Tiêu chuẩn iso tr 22312 2011

Reference number ISO/TR 2231 2 201 1 (E) © ISO 201 1 TECHNICAL REPORT ISO/TR 2231 2 First edition 201 1 07 1 5 Societal security — Technological capabilities Sécurité sociétale — Capacités technologiq[.]

Refere c e n mb r

ISO/TR 2 312:2 1 (E)

©

ISO 2 1

First e it io

2 1 -0 -15

Séc rité so ciétale — Ca a ité te h olo giq ue

COPY R IGHT PR OTECTED DOCUMENT

© ISO 2 1

A ll rig t s re erv ed Unle s ot herw is s ec ifie , n p rt of t his p blc at io ma b re ro uc ed or ut ilz d in a y form or b a y me n ,

elec tro ic or mec ha ic al in lu in p ot oc opyin a d mic rofim, wit ho t p rmis io in writ in fom eit her ISO at t he a dre s b low or

ISO's memb r b d in t he c ou t ry of t he re u st er

ISO c opy rig t ofic e

Ca e p st ale 5  C - 21 Ge ev a 2

Tel + 41 2 7 9 01 1

Fa + 41 2 7 9 0 4

E-mai c opy rig t@is org

W eb w w w.is org

Pu ls e in Swit zerla d

© ISO 2 1 – All rig t s re erv ed i

Foreword iv 

Int rodu t ion v 

1  Sco e 1 

2  Ex is n int ern t ion l s c rity st an ardization work 1 

3  Work bein done in ot her t ec nic l commit t ee w it hin ISO, IEC a d ITU- T 2 

4  AHG1 st ud met hodolog 2 

5  R a w re ult s 5 

6  R es lt s 9 

Ann x A (informat iv e) List of ISO Te h ic l Commit t ee involved in s c rity 1  

Bibl ography 13 

iv © ISO 2 1 – A ll rig t s re erv d

Foreword

ISO (t he Int ernat ional Organizat ion for St an ardizat ion) is a w orldw ide federat ion of nat ional st an ard b dies

(ISO memb r b dies) The w ork of pre arin Int ernat ional St an ard is normaly c aried out t hrou h ISO

t ec hnic al c ommit t ees Eac h memb r b dy int erest ed in a s bjec t for w hic h a t ec hnic al c ommit t ee has b en

est abls ed has t he rig t t o b re resent ed on t hat c ommit t ee Int ernat ional organizat ion , gov ernment al an

non-gov ernment al, in laison w it h ISO, also t ak e p rt in t he w ork ISO c ola orat es c losely w it h t he

Int ernat ional Elec t rot ec nical Commis ion (IEC) on al mat t ers of elec t rot ec hnic al st an ardizat ion

Int ernat ional St an ard are draft ed in acc ordanc e w it h t he rules giv en in t he ISO/IEC Direc t iv es, Part 2

The main t ask of t ec hnic al c ommit t ees is t o pre are Int ernat ional St an ard Draft Int ernat ional St an ard

ado t ed b the t ec hnic al c ommit t ees are c irc ulat ed t o t he memb r b dies for v ot i g Publc at ion as an

Int ernat ional St an ard req ires a prov al b at le st 7 % of t he memb r b dies c ast in a v ot e

In ex ce t ional c irc umst anc es, w hen a t ec hnic al c ommit t ee has c olec t ed dat a of a diferent k in fom t hat

w hic is normaly publs ed as an Int ernat ional St an ard ( st at e of t he art ”, for ex ample), it ma dec ide by a

simple majorit y v ot e of it s p rt ic ip t i g memb rs t o publs a Tec hnic al Re ort A Tec hnic al Re ort is entirely

informat iv e in nat ure an do s not hav e t o b rev iew ed u t il t he dat a it prov ides are c on idered t o b no

lon er v ald or u eful

At t en on is draw n t o t he p s ibi t y t hat some of t he element s of t his doc ument ma b t he s bjec t of p t ent

rig ts ISO s al not b held resp n ible for ident ify in any or al s c h p t ent rig t s

ISO/TR 2 312 w as pre ared b Tec hnic al Commit t ee ISO/TC 2 3, So ietal Se urity

