IEC 62645:2014

IEC 62645


®


Edition 1.0 2014-08



INTERNATIONAL



STANDARD



NORME
INTERNATIONALE
colour
inside


Nuclear power plants – Instrumentation and control systems – Requirements for
security programmes for computer-based systems

Centrales nucléaires de puissance – Systèmes d’instrumentation et de contrôle-
commande – Exigences relatives aux programmes de sécurité applicables aux
systèmes programmés


IEC 62645:2014-08(en-fr)

---------------------- Page: 1 ----------------------
THIS PUBLICATION IS COPYRIGHT PROTECTED


Copyright © 2014 IEC, Geneva, Switzerland


All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form

or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from

either IEC or IEC's member National Committee in the country of the requester. If you have any questions about IEC
copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or

your local IEC member National Committee for further information.



Droits de reproduction réservés. Sauf indication contraire, aucune partie de cette publication ne peut être reproduite
ni utilisée sous quelque forme que ce soit et par aucun procédé, électronique ou mécanique, y compris la photocopie

et les microfilms, sans l'accord écrit de l'IEC ou du Comité national de l'IEC du pays du demandeur. Si vous avez des

questions sur le copyright de l'IEC ou si vous désirez obtenir des droits supplémentaires sur cette publication, utilisez
les coordonnées ci-après ou contactez le Comité national de l'IEC de votre pays de résidence.

IEC Central Office Tel.: +41 22 919 02 11
3, rue de Varembé Fax: +41 22 919 03 00
CH-1211 Geneva 20 info@iec.ch
Switzerland www.iec.ch

About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.

About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigenda or an amendment might have been published.

IEC Catalogue - webstore.iec.ch/catalogue Electropedia - www.electropedia.org
The stand-alone application for consulting the entire The world's leading online dictionary of electronic and
bibliographical information on IEC International Standards, electrical terms containing more than 30 000 terms and
Technical Specifications, Technical Reports and other definitions in English and French, with equivalent terms in 14
documents. Available for PC, Mac OS, Android Tablets and additional languages. Also known as the International
iPad. Electrotechnical Vocabulary (IEV) online.

IEC publications search - www.iec.ch/searchpub IEC Glossary - std.iec.ch/glossary
The advanced search enables to find IEC publications by a More than 55 000 electrotechnical terminology entries in
variety of criteria (reference number, text, technical English and French extracted from the Terms and Definitions
committee,…). It also gives information on projects, replaced clause of IEC publications issued since 2002. Some entries
and withdrawn publications. have been collected from earlier publications of IEC TC 37,

77, 86 and CISPR.
IEC Just Published - webstore.iec.ch/justpublished

Stay up to date on all new IEC publications. Just Published IEC Customer Service Centre - webstore.iec.ch/csc
details all new publications released. Available online and If you wish to give us your feedback on this publication or
also once a month by email. need further assistance, please contact the Customer Service
Centre: csc@iec.ch.


A propos de l'IEC
La Commission Electrotechnique Internationale (IEC) est la première organisation mondiale qui élabore et publie des
Normes internationales pour tout ce qui a trait à l'électricité, à l'électronique et aux technologies apparentées.

A propos des publications IEC
Le contenu technique des publications IEC est constamment revu. Veuillez vous assurer que vous possédez l’édition la
plus récente, un corrigendum ou amendement peut avoir été publié.


Catalogue IEC - webstore.iec.ch/catalogue Electropedia - www.electropedia.org
Application autonome pour consulter tous les renseignements
Le premier dictionnaire en ligne de termes électroniques et
bibliographiques sur les Normes internationales,
électriques. Il contient plus de 30 000 termes et définitions en
Spécifications techniques, Rapports techniques et autres
anglais et en français, ainsi que les termes équivalents dans
documents de l'IEC. Disponible pour PC, Mac OS, tablettes
14 langues additionnelles. Egalement appelé Vocabulaire
Android et iPad.
Electrotechnique International (IEV) en ligne.


Recherche de publications IEC - www.iec.ch/searchpub
Glossaire IEC - std.iec.ch/glossary
La recherche avancée permet de trouver des publications IEC Plus de 55 000 entrées terminologiques électrotechniques, en
en utilisant différents critères (numéro de référence, texte, anglais et en français, extraites des articles Termes et
comité d’études,…). Elle donne aussi des informations sur les Définitions des publications IEC parues depuis 2002. Plus
projets et les publications remplacées ou retirées. certaines entrées antérieures extraites des publications des

CE 37, 77, 86 et CISPR de l'IEC.
IEC Just Published - webstore.iec.ch/justpublished

Service Clients - webstore.iec.ch/csc
Restez informé sur les nouvelles publications IEC. Just
Published détaille les nouvelles publications parues. Si vous désirez nous donner des commentaires sur cette
Disponible en ligne et aussi une fois par mois par email. publication ou si vous avez des questions contactez-nous:
csc@iec.ch.

