ETSI TR 103 303 V0.0.1 (2014-12)
TECHNICAL REPORT
CYBER;
Protection measures for ICT in the context of Critical
Infrastructure

or [Release #]
2
ETSI TR 103 303 V0.0.1 (2014-12)
Reference
DTR/CYBER-001
Keywords
<keywords>
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE
Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16
Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-préfecture de Grasse (06) N° 7803/88
Important notice
The present document can be downloaded from:
http://www.etsi.org
The present document may be made available in electronic versions and/or in print. The content of any electronic and/or
print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any
existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the
print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
http://portal.etsi.org/tb/status/status.asp
If you find errors in the present document, please send your comment to one of the following services:
http://portal.etsi.org/chaircor/ETSI_support.asp
Copyright Notification
No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying
and microfilm except as authorized by written permission of ETSI.
The content of the PDF version shall not be modified without the written authorization of ETSI.
The copyright and the foregoing restriction extend to reproduction in all media.
© European Telecommunications Standards Institute yyyy.
All rights reserved.
DECTTM, PLUGTESTSTM, UMTSTM and the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members.
3GPPTM and LTE™ are Trade Marks of ETSI registered for the benefit of its Members and
of the 3GPP Organizational Partners.
GSM® and the GSM logo are Trade Marks registered and owned by the GSM Association.
ETSI
or [Release #]
3
ETSI
ETSI TR 103 303 V0.0.1 (2014-12)
or [Release #]
4
ETSI TR 103 303 V0.0.1 (2014-12)
Contents
Logos on the front page ...................................................................................................................................... 3
Copyrights on page 2.......................................................................................................................................... 3
If an additional copyright is necessary, it shall appear on page 2 after the ETSI copyright............................... 3
Intellectual Property Rights ................................................................................................................................ 5
Foreword............................................................................................................................................................. 5
Multi-part documents.......................................................................................................................................................... 5
Modal verbs terminology ................................................................................................................................... 5
Executive summary ............................................................................................................................................ 6
Introduction ........................................................................................................................................................ 6
1
Scope ........................................................................................................................................................ 6
2
References ................................................................................................................................................ 6
2.1
2.2
3
Normative references ......................................................................................................................................... 6
Informative references ....................................................................................................................................... 7
Definitions, symbols and abbreviations ................................................................................................... 7
3.1
3.2
3.3
4
Definitions ......................................................................................................................................................... 7
Symbols ............................................................................................................................................................. 7
Abbreviations ..................................................................................................................................................... 8
User defined clause(s) from here onwards ............................................................................................... 8
4.1
User defined subdivisions of clause(s) from here onwards ................................................................................ 8
Proforma copyright release text block ............................................................................................................... 9
Annexes
........................................................................................................................................................................... 9
Annex <A>:
Title of annex .......................................................................................................................... 9
Annex <B>:
Title of annex .......................................................................................................................... 9
<B.1>First clause of the annex ......................................................................................................................... 10
<B.1.1> First subdivided clause of the annex ................................................................................................................ 10
Annex <C>:
ATS in TTCN-2 .................................................................................................................... 10
<C.1> The TTCN-2 Machine Processable form (TTCN.MP) .......................................................................... 10
Annex <D>:
ATS in TTCN-3 .................................................................................................................... 10
<D.1>TTCN-3 files and other related modules ................................................................................................ 10
<D.2>HTML documentation of TTCN-3 files ................................................................................................. 11
Annex <E>:
Bibliography ......................................................................................................................... 11
Annex <F>:
Change History ..................................................................................................................... 11
History .............................................................................................................................................................. 12
A few examples: ................................................................................................................................................................ 12
ETSI
or [Release #]
5
ETSI TR 103 303 V0.0.1 (2014-12)
Intellectual Property Rights
IPRs essential or potentially essential to the present document may have been declared to ETSI. The information
pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found
in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in
respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web
server (http://ipr.etsi.org).
Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee
can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web
server) which are, or may be, or may become, essential to the present document.
Foreword
This Technical Report (TR) has been produced by ETSI Technical Committee CYBER.
Modal verbs terminology
In the present document "shall", "shall not", "should", "should not", "may", "may not", "need", "need not", "will",
"will not", "can" and "cannot" are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms
for the expression of provisions).
"must" and "must not" are NOT allowed in ETSI deliverables except when used in direct citation.
ETSI
or [Release #]
1
6
ETSI TR 103 303 V0.0.1 (2014-12)
Scope
The present document reviews the roles and subsequent requirements for ICT protection, in the context of CyberSecurity, in the form of security technologies and security management, for infrastructures that may be defined, now or
in the future, as Critical Infrastructures.