© ISO 2 1 – All rig t s re erv ed v

Int roduct ion

In ISO/TC 2 3's bu ines plan v ersion 1 fom 2 0 -1 -2 , t he sc op of ISO/TC 2 3 is defined as int ernational

st an ardizat ion in t he are of soc iet al sec urit y , aimed at inc re sin c risis an c on n it y management an

c ap bi t ies t hrou h t ec hnic al, h man, organizat ion, o erat ional, an management a pro c hes as w el as

o erat ional fu c t ionalt y an int ero era i t y , as w el as aw arenes amon st al int erest ed p rt ies an

st ak eholders

ISO/TC 2 3 w il w ork t ow ard int ernat ional st an ardizat ion t hat prov ides prot ec t ion fom an resp n e t o risk s

of u int en onaly , int en onaly , an nat uraly c au ed c rises an disast ers t hat disrupt an have c on eq enc es

on soc iet al fu c t ion The commit t ee w il u e an al-haz ard p rsp c t iv e c ov erin t he phases of emergenc y

an c risis management b fore, d rin , an aft er a soc iet al sec urit y inc iden

ISO/TC 2 3 w il ad res an s p lement is ues not c urent ly ad res ed b ot her t ec hnical c ommit t ees or

int ernat ional b dies w it h w hic h ISO has formal agre ment s

From t his sc op , it is c le r t hat ISO/TC 2 3 has set it s go ls t o dev elo Int ernat ional St an ard in t he are of

soc iet al sec urit y t hat w il relat e t o c risis an c on n it y management fom a n mb r of diferent an les, amon

t hem t he folow in :

 t he c au e of t he c risis; t he c au e of t he c risis relat es t o int en onal (i.e c rime or t eror), u int en onal, i.e

ac c ident s c au ed b p rson , an nat ural;

 t he phase of t he c risis; t he phase of t he c risis is defined as b fore, d rin an aft er;

 t he element s of t he management of t he c risis; t hese element s inc lu e t ec nic al, h man, organizat ional,

o erat ional an managemen

In ad it ion, t he sc op of ISO/TC 2 3 is u iq e fom a t y pic al t ec hnic al c ommit t ee in t hat ISO/TC 2 3 has

t ak en a holst ic a pro c h t o t he Int ernat ional St an ard t o b dev elo ed an t he emphasis is on dev elo in

delv era les t hat w il c ont ribut e t o improv in t he resi enc e of soc iet y The w ork is not t o b foc used on a

sp cific t y pe of Int ernat ional St an ard, i.e a management sy st em, t erms, a sp cific at ion, or t o b foc used on

a sp cific t ec hnologic al field or c ap bi ty , but in regard t o t he c ont ribu on t he Int ernat ional St an ard has to

t he resi en e of soc iet y w it h t he c on it ion t hat t he s bject of t he Int ernat ional St an ard is not c urent ly b in

ad res ed by ot her t ec hnic al c ommit t ees or int ernat ional b dies w it h w hom ISO has formal agre ment s

To ac iev e its go ls, ISO/TC 2 3 has est abls ed, at t he b gin in of it s ac t iv it ies, t hre w ork in groups t o

dev elo a famew ork doc umen v oc abulary an an inc ident management famew ork w hic h w as c aled

c omman an c ont rol, c oordinat ion an c oo erat ion In ad it ion t o t hese t hre W Gs, t he TC est abls ed a

t ask group w hic h foc used on set t in a b se for t he dev elo ment of relev ant management sy st em st an ard

This t ask group ev olv ed an b c ame a fourt h W G w hic foc used on develo in management sy st em

Int ernat ional St an ard for soc iet al sec urit y relat ed ev ent s, i.e emergen y managemen c risis managemen

bu ines c ont in it y managemen ISO/TC 2 3 did not foc s on t ec hnic al c ap bi t ies an t he ne d for

t ec hnic al Int ernat ional St an ard u t il t he est abls ment of t he Ad-ho group on soc iet al sec rit y t ec hnologic al

c ap bi t ies w as c re t ed

The ne d for inc lu in t he dev elo ment of t ec hnic aly orient ed Int ernat ional St an ard in t he field of soc iet al

sec urit y in t he sc op of ISO/TC 2 3 w as v oic ed an adv oc at ed by Isra l fom t he st age w hen t he first draft of

t he bu ines plan w as pre ared The logic w as t hat t he delv era les of ISO/TC 2 3 s ould giv e a c omplet e

solut ion for sec urit y an eq ipment an , t herefore, sec urit y sy st ems are a v it al piec e of t he eq at ion