---------------------- Page: 2 ----------------------
IEC 62645



®



Edition 1.0 2014-08







INTERNATIONAL





STANDARD







NORME



INTERNATIONALE
colour

inside










Nuclear power plants – Instrumentation and control systems – Requirements for

security programmes for computer-based systems




Centrales nucléaires de puissance – Systèmes d’instrumentation et de contrôle-

commande – Exigences relatives aux programmes de sécurité applicables aux

systèmes programmés
















INTERNATIONAL

ELECTROTECHNICAL

COMMISSION


COMMISSION

ELECTROTECHNIQUE

PRICE CODE
INTERNATIONALE

X
CODE PRIX


ICS 27.120.20 ISBN 978-2-8322-1810-5



Warning! Make sure that you obtained this publication from an authorized distributor.

Attention! Veuillez vous assurer que vous avez obtenu cette publication via un distributeur agréé.

® Registered trademark of the International Electrotechnical Commission
Marque déposée de la Commission Electrotechnique Internationale

---------------------- Page: 3 ----------------------
– 2 – IEC 62645:2014 © IEC 2014


CONTENTS


FOREWORD. 4

INTRODUCTION . 6


1 Scope . 8

1.1 General . 8

1.2 Application . 9

1.3 Framework . 9

2 Normative references . 11


3 Terms and definitions . 11
4 Abbreviations . 14
5 Establishing and managing a nuclear I&C CB&HPD system security programme . 15
5.1 General . 15
5.1.1 Overall concepts: programme, policies and procedures . 15
5.1.2 Roles and responsibilities . 16
5.1.3 Documentation requirements . 17
5.2 Establish the programme . 18
5.2.1 Defining security policy . 18
5.2.2 Defining the programme scope and boundaries . 18
5.2.3 Graded approach to I&C security and risk assessment . 18
5.2.4 Management approval . 25
5.3 Implement and operate the programme . 25
5.3.1 Implementation of general requirements . 25
5.3.2 Effectiveness measurement definition . 25
5.3.3 Training and awareness . 26
5.4 Monitor and review the programme . 26
5.5 Maintain and improve the programme . 26
6 Life-cycle implementation for I&C CB&HPD system security . 27
6.1 General . 27
6.2 Requirements activities . 27
6.3 Planning activities . 27
6.3.1 Identification of I&C CB&HPD systems . 27
6.3.2 Security degree assignment . 27
6.4 Design activities . 27

6.4.1 General . 27
6.4.2 Risk assessment at the design phase . 28
6.4.3 Design project security plan . 28
6.4.4 Communication pathways . 28
6.4.5 Security zone definition . 28
6.4.6 Security assessment of the final design . 28
6.5 Implementation activities . 28
6.6 Validation activities . 29
6.7 Installation and acceptance testing activities . 29
6.8 Operation and maintenance activities . 29
6.8.1 Change control during operations and maintenance . 29
6.8.2 Periodic reassessment of risks and security controls . 29
6.9 Change management . 29
6.10 Retirement activities . 30

---------------------- Page: 4 ----------------------
IEC 62645:2014 © IEC 2014 – 3 –


7  Security controls . 30

7.1  General . 30


7.2  Security thematic areas . 30

7.2.1  Security policy . 30

7.2.2  Organizing security . 30

7.2.3  Asset management . 31

7.2.4  Human resources security . 31

7.2.5  Physical and environmental security . 32

7.2.6  Communications and operations management . 32

7.2.7  Access control . 32
7.2.8  I&C systems acquisition, development and maintenance . 32
7.2.9  I&C security incident management . 33
7.2.10  Operation continuity management . 33
7.2.11  Complianc e . 33
Annex A (informative) Generic considerations about the security degrees . 35
A.1  Rationale for three security degrees . 35
A.1.1  General . 35
A.1.2  Safety categories as input to security degree assignment . 35
A.1.3  Impact on plant availability and performance as input to security degree . 35
A.1.4  Resulting security degree assignment approach . 36
A.2  Considerations about tools associated to on-line systems . 36
A.3  Practical design and implementation . 36
Annex B (informative) Correspondence with ISO/IEC 27001:2005 . 37
Annex C (informative) Correspondence with NIST security framework . 39
C.1  Scope . 39
C.2  Correspondence between IEC 62645 and NIST SP 800-82 . 39
Annex D (informative) Attackers profiles and attack scenarios . 44
Bibliography . . 45

