BS IEC 62859:2016 pdf download – Nuclear power plants — Instrumentation and control systems — Requirements for coordinating safety and cybersecurity 5 Coordinating safety and cybersecurity at the overall architecture level 5.1 General Several safety features and architectural characteristics implemented in order to address design basis requirements are in some cases directly beneficial to cybersecurity: this includes some of the features that support equipment independence, system reliability or system diversity. However, considering that the design of these features may not have adequately taken into account potential vulnerabilities to cyberattacks, dedicated cybersecurity measures may be needed to achieve adequate cybersecurity, without degrading safety. This clause provides requirements and recommendations to enable a smooth integration of cybersecurity requirements as per IEC 62645 in a nuclear I&C architecture, fundamentally and firstly structured by safety-oriented requirements (in particular those of IEC 61 51 3 and several second level documents of the SC 45A series, including IEC 62340 or IEC 60709). 5.2 Fundamental and generic principles The following principles apply for the treatment of cybersecurity at the I&C architectural level: a) Cybersecurity shall not interfere with the safety objectives of the plant and shall protect their realisation. It shall not compromise the effectiveness of the diversity and defence-in- depth features implemented by the I&C architecture. b) Cybersecurity requirements impacting the overall I&C architecture shall be addressed after the overall I&C architecture design and assignment of the I&C functions have been first made as per 5.4 of IEC 61 51 3:201 1 . The integration of architectural cybersecurity requirements may lead to an iterative design process. NOTE The objective is to secure a safe I&C architecture. Such a sequence is already implicit in IEC 62645, as the assignment of security degrees (and their associated requirements) assumes that safety categories are already assigned to safety functions, and that the safety functions are already assigned to I&C systems. c) Cybersecurity features shall not adversely impact the required performance (including response time), required effectiveness, required reliability or required operation of functions important to safety. d) The failure modes and consequences of cybersecurity features on the functions important to safety shall be analysed and taken into account. e) When two architecture designs offer equivalent level of safety, priority should be given to the most secure one. Unnecessary complexity shall be avoided as it is detrimental to both safety and cybersecurity. f) Any architectural property or characteristics designed for safety reason...

Download Address

  • Download