核協(xié)信專函〔2019〕7 號(hào)
 
 
關(guān)于召開核電廠網(wǎng)絡(luò)安全技術(shù)國際交流與
培訓(xùn)會(huì)議的通知
 
各有關(guān)單位：
為加強(qiáng)核電廠網(wǎng)絡(luò)安全建設(shè)，促進(jìn)核電廠網(wǎng)絡(luò)安全法規(guī) 標(biāo)準(zhǔn)和技術(shù)的國際交流，提升核電行業(yè)從業(yè)人員對國內(nèi)外核 電廠網(wǎng)絡(luò)安全法規(guī)標(biāo)準(zhǔn)、安全策略、防護(hù)技術(shù)的理解和認(rèn)識(shí)。 中國核能行業(yè)協(xié)會(huì)信息化專業(yè)委員會(huì)定于2019年3月27日
-29日在深圳舉辦核電廠網(wǎng)絡(luò)安全技術(shù)國際交流與培訓(xùn)會(huì)議。 會(huì)議由中國核能行業(yè)協(xié)會(huì)信息化專業(yè)委員會(huì)主辦，中廣
核工程有限公司承辦，F(xiàn)ramatome GmbH 協(xié)辦。主辦方將邀請 德國、韓國、加拿大等國際核電網(wǎng)絡(luò)安全法規(guī)標(biāo)準(zhǔn)方面的專家學(xué)者，國際電工委員會(huì)、國際原子能機(jī)構(gòu)等單位的專家代 表和咨詢顧問出席活動(dòng)，并計(jì)劃邀請工信部、國防科工局、 國家核安全局、國家能源局、國家信息技術(shù)安全研究中心、 國家核安保技術(shù)中心、環(huán)保部核與輻射安全中心、國家工業(yè)

 

宜通知如下：
一、交流和培訓(xùn)的目標(biāo)
通過培訓(xùn)，提升從業(yè)人員對國內(nèi)外核電網(wǎng)絡(luò)安全相關(guān)法 規(guī)標(biāo)準(zhǔn)的理解和認(rèn)識(shí)，學(xué)習(xí)網(wǎng)絡(luò)安全策略、防護(hù)技術(shù)手段， 了解前沿學(xué)術(shù)進(jìn)展、國內(nèi)外網(wǎng)絡(luò)安全的良好實(shí)踐；通過研討 會(huì)，促進(jìn)國內(nèi)外核電行業(yè)網(wǎng)絡(luò)安全前沿動(dòng)態(tài)的學(xué)術(shù)溝通、經(jīng) 驗(yàn)反饋與合作探索。
二、時(shí)間和地點(diǎn)
時(shí)間：2019年3月27日-29日（培訓(xùn)時(shí)間為27-28日，研 討會(huì)時(shí)間為29日，培訓(xùn)學(xué)員需于26日下午報(bào)到，參加研討會(huì) 專家可于28日下午報(bào)到）
地點(diǎn)：深圳市龍崗區(qū)天安數(shù)碼城5號(hào)樓 中廣核工程有限 公司（設(shè)計(jì)院）
三、邀請人員
核電行業(yè)各集團(tuán)（公司）負(fù)責(zé)信息安全部門領(lǐng)導(dǎo)，核能 行業(yè)相關(guān)設(shè)計(jì)、建設(shè)、運(yùn)行、服務(wù)單位中從事設(shè)計(jì)、運(yùn)行、 生產(chǎn)、維修、儀控、信息化建設(shè)、信息安全及文檔管理等崗位和專業(yè)的領(lǐng)導(dǎo)和技術(shù)人員、中國核能行業(yè)協(xié)會(huì)核電運(yùn)行分 會(huì)成員單位和網(wǎng)絡(luò)與信息安全工作組成員單位。
四、活動(dòng)安排
詳見《日程安排》（附件1）。