Based on t his, in it s 2 0 sprin plenary me t in held in Se ul, ISO/TC 2 3 p s ed a resolu on t o form t he

Ad-hoc group (AHG1) t o c on uc t a six -mont h st udy in w hic t he k ey soc ietal sec urit y t ec hnologic al domain

w il b iden fied an rec ommen at ion made t o t he TC on how t o de l w it h t hem

© ISO 2 1 – A ll rig t s re erv ed 1

The purp se of t his Tec hnic al Re ort is t o doc ument t he k now led e ac c umulat ed in t he six -mont h study

p riod c on u t ed b ISO/TC 2 3/Ad-ho group 1 (AHG1), in w hic h AHG1 ex amined t he diferent ex ist in

av aia le t ec hnologies w hic h w ould b relev ant t o stan ardize w it hin t he field of soc iet al sec urit y

The t erms of referen e of t he AHG1 are as folow s:

 iden fy t he “k ey t ec hnic al domain ” t hat are imp rt ant for t he w ork of t he c ommitt ee;

 rec ommen how t he c ommit t ee s ould de l w it h iden fied “k ey t ec hnic al domain ”

2 Ex ist ing int ernat ional security st andardiz t ion w ork

The AHG1 w as formed an w as comprised by a c onvenor an ex pert s fom w it hin t he P-memb rs of

ISO/TC 2 3 The first st age w as t o iden fy w ork b in done b rec og ized St an ard Dev elo ment

Organizat ion (SDOs) t hat c an c ont ribut e t o t he mis ion of t he AHG1 The ac t iv it ies t hat w ere ident ified are

out lined in 2.2 t o 2.5

2.2 A NSI- Homela d Se urit y St andards Pa el (HSSP)

A n mb r of w ork sho s w ere organized t o ex plore diferent elements related t o homelan sec urit y w hie

foc usin on ga s an t he c ontribu on st an ard c an hav e on t he aw arenes an pre ared es of soc iety t o

me t sec rity c halen es The w ork sho s that w ere st udied b t he AHG1 inc lu ed t he St an ardizat ion

R elat ed t o Biologic al an Chemic al Thre t Agent s w ork sho , t he Biomet ric s St an ardizat ion w ork sho , t he

Emergen y Commu ic at ion w ork sho , t he St an ardizat ion for Ent erprise Pow er Sec urit y an Con n it y

w ork sho , t he Trainin Program St an ardizat ion for First R esp n e t o W ea on of Mas Dest ruc t ion (W MD)

Ev ent s w ork sho , t he Perimet er Sec urity w ork sho an t he Tran it Sec urit y St an ardizat ion w ork sho

2.3 CEN BT/W G 161 Prot ec on of t he Cit izen

At t he req est of t he EU, CEN has est abls ed a st rategic group t o ex plore t he diferent asp c ts of t he sec urit y

of t he Euro e n publc an det ermined w here st an ardizat ion c an mak e a c ont ribut ion This group formed a

n mb r of ex pert groups w hose re ort serv ed as mat erial an informat ion for t he AHG1 The re ort s u ed b

t he AHG1 inc lu e Crit ic al Infast ruc t ure – Buidin s an Civ il En ine rin W ork s mini bu ines ; Chemic al,

Biologic al, Radiologic al an Nuc le r (CBRN) bu ines plan; Critical Infast ruc t ure-Energy Sup ly final re ort ;

Sup ly c hain final re ort ; Int egrat ed Border Management re ort ; W at er s p ly sec urit y mini bu ines

program; Emergen y Serv ic es bu ines plan; an the Defen e again t Teror (DAT) bu ines plan

2.4 ISO/IEC/ITU- T/SA G- S

ISO's Tec hnic al Management Bo rd (TMB) est abls ed an Adv isory Group on Sec urit y (AGS) t o c on uc t a

rev iew of ex is n ISO delv era les relat ed t o t he field of sec urit y , as es t he ne d of al relev ant

st ak eholders for int ernat ional sec rit y st an ard , as es relev ant st an ard dev elo ed b ot her organizat ion

2 © ISO 2 1 – A ll rig t s re erv ed

t hat ma s p ort int ernat ional ne d for sec rit y stan ard , an rec ommen act ion t o b t ak en b the

ISO Cou c il an /or ISO/TMB on s bject s w it hin t he field of sec urit y t hat ma b nefit fom t he dev elo ment of