Figure 1 – Overall framework of IEC 62645 . 10

Table B.1 – Correspondence between IEC 62645 and ISO/IEC 27001:2005 on a
structural level . . 37
Table C.1 – Correspondence between IEC 62645 and NIST SP 800-82 on a

structural level . . 40

---------------------- Page: 5 ----------------------
– 4 – IEC 62645:2014 © IEC 2014



INTERNATIONAL ELECTROTECHNICAL COMMISSION

____________




NUCLEAR POWER PLANTS –

INSTRUMENTATION AND CONTROL SYSTEMS –

REQUIREMENTS FOR SECURITY PROGRAMMES

FOR COMPUTER-BASED SYSTEMS



FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote
international co-operation on all questions concerning standardization in the electrical and electronic fields. To
this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,
Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC
Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested
in the subject dealt with may participate in this preparatory work. International, governmental and non-
governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely
with the International Organization for Standardization (ISO) in accordance with conditions determined by
agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence
between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in
the latter.
5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any
services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of
patent rights. IEC shall not be held responsible for identifying any or all such patent rights.

International Standard IEC 62645 has been prepared by subcommittee 45A: Instrumentation,
control and electrical systems of nuclear facilities, of IEC technical committee 45: Nuclear
instrumentation.
The text of this standard is based on the following documents:
FDIS Report on voting
45A/961/FDIS 45A/975/RVD

Full information on the voting for the approval of this standard can be found in the report on
voting indicated in the above table.
This publication has been drafted in accordance with the ISO/IEC Directives, Part 2.

---------------------- Page: 6 ----------------------
IEC 62645:2014 © IEC 2014 – 5 –


The committee has decided that the contents of this publication will remain unchanged until

the stability date indicated on the IEC web site under "http://webstore.iec.ch" in the data

related to the specific publication. At this date, the publication will be


 reconfirmed,

 withdrawn,

 replaced by a revised edition, or


 amended.

The contents of the corrigendum of March 2015 have been included in this copy.


IMPORTANT – The 'colour inside' logo on the cover page of this publication indicates
that it contains colours which are considered to be useful for the correct
understanding of its contents. Users should therefore print this document using a
colour printer.

---------------------- Page: 7 ----------------------
– 6 – IEC 62645:2014 © IEC 2014


INTRODUCTION


a) Technical background, main issues and organisation of the standard

This standard specifically focuses on the issue of requirements for computer security

programmes and system development processes to prevent and/or minimize the impact of

attacks against I&C computer-based systems possibly integrating HPD (HDL (Hardware

Description Language) Programmed Devices), hereinafter named I&C CB&HPD systems.

This standard was prepared and based on the ISO/IEC 27000 series, IAEA and country

specific guidance in this expanding technical and security focus area.

It is intended that the Standard be used by designers and operators of nuclear power
plants (NPPs) (utilities), licensees, systems evaluators, vendors and subcontractors, and
by licensors.
b) Situation of the current Standard in the structure of the IEC SC 45A standard series
IEC 62645 is a second level IEC SC 45A document, tackling the generic issue of NPP I&C
cybersecurity.
IEC 62645 is considered formally as a second level document with respect to IEC 61513,
although IEC 61513 needs revisions to actually ensure proper reference to and
consistency with IEC 62645. IEC 62645 is the top-level document with respect to cyber
security in the SC 45A standard series. Other documents will be developed under
IEC 62645 and will correspond to third level documents in the IEC SC 45A standards.
This IEC Standard is expected to coordinate more closely with the IEC 62443
(Bibliography) series in the next few years.
For more details on the structure of the IEC SC 45A standard series, see item d) of this
introduction.
c) Recommendations and limitations regarding the application of this standard
This standard establishes requirements for I&C CB&HPD systems, with regard to
computer security, and clarifies the processes that I&C CB&HPD systems are designed,
developed and operated under in NPPs.
It is recognized that this standard addresses an evolving area of regulatory requirements,
due to the changing and evolving nature of computer security threats. Therefore, the
standard defines the framework within which the evolving country specific requirements
may be developed and applied. An upcoming process for this standard is anticipated in
the near term, to address these evolving issues. It is intended to take into account
coordination with new IEC and ISO standards, evolving and new national regulations, best
practices and technical advances from IEC members on issues including graded approach
and security degrees, refined consideration of security requirements to meet plant
performance objectives, risk assessment or cybersecurity of legacy systems.
It is also recognized that products derived from application of this subject matter require
protection. Release of the standard’s country specific requirements should be controlled

