استاندارد‌های امنیت سایبری در زیرساخت‌های کنترل صنعتی و سیستم‌های اسکادا

در دنیای امروز، که صاحبان کسب و کار‌های تجاری و زیرساخت‌های صنعتی نیز از بکارگیری تجهیزات نوآورانه و فن‌آورانه بی‌بهره نبوده‌اند و بسایری از دارایی‌های حیاتی خود را در اختیار این ماشین‌ها قرار می‌دهند، امن‌سازی آن‌ها منطبق بر اصولی جامع و یکپارچه اجتناب‌ناپذیر است. لازم به تاکید است که این امن‌سازی تنها سیاست‌های شبکه و امنیت یک زیرساخت‌ کنترل صنعتی و یا اسکادا را تحت شعاع قرار نمی‌دهد، بلکه حرکت در این راستا منجر به ایجاد مقررات، حفظ حریم خصوصی در کسب و کار و حفاظت از دارایی‌ها نیز خواهد شد. از این رو ذینفعان که گاها خصوصی و یا دولتی و یا سازمانی‌ هستند، همیشه سعی دارند با استفاده از بهترین استاندارد‌ها تهدیدات سایبری را در صنعت خود کاهش دهند. با توجه به مطالب بیان شده و با توجه به شکل زیر، در  زیرساخت‌های کنترل صنعتی و مباحث امنیت اسکادا سه دسته استاندارد وجود دارد، استانداردهای مربوط به زیرساخت‌های انرژی، استاندارد‌های مربوط به زیرساخت‌های اتمی و هسته‌ای و استاندارد‌هایی که بصورت عمومی قابل استفاده در بسیاری از زیرساخت‌ها هستند.

 

شکل(1): استاندارد‌های امنیت سایبری در زیرساخت‌های کنترل صنعتی و سیستم‌های اسکادا

 