Int ernat ional St an ard an t hat ISO w ould hav e t he c ap bi t y t o prov ide The final re ort w as u ed b t he

AHG1

2.5 A sian- Pa ific Ec nomic Coopera on (A PEC) and St andards Aust ral a init ia v e

St an ard Au t rala an APEC init iat ed a s rvey w hose res lts w il b u ed t o promot e a b t t er st an ard

infast ruc t ure for sec rit y Crit ic al Infast ruc t ure an Sup ort Sy st ems The rat ional an b c k grou d

doc ument s w ere u ed b t he AHG1

In ad it ion t o t he a ov e doc ument at ion, t here are SDO's dev elo in st an ard relat ed t o sec urit y at t he

nat ional lev el s c h as SI an t here are diferent in u t ries w it h sec urit y relat ed prod c t s t hat are ex plorin t he

p s ibi t y t o promot e t he u e of t his t y pe of eq ipment b iden fy in an set t in st an ard for nec es ary

c ap bi t ies t hat c an b sat isfied b u in t ec hnologies

3 Work being done in ot her t echnical c mmit t ees w it hin ISO, IEC and ITU- T

ISO/TC 2 3 w il ad res an s p lement is ues not c urent ly ad res ed b ot her t ec hnic al c ommit t ees or

int ernat ional b dies w it h w hic ISO has formal agre ment s ISO/TC 2 3 w il not init iat e st an ard ' projec t s

t hat fal w it hin t he sc op of ex is n TCs, w het her ISO, IEC or ITU-T The ne d for st an ard in t he sec urit y

domain has b en not ed b ISO, IEC an ITU-T an ac t iv it ies hav e b en init iat ed The outst an in init iat iv es

are as folow s

3.2 ISO

ISO has formed an adv isory group on sec urit y w hic w as giv en t he t ask t o ev aluat e t he ga s in sec urit y

st an ardizat ion an mak e rec ommen at ion t o t he TMB Amon t he rec ommen at ion w as t he ne d t o form

a St rat egic Adv isory Group for Sec rit y (SAG-S) The re ort also lst s t he ISO/TCs t hat are inv olv ed in

sec rit y This lst w as rev ised b t he ISO/IEC/ITU/SAG-S The lst of t he ISO/TCs inv olv ed in sec urity as

st at ed in t he AGS w it h t he ad it ional lst as disc us ed in t he SAG-S me t in is giv en in Anne A

3.3 IEC

IEC s bmit t ed a re ort t o t he SAG-S in Jan ary 2 0 s ow in t he sec urit y ac tiv it ies in t he IEC The are s

st at ed are alarm sy st ems an ac c es c ont rol It s ould b not ed t hat IEC/TC 7 , Alarm Sy st ems, is inv olv ed in

sec urit y -relat ed w ork w hic c on ist s of t he pre arat ion of stan ard for det ec t ion, alarm an monit orin

sy st ems for prot ect ion of p rson an pro ert y , an for element s u ed in t hese sy st ems

3.4 ITU- T

ITU-T has b en ru nin a sec urit y st an ardizat ion program for sev eral y ears The are s in w hic h ITU-T is

foc usin are t ele-biometric s, sec urit y managemen mo i t y sec urit y , c y bersec urit y , home-net w ork in sec urit y ,

NGN sec urit y , c ou t erin sp m an emergenc y t elec ommu ic at ion

Sinc e t his efort is t he first st ep in int rod c in t ec hnic al Int ernat ional St an ard int o t he w ork of ISO/TC 2 3,

t he main o jec t iv e is t o loc at e k ey t ec hnic al domain t hat c ont ain prod c ts an t ec hnologies w hic h are c le rly

c an idat es for st an ardizat ion proc es es w it hin ISO/TC 2 3 The Int ernat ional St an ard w hic w il b

iden fied w il hav e mark et relev anc e an b of int erest t o defined p rt ies, inc lu in in u t ry , reg lat ors an

© ISO 2 1 – All rig t s re erv ed 3

en u ers Based on t his, t he t ec hnic al Int ernat ional St an ard t o b in t he foc us of t he AHG1 w il hav e t he

at t ribut es out lined in 4.2

4.2 The k y t echnical area's at t ribut es

 The t opic of t he Int ernat ional St an ard is not c ov ered b any ot her Int ernat ional St an ard ' c ommit t ee

w it hin ISO or ot her st an ard ' organizat ion s c as t he IEC or ITU-T

 The t ec hnology or prod ct s bjec t ed t o b in st an ardized is t ec hnic aly mat ure