五、報(bào)名和費(fèi)用
1.會(huì)議收取注冊費(fèi)，收費(fèi)標(biāo)準(zhǔn)為：中國核能行業(yè)協(xié)會(huì)會(huì) 員單位 4800 元/人，非會(huì)員單位 6800 元/人。
2.注冊費(fèi)可以報(bào)到當(dāng)天繳納，或者提前匯款至中國核能 行業(yè)協(xié)會(huì)。
名稱：中國核能行業(yè)協(xié)會(huì)開戶銀行：中國銀行北京西三環(huán)北路支行 賬號(hào)：338966139210
3.請各參會(huì)單位于 2019 年 3 月 24 日前，將會(huì)報(bào)名表（附 件 2）發(fā)送郵件或傳真至中國核能行業(yè)協(xié)會(huì)信息化專業(yè)委員 會(huì)秘書處。
六、其他事宜
1．參加培訓(xùn)的學(xué)員經(jīng)考核評(píng)定合格者，將由中國核能 行業(yè)協(xié)會(huì)信息化專業(yè)委員會(huì)將頒發(fā)合格證書。經(jīng)考核評(píng)定優(yōu) 秀者將另外頒發(fā)優(yōu)秀學(xué)員證書。
2．參加培訓(xùn)的學(xué)員需要提交一寸免冠證件照（電子版）。
3．培訓(xùn)和交流語言是英語。
4．會(huì)務(wù)組統(tǒng)一安排住宿，費(fèi)用自理（住宿酒店另行通知）。
七、聯(lián)系人 鄭東，15600680181，[email protected]。 胡兵（中廣核工程有限公司），18806653007。

特此通知。
 
 
附件：1.日程安排
2.報(bào)名表
3.專家簡介

中國核能行業(yè)協(xié)會(huì)信息化專業(yè)委員會(huì) 2019 年 3 月 5 日

 
主送：中國核工業(yè)集團(tuán)有限公司、中國核工業(yè)建設(shè)股份有限公司、中國廣核電力股份有限公司、國家電力投資集 團(tuán)有限公司、中國華能集團(tuán)有限公司、地方政府核電辦、產(chǎn)業(yè)協(xié)會(huì)聯(lián)盟、核工業(yè)計(jì)算機(jī)應(yīng)用研究所、中國 核能行業(yè)協(xié)會(huì)網(wǎng)絡(luò)與信息安全工作組成員單位、中國 核能行業(yè)協(xié)會(huì)及各會(huì)員單位

 
 
 
附件 1
 
Nuclear Cybersecurity Training & Workshop
on Safety I&C, Operational I&C and Electrical Power Systems (EPS)
27-29 March 2019, 深圳/Shenzhen
 

第一天/1st  Day – 2019-03-27 [Technical]
時(shí)間	內(nèi)容/Topic	演講者/Presenter
開場白/Introduction
09:00 – 09:20	Welcome by CNEA, Shenzhen host and invited speakers	CNEA, CGN, Framatome
09:20 – 09:30	Introduction of participants and trainers	all
09:30 – 09:40	Overview and scope of Training & Workshop	Dr. Karl Waedt (KW)
開場白/Cybersecurity Challenges
09:40 – 10:10	Cybersecurity – New Challenges for Industry and Worldwide Technical Trends	Venesa Watson (VE)
10:10 – 10:30	Gradual Progress of Cybersecurity in the Nuclear Domain	KA
10:30 – 11:00	會(huì)間茶歇/Coffee Break
11:00 – 11:20	Cybersecurity Incidents in Nuclear and Critical Infrastructure	VE, XI, IN
信息安全設(shè)計(jì)/Security by Design
11:20 – 11:40	Safety DiD and Security DiD (IAEA NP-T-2.11, IAEA NSS)	KA
11:40 – 12:00	Security Grading in China (IT, Industry, Nuclear)	XX – in Chinese from CN
12:00 – 12:30	Asset Management of Security Artefacts (ISO/IEC 19770)	KA, AS, IN
12:30 – 13:30	午餐/Lunch Break
13:30 – 14:00	Cybersecurity in Industry 4.0, RAMI	KA, XI
14:00 – 14:30	Domain Based Security (DBSy, HMG IA) and Security Architecture and Design / Modeling (IEC 62714)	KA XI
信息安全控制/Security Controls for IT and OT
14:30 – 15:00	Security Requirements, Objectives and Controls - JTC1/SC27	KA, AS
15:00 – 15:30	會(huì)間茶歇/Coffee Break
15:30 – 16:10	Security Controls Overview (IAEA, IEC, US NRC, NEI) Generic Structuring by ISO/IEC 27002 and ISO/IEC 27009 Controls for non-nuclear Energy Utilities (ISO/IEC 27019)	KA – 40 min VN XI
16:10 – 16:30	Safety & Security Grading, Security Maturity Level (IEC 62443) Controls for process industry (IEC 62443)	VE KA à 20 min
16:30 – 16:45	Security Controls Guidance in China (IT, Industry, Nuclear)	XX – in Chinese from CN
16:45 – 17:00	Example Security Control: Whitelisting & Blacklisting for OT	VE
17:00 – 17:30	End of 1st  Day Question Round	all
18:30	歡迎晚餐/Welcome Dinner

