橡最終報告書.PDF

Size: px

Start display at page:

Download "橡最終報告書.PDF"

なごみかつもと
7 years ago
Views:

..46...47...49...49...49...50...51...53...53...54.

6 TOE PP PP...82 PP...83 PP

14 9

15 Network Security Technology Dr. Stephen D. Bryen Development Plan for Plant Network Security Technology Mr. Fukuyama Measuring Network Risk Dr. Stephen D. Bryen New Risk Analysis Methodology Development for Network Mr. Koshijima Non-technical Approaches to CIP Dr. Irwin M. Pikus Establishment of Security guideline on plant network Mr. Hinoki Application of ISO/IEC into Plant Network Mr. Miyakawa Security of Networked System Shell companies --and Beyond-- Mr. Pieter van Dijken Security management in the Fibers and Chemical industry Mr. Robert T. George Survey Report Mr. Isomura

Pikus Establishment of Security guideline on plant network Mr. Hinoki Application of ISO/IEC 15408 into Plant Network Mr.

17 Ethernet 2

18 ERP( Enterprise Resource Planning ) PIMS (Plant Information Management System ) TCP/IP 3

19 4

20 5 Gate Way Firewall WAN PBX Firewall PC -1-2 LAN PHS PC RAS PLC PLC OA R/M LAN OALAN o o o o o o Gate Way o o o o o o EWS A LAN LAN R/M Gate Way B LAN Firewall

21 6

22 7

23 8

24 9

25 10

26 11

27 12

28 13

29 14 Common Criteria Protection Profile

30 15

31 Dr. Irwin M. Pikus Director, Communications and Information Infrastructure Assurance Program, U.S. Department of Commerce, NTIA Dr. Stephen D. Bryen Managing Partner, Aurora Marketing & Business Development Mr. Robert T. George Manager, Benchmarking Programs, DuPont Informatuin Security OrganizationE.I. DuPont de Nemours & Co. Mr. Pieter van Dijken ITS ( Information Security Services ) International B.V. Shell Services 16

33 4 5 18

34 19

35 ( 1) ( 2) 1-3 Communications i = j k l i = -3 Communications 2 20

36 6 6 21

37 7 Sicherheit 7 8 The Oxford Encyclopedic English Dictionary 22

38 23

39 (Guideline for the Management of IT Security) (British Standard 7799) 24

40 25

41 () 3 26

42 Future Vision Company Policy Top Management Security Policy Deployment Section Management Section Section Section 4 27

43 28

44 29

45 9 30

46 31

47 32

48 Increasing Increasing threats threats from from espionage espionage and and information information brokers: brokers: Information Information Warfare Warfare Fraud Fraud increasing increasing with with restructuring restructuring & economic economic pressures pressures Increasing sophistication sophistication of of viruses, viruses, hacker hacker groups, groups, involvement involvement organised organised crime crime Information security: Trends in threats Threats to Confidentiality Threats to Integrity Threats to Availability Malicious Espionage, Leaks Fraud, Mischief Sabotage, Vandalism Theft Accidental Oversights, Breaches Safety Safety critical critical systems Errors, systems cause cause Failures concern, concern, Y2K Y2K Breakdowns Theft Theft of of notebooks notebooks Information warfare Security for Critical National Infrastructure sept/oct1999 PSEC copyright Large-Scale Network Security Committee All right reserved 1.Oct Shell Services International Shell Services International 5 33

49 34

50 35

51 36

52 37

53 (1) (2) (3) (4) 38

54 39

55 40

56 41

57 () (3) (4) (3) (3) (3) (3) (3) (3) (X) (3) (X) (2) (X) (6) (X) (4) (1) (2) 42

58 () (3) (3) (3) (3) (3) (3) 43

59 44

60 45

61 46

62 47

63 48

64 49

65 50

66 51

67 52

68 10 PC 10 53

69 11 54

70 E3(Intrude to DCS) F4(Alter Control Parameters) Preliminary Risk Analysis (PRA) Hazard and Operability studies (HAZOP) Failure Mode and Effects Analysis (FMEA/FMECA) 2 Fault Tree Analy sis (FTA) Event Tree Analysis (ETA) ( FTA ETA Dynamic Event Tree Analysis Method (DETAM) Cause-Consequence Analysis (CCA) 1 55

71 2 HAZOP FTA/ETA HAZOP 56

72 FTA/ETA HAZOP FTA/ETA HAZOP FTA/ETA HAZOP FTA/ETA HAZOP a) CAD b) c) d) e) HAZOP d) e)2 2 57

73 2 LAN DCS 2 58

74 HAZOP 2 FTA/ETA FTA/ETA 1) PC Access to the Network PC. 2) DCS 3) DCS 4) 5). 6) 2 FTA/ETA 2 FTA/ETA 59

75 2 FTA/ETA : FTA = = : FTA = = FTA FTA FTA/ETA FTA FTA 60

76 61 2 OS OS OS

77 FT 2 FT ETFT FT FT FT ET+FT FT ET 62

78 FTA/ETA DCS UNIX su FT FT FT FT 63

79 FTA UNIX su 64

80 FT FT 65

81 FTA/ETA FT FTAETA, HAZOP 66

82 FTA ETA, HAZOP FTA FTA 67

83 ISO/IEC PDD63President Decision Directive

84 Common Criteria CC CC (*1) CC CC CC 69

85 1 CC Part1 Part2 Part3 Part1 CC Security TargetST ST Protection ProfilePP Part2 70

86 Part3 Part2 EAL:Evaluation Assurance Level PP PP EAL ST ST ST ST ST PP PP ST ST 71

87 2ISO/IEC (Common Criteria) ST ST PP PP PP ISO/IEC ST PP ST ST PP PP PP PP 72

88 PP PP PP CC

89 Security audit FAU Communication FCO Cryptographic support FCS FDP User data protection FIA Identification and authentication FMT Security Management ex. DB FPR Privacy TOE FPT Protection of the TOE Security Function Resource utilization FRU TOE TOE access FTA TOE FTP TOE Trusted path/channels *1 ISO/IEC/JTC 1/SC 27/WG 3 Common Criteria v.2 International Standard

90 TOE PP PP PP PP PP PP PP 75

91 TOE TOE 6TOE (Target Of Evaluation) TOE LAN LAN 76

92 6TOE (Target Of Evaluation) 77

93 TOE CC ISO/IEC Annex B (*2) PP LAN LAN LAN LAN # LAN LAN LAN LAN LAN TCP/IP + # DCOM LAN # # 78

94 79 TCP/IP LAN 2. # LAN 3. LAN LAN # LAN 2. # 3.

95 80 4. # # 5. LAN LAN # LAN DCOM # #

96 81 # LAN LAN # CPU 2. # # PP # PP

97 82

98 PP PP PP PP TOE PBX 83

99 PP 4. PP PP PP TOE RAS PP 84

100 85

101 86

102 87

103 ISO 88

104 89

Copyright(C) 2002 Information-technology Promotion Agency, Japan All rights reserved. 1

Copyright(C) 2002 Information-technology Promotion Agency, Japan All rights reserved. 1 ISO/IEC 15408 ISO/IEC 15408 Copyright(C) 2002 Information-technology Promotion Agency, Japan All rights reserved.

橡最終報告書.PDF

橡最終報告書.PDF