 The Int ernat ional St an ard w il foc us on t he fu c t ion/perormanc e (c ap bi t ies) req irement s an not on

proc urement sp cific at ion or prod c t st an ardizat ion

 The Int ernat ional St an ard w il hav e mark et an glo al relev anc e

 There are st ak eholders w it h a sp cific int erest in dev elo in t he Int ernat ional St an ard (i.e in u t ry ,

ac ademia, gov ernment an en u ers)

4.3 Met hod

The AHG1 w as c ommis ioned t o iden fy t he k ey t ec hnic al domain t hat are a plc able t o soc iet al sec urit y In

order t o analy ze t he field of sec urit y , t he AHG1 u ed a sec urit y model c ommonly u ed b t he diferent SDOs

in t heir purs it of ga s t o b fi ed by Int ernat ional St an ard Se Fig re 1

Threats

Target s

Re o rc s (e.g W at er)

Infra t ruc ture (e.g Buidin s)

Net work s (e.g IT)

Tra s ort (e.g Su ply Ch in)

Pu lc He lt h (e.g Ho pit als)

In u t rialBa e (e.g Refin rie )

Explo ives, Ch mic al,Biolo ic al,

Ra /Nuc le r, Cyber, Co v ent io al

We p n ,Phy sic al Objec ts,

Huma Bein s, Nat ural Dis st ers

Prot ec t io

Det ec t io

Id nt ific at io

Mit ig t io

Re t orat io

Fig re 1 — Thre - dime sion l s c rit y g ps model

The model is b sed on definin t hre dimen ion : t argets, t hre ts an phases of an inc iden in t he

ISO/TMB/AGS t he t hird dimen ion is c aled “c ou t erme s res” The AHG1 ad ed an ad it ional dimen ion,

t he 4t h dimen ion: b sic sec urit y c ap bi t ies The AHG1 c ompied an ex hau t iv e lst for al four dimen ion -

draw in t he ro dma Based on t his ls t he AHG1 ident ified t he t ec hnologic al c ap bi t ies The AHG1

ac hiev ed t his b t he folow in st eps out lined in 4.3.2 an 4.3.3

4 © ISO 2 1 – A ll rig t s re erv ed

4.3.2 Dat a cole t ion

Mu h sec urity st an ard ga analy sis w ork has b en done w it hin st an ard dev elo ment organizat ion

These doc ument s an re ort s hav e b en u ed b t he AHG1 w here relev ant an u ed for c ompi n a lst of

t he elements of t he four dimen ion men oned a ove The rec ommen at ion made in t hese doc uments has

also b en c on idered b t he AHG1 w hen draft i g rec ommen at ion for ISO/TC 2 3 The folow in is a p rt ial

lst of sourc es an publc at ion :

 ISO/TMB/AGS, final re ort;

 ANSI/HSSP, final re ort s fom t he w orksho s;

 CEN/BT/W G 161, final bu ines plan fom nine ex pert groups an ad it ional relev ant doc ument s;

 St an ard Aust rala, Crit ic al infast ruc t ure sec urit y st an ard s rv ey ;

 APEC, Crit ic al Infast ruc t ure an Sup ort Sy st ems St an ardizat ion Projec t

4.3.3 A nalysis

The AHG1 c ompied four lst s, a lst for e c h dimen ion The AHG1 first c ompied t he lst s of t hre ts, t arget s

an phases of an in ident t o foc us t he group, an t hen a lst of t ec hnologies an t ec hnologic al c ap bi t ies t o

form t he 4t h dimen ion Finaly , t he lst of c ap bi t ies w as ex amined an c on idered t o b relev ant b sed on

t he folow in p ramet ers:

 t he c ap bi t y of improv in soc iet al resi enc e;

 t he relev anc e of t he w ork b in done b ISO/TC 2 3;

 t he mat urit y of t he mark et t o s p ly prod c t s t hat me t t he req ired c ap bi t ies;

 t he int erest of t he memb rs of t he AHG1 an ot her st ak eholders in promot i g t he st an ardizat ion of t he

c ap bi t y in q es on

To c ompie t hese lst s, four t eams w ere formed t o ad res e c h of t he lst s