situations non sûres, les endommagements d’équipements ou la dégradation des performances. Cette deuxième édition annule et remplace la première édition parue en 2014. Cette édition inclut les modifications techniques majeures suivantes par rapport à l'édition précédente: a) aligner la norme sur les nouvelles révisions de l’ISO/IEC 27001; b) passer en revue les exigences existantes et mettre à jour la terminologie et les définitions; c) prendre en compte, autant que possible, les exigences associées aux normes publiées depuis la parution de la première édition; d) prendre en compte le fait que les techniques de cybersécurité, mais aussi les pratiques nationales évoluent.
Jedrske elektrarne - Merilna, nadzorna in elektroenergetska oprema - Zahteve za kibernetsko varnost (IEC 62645:2019)
General Information
Standards Content (Sample)
SLOVENSKI STANDARD
01-oktober-2020
Jedrske elektrarne - Merilna, nadzorna in elektroenergetska oprema - Zahteve za
kibernetsko varnost (IEC 62645:2019)
Nuclear power plants - Instrumentation, control and electrical power systems -
Cybersecurity requirements (IEC 62645:2019)
Centrales nucléaires de puissance - Systèmes d’instrumentation, de contrôlecommande
et d’alimentation électrique - Exigences relatives à la cybersécurité (IEC 62645:2019)
Ta slovenski standard je istoveten z: EN IEC 62645:2020
ICS:
27.120.20 Jedrske elektrarne. Varnost Nuclear power plants. Safety
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
EUROPEAN STANDARD EN IEC 62645
NORME EUROPÉENNE
EUROPÄISCHE NORM
July 2020
ICS 27.120.20
English Version
Nuclear power plants - Instrumentation, control and electrical
power systems - Cybersecurity requirements
(IEC 62645:2019)
Centrales nucléaires de puissance - Systèmes Kernkraftwerke – Elektro- und leittechnische Systeme –
d'instrumentation, de contrôlecommande et d'alimentation Anforderungen an die IT-Sicherheitskonzeption
électrique - Exigences relatives à la cybersécurité (IEC 62645:2019)
(IEC 62645:2019)
This European Standard was approved by CENELEC on 2020-07-07. CENELEC members are bound to comply with the CEN/CENELEC
Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration.
Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC
Management Centre or to any CENELEC member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by translation
under the responsibility of a CENELEC member into its own language and notified to the CEN-CENELEC Management Centre has the
same status as the official versions.
CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic,
Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the
Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland,
Turkey and the United Kingdom.
European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung
CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2020 CENELEC All rights of exploitation in any form and by any means reserved worldwide for CENELEC Members.
Ref. No. EN IEC 62645:2020 E
European foreword
The text of document 45A/1289/FDIS, future edition 2 of IEC 62645, prepared by SC 45A
"Instrumentation, control and electrical power systems of nuclear facilities" of IEC/TC 45 "Nuclear
instrumentation" was submitted to the IEC-CENELEC parallel vote and approved by CENELEC as
The following dates are fixed:
• latest date by which the document has to be implemented at national (dop) 2021-07-07
level by publication of an identical national standard or by endorsement
• latest date by which the national standards conflicting with the (dow) 2023-07-07
document have to be withdrawn
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CENELEC shall not be held responsible for identifying any or all such patent rights.
As stated in the nuclear safety directive 2009/71/EURATOM, Chapter 1, Article 2, item 2, Member
States are not prevented from taking more stringent safety measures in the subject-matter covered by
the Directive, in compliance with Community law.
In a similar manner, this European standard does not prevent Member States from taking more
stringent nuclear safety and/or security measures in the subject-matter covered by this standard.
Endorsement notice
The text of the International Standard IEC 62645:2019 was approved by CENELEC as a European
Standard without any modification.
In the official version, for Bibliography, the following notes have to be added for the standards
indicated:
IEC 60709 NOTE Harmonized as EN IEC 60709
ISO/IEC 27000:2018 NOTE Harmonized as EN ISO/IEC 27000:2020 (not modified)
Annex ZA
(normative)
Normative references to international publications
with their corresponding European publications
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments)
applies.
NOTE 1 Where an International Publication has been modified by common modifications, indicated by (mod), the relevant
EN/HD applies.