 
 

第二天/2st  Day – 2019-03-28 [Technical]
時(shí)間	內(nèi)容/Topic	演講者/Presenter
開場白/Introduction
09:00 – 09:10	Summary of previous day	Venesa Watson (VE)
09:10 – 09:20	Overview and scope for 2nd  day of Training & Workshop	Dr. Karl Waedt (KA)
電氣系統(tǒng)信息安全/Security for Electrical Power Systems (EPS)
09:20 – 09:35	EPS Architectures and Equipment (SIPROTEC)	VE, DE, DA
09:35 – 10:05	Security Controls for Electrical Power Systems (EPS) EPS in the Asherah NPP Model (AEA CRP)	KA, DE, DA – 30 min
功能安全與接口/Functional Safety & Security Interface
10:05 – 10:30	Considering Nuclear Safety & Security (IEC 62589) Considering Functional Safety & Security (IEC TR 63069) Safety & Security Interface Guide/DKE TBINK AK IT-Security	IN VE, IN, XI – 25 min IN
10:30 – 11:00	會(huì)間茶歇/Coffee Break
11:00 – 11:25	Attribute Based Access Control for Plants and Station Control	VE, JO
安全測試/Security Testing
11:25 – 11:45	Security Testing in Main Lifecycle Phases	KA, IN
11:45 – 12:00	Security Testing during Development (ISO/IEC/IEEE 29119)	KA, XI, IN
12:00 – 12:15	Security Testing Guidance in China (IT, Industry, Nuclear)	XX – in Chinese from CN
12:15 – 12:30	Pen Testing and Smart Fuzz Testing (DEFENSICS/synopsis)	VE, RA
12:30 – 13:30	午餐/Lunch Break
安全治理與應(yīng)用安全/Security Governance and Application Security
13:30 – 13:50	Application Security Controls (ASCs)	KW, AS, XI
13:50 – 14:10	Security Along the Supply Chain	VE, IN
14:10 – 15:00	Secure Configuration (BIOS, SCALANCE, Firewall) and Security Hardening (OS Level, SLES, RHEL, Windows)	VE, DE AS, IN
15:00 – 15:30	會(huì)間茶歇/Coffee Break
15:30 – 15:50	Developments in Crypto Standardization for Real-time	VE
安全開發(fā)/Secure Development
15:50 – 16:30	Secure Software Development Guidance (ISO/IEC TR 24772) & Secure FPGA/HDL Development Environment (IEC 62566)	KA, IN, XI AS, SA
16:30 – 16:45	Secure Development Guidance in China (IT, Industry, Nuclear)	XX – in Chinese from CN
16:45 – 17:00	Independent Security V&V, Certification for Industry & Nuclear	KA, IN
17:00 – 17:30	End of 2nd  Day Question Round	all
18:30	晚餐/Dinner

 
 