to limit the extent to which organizations or individuals intending to access nuclear plant
systems illegally, improperly or without authorization may benefit from this information.
d) Description of the structure of the IEC SC 45A standard series and relationships
with other IEC documents and other bodies documents (IAEA, ISO)
The top-level document of the IEC SC 45A standard series is IEC 61513. It provides
general requirements for I&C systems and equipment that are used to perform functions
important to safety in NPPs. IEC 61513 structures the IEC SC 45A standard series.
IEC 61513 refers directly to other IEC SC 45A standards for general topics related to
categorization of functions and classification of systems, qualification, separation of
systems, defence against common cause failure, software aspects of computer-based
systems, hardware aspects of computer-based systems, and control room design. The
standards referenced directly at this second level should be considered together with
IEC 61513 as a consistent document set.
At a third level, IEC SC 45A standards not directly referenced by IEC 61513 are standards
related to specific equipment, technical methods, or specific activities. Usually these

---------------------- Page: 8 ----------------------
IEC 62645:2014 © IEC 2014 – 7 –


documents, which make reference to second-level documents for general topics, can be

used on their own.

A fourth level extending the IEC SC 45A standard series corresponds to the Technical

Reports which are not normative.


IEC 61513 has adopted a presentation format similar to the basic safety publication
IEC 61508 with an overall safety life-cycle framework and a system life-cycle framework.

Regarding nuclear safety, it provides the interpretation of the general requirements of

IEC 61508-1, IEC 61508-2 and IEC 61508-4, for the nuclear application sector, regarding

nuclear safety. In this framework IEC 60880 and IEC 62138 correspond to IEC 61508-3 for

the nuclear application sector. IEC 61513 refers to ISO as well as to IAEA GS-R-3 and

IAEA GS-G-3.1 and IAEA GS-G-3.5 for topics related to quality assurance (QA).

The IEC SC 45A standards series consistently implements and details the principles and
basic safety aspects provided in the IAEA code on the safety of NPPs and in the IAEA
safety series, in particular the Requirements SSR-2/1, establishing safety requirements
related to the design of Nuclear Power Plants, and the Safety Guide NS-G-1.3 dealing with
instrumentation and control systems important to safety in Nuclear Power Plants. The
terminology and definitions used by SC 45A standards are consistent with those used by
the IAEA.
NOTE It is assumed that for the design of I&C systems in NPPs that implement conventional safety functions
(e.g. to address worker safety, asset protection, chemical hazards, process energy hazards) international or
national standards would be applied, that are based on the requirements of a standard such as IEC 61508.

---------------------- Page: 9 ----------------------
– 8 – IEC 62645:2014 © IEC 2014


NUCLEAR POWER PLANTS –

INSTRUMENTATION AND CONTROL SYSTEMS –

REQUIREMENTS FOR SECURITY PROGRAMMES

FOR COMPUTER-BASED SYSTEMS








1 Scope


1.1 General
This International Standard establishes requirements and provides guidance for the
development and management of effective security programmes for I&C computer-based
systems for NPPs, possibly integrating HPD (HDL (Hardware Description Language)
Programmed Devices), hereinafter named I&C CB&HPD systems. Inherent to these
requirements and guidance is the criterion that the power plant I&C CB&HPD system security
programme complies with the applicable country’s I&C CB&HPD security requirements.
The primary objective of this standard is to define adequate programmatic measures for the
prevention of, detection of and reaction to malicious acts by digital means (cyber attacks) on
I&C CB&HPD systems. This includes any unsafe situation, equipment damage or plant
performance degradation that could result from such an act, such as:
• malicious modifications affecting system integrity,
• malicious interference with information, data or resources that could compromise the
delivery of or performance of the required I&C CB&HPD functions,
• malicious interference with information, data or resources that could compromise operator
displays or lead to loss of management of I&C CB&HPD systems,
• malicious changes to hardware, firmware or software at the programmable logic controller
(PLC) level.
Effective security policies need to implement a graded protection scheme, as described in this
standard for assets subject to computer-based security, based on their relevance to the
overall plant safety, availability, and equipment protection.
Excluded from the scope of this standard are considerations related to:
• non-malevolent actions and events such as accidental failures, human errors and natural
events. In particular, good practices for managing applications and data software,
including back-up and restoration related to accidental failure, which should be

implemented even if I&C CB&HPD system security was not studied, are out of scope;
NOTE 1 Although such aspects may be considered as covered by security programme in other normative
contexts (e.g., in the ISO/IEC 27000 series, the IEC 62443 series or the NIST framework), this standard is only
focused on the protection against malicious acts by digital means (cyber attacks) on I&C CB&HPD systems.
This is made to provide the maximum consistency and the minimum overlap with other nuclear standards and
practices, which already cover accidental failures, unintentional human errors, natural events, etc.
• site physical security and
...