پیوند منتشر کننده فرمت زمان انتشار
AGA - Cryptographic Protection of SCADA Communications - 12 Part1 The American Gas Associations(AGA) PDF 14, March, 2006
API - 1164 - Pipeline SCADA Security 2nd ed API PDF June 2009
BSI - 100-1 - Information Security Management Systems bsigroup.com PDF 2008
BSI - 100-2 - IT Grundschutz Methodology bsigroup.com PDF 2008
BSI - 100-3 - Risk Analysis based on IT-Grundschutz bsigroup.com PDF 2008
BSI - 100-4 - Business Continuity Mgmt bsigroup.com PDF 2009
BSI - Mapping Guide 27001 2005 to 2013 bsigroup.com PDF - - - -
CNSS - CNSSI-1253 ICS Overlay The Committee on National Security Systems Instruction (CNSSI) PDF January 2013
CNSS - Security Categorization and Control Selection for National Security Systems - CNSSI-1253R2 The Committee on National Security Systems Instruction (CNSSI) PDF 15 March 2012
Comparison of Oil and Gas Segment Cyber Security Standards U.S. Department of Homeland Security
Under DOE Idaho Operations Office
PDF November 3, 2004
DHS - CFATS RBPS Guidance Chemical Facility Anti-Terrorism Standards PDF May 2009
IEEE - Comparison of SCADA Security Standards Teodor Sommestad, Göran N. Ericsson, Senior Member, IEEE, Jakob Nordlander PDF - - - -
INL - A Comparison of Cross-Sector Cyber Security Standards Idaho National Laboratory PDF September 9, 2005
ISA - 62443 Series Overview ISA-62443 PDF 2015
ISA-62443-0-3-Public ISA-62443 PDF June, 10, 2012
ISA-62443-1-4-Public ISA-62443 PDF - - - -
ISA-62443-2-1-Public ISA-62443 PDF January, 13, 2009
ISA-62443-2-3-Public ISA-62443 PDF July, 01, 2017
ISA-62443-3-3-Public ISA-62443 PDF August,12, 2013
ISA-62443-4-2-Public ISA-62443 PDF January, 12,2017
itGovernance - Comparing 27001 2005 and 2013 Editions IT Governance Ltd PDF October 2013
Mapping - NISTIR-7628 NISTIR 7628 Guidelines for Smart Grid Cyber Security PDF August 2010
Mapping DHS Catalog of Control Systems Security DHS PDF April 2011
Mapping NIST 800-53 National Institute of Standards and Technology PDF August 2009
NEI 08-09 r5 - Cyber Security Plan for Nuclear Power Reactors Nuclear Energy Institute PDF January 2010
NEI 08-09 r6 - Cyber Security Plan for Nuclear Power Reactors Nuclear Energy Institute PDF April 2010
NERC - CIP v2 The North American Electric Reliability Corporation PDF December 16, 2009
NERC - CIP v3 The North American Electric Reliability Corporation PDF December 16, 2009
NERC - CIP v4 The North American Electric Reliability Corporation PDF January 24, 2011
NERC - CIP v5 Consolidated The North American Electric Reliability Corporation PDF December 07, 2015
NERC - CIP v5 Transition Guidance - Aug 2014 The North American Electric Reliability Corporation PDF August 12, 2014
NERC - CIP v6 Updates The North American Electric Reliability Corporation PDF February 09, 2016
NERC - Glossary of Terms The North American Electric Reliability Corporation PDF July 7, 2014
NERC - Implementation Study Final Report - CIP v5 Transition Program - Oct 2014 The North American Electric Reliability Corporation PDF October 2014
NIST - 800-115 - Technical Guide to Information Security Testing and Assessment National Institute of Standards and Technology PDF September 2008
NIST - 800-120 - Recommendation for EAP Methods Used in Wireless Network Access Authentication National Institute of Standards and Technology PDF September 2009
NIST - 800-127 - Guide to Securing WiMAX Wireless Communications National Institute of Standards and Technology PDF September 2010
NIST - 800-167 - Guide to Application Whitelisting National Institute of Standards and Technology PDF October 2015
NIST - 800-18 - Guide for Developing Security Plans for Information Systems National Institute of Standards and Technology PDF February 2006
NIST - 800-30R0 - Risk Management Guide for IT Systems National Institute of Standards and Technology PDF July 2002
NIST - 800-30R1 - Risk Management Guide for IT Systems National Institute of Standards and Technology PDF September 2012
NIST - 800-39 - Managing Information Security Risk National Institute of Standards and Technology PDF March 2011
NIST - 800-40 - Creating a Patch and Vulnerability Management Program National Institute of Standards and Technology PDF November 2005
NIST - 800-41 - Guidelines on Firewalls and Firewall Policies National Institute of Standards and Technology PDF September 2009
NIST - 800-42D - Guideline on Network Security Testing National Institute of Standards and Technology PDF - - - -
NIST - 800-48R1 - Guide to Securing Legacy 802.11 Wireless Networks National Institute of Standards and Technology PDF July 2008
NIST - 800-50 - Building an Information Technology Security Awareness and Training Program National Institute of Standards and Technology PDF October 2003
NIST - 800-53 - R3 to R4 App D2 Markup National Institute of Standards and Technology PDF April 2013
NIST - 800-53 - R3 to R4 App F Markup National Institute of Standards and Technology PDF April 2013
NIST - 800-53 - R3 to R4 App G Markup National Institute of Standards and Technology PDF April 2013
NIST - 800-53A - Guide for Assessing Security Controls in Information Systems National Institute of Standards and Technology PDF July 2008
NIST - 800-53AR4 - Guide for Assessing Security Controls in Information Systems DRAFT National Institute of Standards and Technology PDF July 2014
NIST - 800-53R3 - Recommended Security Controls for Information Systems (incl ICS) National Institute of Standards and Technology PDF August 2009
NIST - 800-53R4 - Security and Privacy Controls for Fed Info Sys and Orgs National Institute of Standards and Technology PDF April 2013
NIST - 800-53R4 - Summary for Security and Privacy Controls for Fed Info Sys and Orgs National Institute of Standards and Technology PDF February 19, 2014
NIST - 800-53R4 - Security and Privacy Controls for Fed Info Sys and Orgs National Institute of Standards and Technology Docx April 2013
NIST - 800-53R4 - Summary for Security and Privacy Controls for Fed Info Sys and Orgs National Institute of Standards and Technology PDF February 19, 2014
NIST - 800-61 - Computer Security Incident Handling Guide National Institute of Standards and Technology PDF March 2008
NIST - 800-82 - Guide to Industrial Control Systems Security National Institute of Standards and Technology PDF September 2008
NIST - 800-82R1 - Guide to Industrial Control Systems Security National Institute of Standards and Technology PDF May 2013
NIST - 800-82R2 - Guide to Industrial Control Systems Security National Institute of Standards and Technology PDF May 2015
NIST - 800-94 - Guide to Intrusion Detection and Prevention Systems National Institute of Standards and Technology PDF February 2007
NIST - 800-97 - Establishing Wireless Robust Security Networks National Institute of Standards and Technology PDF February 2007
NIST - Cybersecurity Framework v1.0 National Institute of Standards and Technology PDF February 12, 2014
NIST - System Protection Profile Industrial Control Systems National Institute of Standards and Technology PDF - - - -
NRC - Regulation 5.71 that U.S. Nuclear Regulatory Commission (NRC) PDF January 2010
QCERT - National ICS Security Standard v.3 - March 2014 QATAR NATIONAL INFORMATION ASSURANCE PDF March 2014
SANS - CIP Mapping to Critical Security Controls (DRAFT) SANS PDF 2013
WIB - Process Control Domain Security Requirements for Vendors WIB PDF Sep 2010

 

 

کد: 50012788

زمان انتشار: سه شنبه 25 مهر 1396 08:30 ب.ظ

تعداد نمایش: 390

ورود به سامانه


نام کاربری
گذر واژه
کد امنیتی

شبکه های اجتماعی

ما را در شبکه های اجتماعی دنبال کنید