The critical infrastructure protection addressed in the EU’s published directive is essentially Power and Transport. It is
clear to most casual observers that the global economic infrastructure is now composed of a huge set of ICT networks
and services. It would not be a stretch to say that ICT capabilities now underpin all of the other critical infrastructures.
This means food security, economic activity security, citizen safety and just about everything else. The purpose of the
TR to be delivered by this work item is to identify the role of ICT protections through the deployment of security
technologies and security management to deliver effective Critical Infrastructures that are reliant on ICT technology.
The topics to be addressed by the work item include: Resilience (taking as input the ENISA reports on this topic and
work from related national programmes); M2M communications (in close liaison with oneM2M and smartM2M);
eHealth (in order to give assurance of access to ICT enabled eHealth systems). The report is intended to highlight
aspects of CI and ICT that have to be addressed to ensure that CI maintains its infrastructure role.
EXAMPLE:
2
The present document provides the necessary adoptions to the endorsed document.
References
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the
referenced document (including any amendments) applies.
Referenced documents which are not found to be publicly available in the expected location might be found at
http://docbox.etsi.org/Reference.
NOTE:
2.1
While any hyperlinks included in this clause were valid at the time of publication ETSI cannot guarantee
their long term validity.
Normative references
The following referenced documents are necessary for the application of the present document.
Not applicable.
ETSI
or [Release #]
2.2
7
ETSI TR 103 303 V0.0.1 (2014-12)
Informative references
The following referenced documents are not necessary for the application of the present document but they assist the
user with regard to a particular subject area.
[i.1]
National Institute of Standards and Technology (NIST): Framework for Improving Critical
Infrastructure Cybersecurity; Version 1.0; February 12, 2014
[i.2]
COUNCIL DIRECTIVE 2008/114/EC of 8 December 2008 on the identification and designation
of European critical infrastructures and the assessment of the need to improve their protection
[i.3]
COMMISSION OF THE EUROPEAN COMMUNITIES; COM(2006) 786 final;
COMMUNICATION FROM THE COMMISSION on a European Programme for Critical
Infrastructure Protection (Brussels, 12.12.2006)
[i.4]
EUROPEAN COMMISSION; SWD(2013) 318 final; COMMISSION STAFF WORKING
DOCUMENT on a new approach to the European Programme for Critical Infrastructure Protection
Making European Critical Infrastructures more secure; Brussels, 28.8.2013
3
Definitions, symbols and abbreviations
3.1
Definitions
For the purposes of the present document, the [following] terms and definitions [given in ... and the following] apply:
Critical infrastructure: Critical infrastructure is an asset or system which is essential for the maintenance of vital
societal functions. The damage to a critical infrastructure, its destruction or disruption by natural disasters, terrorism,
criminal activity or malicious behaviour, may have a significant negative impact for the security of the EU and the wellbeing of its citizens.
3.2
Symbols
For the purposes of the present document, the [following] symbols [given in ... and the following] apply:
<1st symbol> <1st Explanation>
3.3
Abbreviations
For the purposes of the present document, the [following] abbreviations [given in ... and the following] apply:
EPCIP
NIST
European Programme for Critical Infrastructure Protection
National Institute of Standards and Technology
ETSI
or [Release #]
8
ETSI TR 103 303 V0.0.1 (2014-12)
4
Current status and definitions
4.1
EU perspective
The list of Critical Infrastructure sectors given in COUNCIL DIRECTIVE 2008/114/EC [i.2] is copied in Table 1
below.
Table 1: EU Critical Infrastructure Sectors from [i.2]
1
Sector
Energy
Subsector
Electricity
Infrastructures and facilities
for generation and
transmission of
electricity in respect of
supply electricity
Oil production, refining,
treatment, storage and
transmission by
pipelines
Gas production, refining,
treatment, storage and
transmission by
pipelines
LNG terminals
Oil
Gas
2
Transport
Road Transport
Rail Transport
Air Transport
Inland Waterways Transport
Ocean and short-sea shipping and ports
These 2 sectors, Energy and Transport, are increasingly dependent on ICT capabilities to give assurance of their
operations.
4.2
US perspective
4.3
Other global regional perspectives
5
Security domains for CI protection
5.1
Review of CIA paradigm
5.2
Resilience
ETSI
or [Release #]
9
Annex A:
Title of annex
<Text>.
ETSI
ETSI TR 103 303 V0.0.1 (2014-12)
or [Release #]
10
Annex E:
Bibliography
<Publication>: "<Title>".
ETSI
ETSI TR 103 303 V0.0.1 (2014-12)
or [Release #]
11
ETSI TR 103 303 V0.0.1 (2014-12)
Annex F:
Change History
Date
Version
Information about changes
ETSI
or [Release #]
12
ETSI TR 103 303 V0.0.1 (2014-12)
History
Document history
0.0.1
December 2014
Outline Table of Contents and adoption of ETSI TR Template
ETSI