第三天/3rd  Day – 2019-03-29 [Technical & Management]
時(shí)間	內(nèi)容/Topic	演講者/Presenter
安全法規(guī)與控制/ Cybersecurity Regulation
09:00 – 09:10	Summary of previous days	Dr. Karl Waedt (KA)
09:10 – 09:40	E.g. National Cybersecurity Regulation	Mr. Kim, Korea
09:40 – 9:55	Sino-German Cooperation in Industry 4.0/IM: Safety & Security	KA, XI
09:55 – 10:30	Major Cybersecurity IAEA topic	Mr. Michael Rowland
10:30 – 11:00	會(huì)間茶歇/Coffee Break
11:00 – 11:25	CN Presentation – e.g. HTR Cybersecurity	XX – in Chinese from CN
11:25 – 11:45	Application and Organization Normative Framework for Security	KA, AS
11:45 – 12:15	Nuclear IEC Cybersecurity Controls – IEC 63096 Concepts	VE, XI
12:15 – 12:30	Cybersecurity training concepts for nuclear and Industry 4.0/IM	KA
12:30 – 13:30	午餐/Lunch Break
13:30 – 14:00	Safe Engineering in the Digital Age	Mr. Peter Sieber
14:00 – 14:15	CN Presentation – e.g. security for one Chinese I&C platform	XX – in Chinese from CN
14:15 – 14:30	CN Presentation – e.g. by SNERDI/SNPAS	XX – in Chinese from CN
總結(jié)與展望/Conclusion and Outlook
14:30 – 14:50	Questions & feedback	all
14:50 – 15:00	Final discussion and outlook to further events	all
15:00	End of 3rd  day Training & Workshop

 
 
 
附件 2
 
 
 
 
 
 
核電廠網(wǎng)絡(luò)安全技術(shù)國際交流與培訓(xùn)報(bào)名表
 

姓名	性別	工作單位、職務(wù)	聯(lián)系電話	電子郵件	住宿要求   （單間、合?。?/strong>

請將此表于 2019 年 3 月 24 日前發(fā)郵件或傳真至中國核能行業(yè)協(xié)會(huì)信息化專業(yè)委員會(huì)秘書處。
聯(lián)系人：鄭東 15600680181   郵箱：[email protected]   傳真：010-88510021
 
 
 
- 8 -

附件 3
專家簡介
 
Dr. Karl Waedt

Concepts & Architecture / Cybersecurity in Framatome GmbH ICPGDA

He is deputy chair of DKE UK 967.1 (German Mirror Committee of TC45/SC45A), German delegate in TC45/SC45A WG3(I&C) and WG9(Cybersecurity), Chairperson to CEN/CENELEC CLC/TC 45AX (I&C and EPS) and Deputy in KTA UK EL (I&C and ES Board), IAEA TMs pm Cybersecurity, on behalf on German Ministry BMWi, Member of DKE/TBINK Safety & Security by Design, German Delegate in ISO/IEC JTC1/SC27 WG4 Security Controls and Services, Technical R&D Coordinator, together with 6 German University Partners and Member of GI (German Informatics Society) and IEEE.

Venesa Watson

Ph.D. Candidate (Cybersecurity) in Framatome GmbH

She works with a team of eight (8) PhD students as a part of the SMARTEST R&D project, which was formulated to combine the competences of universities/colleges with industry to develop test procedures for the systematic security analysis of the IT security of computerized nuclear process control systems. The project seeks to identify as many weak points as possible in these control systems, with the overall aim to lower the risk of critical incidents. They employ various security testing methods such as fuzzing, remote code execution, packet injection and forensics examination to achieve the goals of the project. Her focus is on fuzzing of the systems and other message manipulation attacks, where both public and proprietary protocols are analysed and used.

Peter Sieber

Vice President Norms and Standards, Vice President Region China in HIMA Paul Hildebrandt GmbH

He is Responsible for HIMA business in China, Coordination of Norms & Standard activities  and  Review  and  Expansion  of  HIMA  Portfolio.  He  has  participated  at
development of IEC 61508/61511, EN 50156, IEC 62443, IEC TR 63069, IEC 62337,
IEC 62382 AND IEC 62881.