NOTE 2 Up-to-date information on the latest versions of the European Standards listed in this annex is available here:
www.cenelec.eu.
Publication Year Title EN/HD Year
IEC 60880 2006 Nuclear power plants - Instrumentation and EN 60880 2009
control systems important to safety -
Software aspects for computer-based
systems performing category A functions
IEC 61226 - Nuclear power plants - Instrumentation and - -
control systems important to safety -
Classification
IEC 61513 - Nuclear power plants - Instrumentation and - -
control for systems important to safety -
General requirements for systems
IEC 62138 - Nuclear power plants - Instrumentation and EN IEC 62138 -
control systems important to safety -
Software aspects for computer-based
systems performing category B or C
functions
IEC 62566 - Nuclear power plants - Instrumentation and EN 62566 -
control important to safety - Development
of HDL-programmed integrated circuits for
systems performing category A functions
IEC 62859 - Nuclear power plants - Instrumentation and - -
control systems - Requirements for
coordinating safety and cybersecurity
ISO/IEC 27001 2013 Information technology - Security EN ISO/IEC 27001 2017
techniques - Information security
management systems - Requirements
ISO/IEC 27002 2013 Information technology - Security EN ISO/IEC 27002 2017
techniques - Code of practice for
information security controls
ISO/IEC 27005 2018 Information technology_- Security - -
techniques_- Information security risk
management
IEC 62645 ®
Edition 2.0 2019-11
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
colour
inside
Nuclear power plants – Instrumentation, control and electrical power systems –
Cybersecurity requirements
Centrales nucléaires de puissance – Systèmes d’instrumentation, de contrôle-
commande et d’alimentation électrique – Exigences relatives à la cybersécurité
INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
COMMISSION
ELECTROTECHNIQUE
INTERNATIONALE
ICS 27.120.20 ISBN 978-2-8322-7548-1
– 2 – IEC 62645:2019 © IEC 2019
CONTENTS
FOREWORD . 5
INTRODUCTION . 7
1 Scope . 9
1.1 General . 9
1.2 Application . 10
1.3 Framework . 10
2 Normative references . 12
3 Terms and definitions . 12
4 Abbreviated terms . 17
5 Establishing and managing a nuclear I&C programmable digital system security
programme . 17
5.1 Context of the organization . 17
5.1.1 Understanding the organization and its context . 17
5.1.2 Understanding the needs and expectations of interested parties . 17
5.1.3 Determining the scope of the I&C programmable digital system security
programme . 17
5.2 Programme, policy and plan . 18
5.2.1 I&C digital programmable system security program. 18
5.2.2 Policy . 18
5.2.3 Plan . 19
5.3 Leadership . 19
5.3.1 Leadership and commitment . 19
5.3.2 Roles, responsibilities and authorities . 19
5.4 Planning of the programme . 20
5.4.1 Cybersecurity objectives and planning to achieve them . 20
5.4.2 Addressing risks and opportunities of the programme . 20
5.4.3 Graded approach to I&C security and risk assessment . 21
5.5 Support . 28
5.5.1 Resources . 28
5.5.2 Training, competence and awareness . 28
5.5.3 Communications about cybersecurity . 29
5.5.4 Documented information . 29
5.6 Operation . 29
5.6.1 Operation planning and control . 29
5.6.2 Cybersecurity graded approach, risk assessment and risk treatment . 30
5.7 Performance evaluation . 30
5.7.1 Monitoring, measurement, analysis and evaluation . 30
5.7.2 Internal audit . 30
5.7.3 Management review . 30
5.8 Improvement . 31
5.8.1 General . 31
5.8.2 Nonconformity and corrective action . 31
5.8.3 Continual improvement . 31
6 Life-cycle implementation for I&C programmable digital system security . 31
6.1 General . 31
6.2 System requirements specification . 31
IEC 62645:2019 © IEC 2019 – 3 –
6.2.1 General . 31
6.2.2 Security degree assignment . 32
6.3 System specification . 32
6.3.1 Selection of pre-existing components . 32
6.3.2 System architecture . 32
6.4 System detailed design and implementation . 32
6.4.1 General . 32
6.4.2 Risk assessment at the design phase . 33
6.4.3 Design project security plan . 33
6.4.4 Communication pathways . 33
6.4.5 Security zone definition . 34
6.4.6 Security assessment of
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.