核協信專函〔2019〕7 號
 
 
關于召開核電廠網絡安全技術國際交流與
培訓會議的通知
 
各有關單位：
為加強核電廠網絡安全建設，促進核電廠網絡安全法規 標準和技術的國際交流，提升核電行業從業人員對國內外核 電廠網絡安全法規標準、安全策略、防護技術的理解和認識。 中國核能行業協會信息化專業委員會定于2019年3月27日
-29日在深圳舉辦核電廠網絡安全技術國際交流與培訓會議。 會議由中國核能行業協會信息化專業委員會主辦，中廣
核工程有限公司承辦，Framatome GmbH 協辦。主辦方將邀請 德國、韓國、加拿大等國際核電網絡安全法規標準方面的專家學者，國際電工委員會、國際原子能機構等單位的專家代 表和咨詢顧問出席活動，并計劃邀請工信部、國防科工局、 國家核安全局、國家能源局、國家信息技術安全研究中心、 國家核安保技術中心、環保部核與輻射安全中心、國家工業

 

宜通知如下：
一、交流和培訓的目標
通過培訓，提升從業人員對國內外核電網絡安全相關法 規標準的理解和認識，學習網絡安全策略、防護技術手段， 了解前沿學術進展、國內外網絡安全的良好實踐；通過研討 會，促進國內外核電行業網絡安全前沿動態的學術溝通、經 驗反饋與合作探索。
二、時間和地點
時間：2019年3月27日-29日（培訓時間為27-28日，研 討會時間為29日，培訓學員需于26日下午報到，參加研討會 專家可于28日下午報到）
地點：深圳市龍崗區天安數碼城5號樓 中廣核工程有限 公司（設計院）
三、邀請人員
核電行業各集團（公司）負責信息安全部門領導，核能 行業相關設計、建設、運行、服務單位中從事設計、運行、 生產、維修、儀控、信息化建設、信息安全及文檔管理等崗位和專業的領導和技術人員、中國核能行業協會核電運行分 會成員單位和網絡與信息安全工作組成員單位。
四、活動安排
詳見《日程安排》（附件1）。

五、報名和費用
1.會議收取注冊費，收費標準為：中國核能行業協會會 員單位 4800 元/人，非會員單位 6800 元/人。
2.注冊費可以報到當天繳納，或者提前匯款至中國核能 行業協會。
名稱：中國核能行業協會開戶銀行：中國銀行北京西三環北路支行 賬號：338966139210
3.請各參會單位于 2019 年 3 月 24 日前，將會報名表（附 件 2）發送郵件或傳真至中國核能行業協會信息化專業委員 會秘書處。
六、其他事宜
1．參加培訓的學員經考核評定合格者，將由中國核能 行業協會信息化專業委員會將頒發合格證書。經考核評定優 秀者將另外頒發優秀學員證書。
2．參加培訓的學員需要提交一寸免冠證件照（電子版）。
3．培訓和交流語言是英語。
4．會務組統一安排住宿，費用自理（住宿酒店另行通知）。
七、聯系人 鄭東，15600680181，[email protected]。 胡兵（中廣核工程有限公司），18806653007。

特此通知。
 
 
附件：1.日程安排
2.報名表
3.專家簡介

中國核能行業協會信息化專業委員會 2019 年 3 月 5 日

 
主送：中國核工業集團有限公司、中國核工業建設股份有限公司、中國廣核電力股份有限公司、國家電力投資集 團有限公司、中國華能集團有限公司、地方政府核電辦、產業協會聯盟、核工業計算機應用研究所、中國 核能行業協會網絡與信息安全工作組成員單位、中國 核能行業協會及各會員單位

 
 
 
附件 1
 
Nuclear Cybersecurity Training & Workshop
on Safety I&C, Operational I&C and Electrical Power Systems (EPS)
27-29 March 2019, 深圳/Shenzhen
 

第一天/1st  Day – 2019-03-27 [Technical]
時間	內容/Topic	演講者/Presenter
開場白/Introduction
09:00 – 09:20	Welcome by CNEA, Shenzhen host and invited speakers	CNEA, CGN, Framatome
09:20 – 09:30	Introduction of participants and trainers	all
09:30 – 09:40	Overview and scope of Training & Workshop	Dr. Karl Waedt (KW)
開場白/Cybersecurity Challenges
09:40 – 10:10	Cybersecurity – New Challenges for Industry and Worldwide Technical Trends	Venesa Watson (VE)
10:10 – 10:30	Gradual Progress of Cybersecurity in the Nuclear Domain	KA
10:30 – 11:00	會間茶歇/Coffee Break
11:00 – 11:20	Cybersecurity Incidents in Nuclear and Critical Infrastructure	VE, XI, IN
信息安全設計/Security by Design
11:20 – 11:40	Safety DiD and Security DiD (IAEA NP-T-2.11, IAEA NSS)	KA
11:40 – 12:00	Security Grading in China (IT, Industry, Nuclear)	XX – in Chinese from CN
12:00 – 12:30	Asset Management of Security Artefacts (ISO/IEC 19770)	KA, AS, IN
12:30 – 13:30	午餐/Lunch Break
13:30 – 14:00	Cybersecurity in Industry 4.0, RAMI	KA, XI
14:00 – 14:30	Domain Based Security (DBSy, HMG IA) and Security Architecture and Design / Modeling (IEC 62714)	KA XI
信息安全控制/Security Controls for IT and OT
14:30 – 15:00	Security Requirements, Objectives and Controls - JTC1/SC27	KA, AS
15:00 – 15:30	會間茶歇/Coffee Break
15:30 – 16:10	Security Controls Overview (IAEA, IEC, US NRC, NEI) Generic Structuring by ISO/IEC 27002 and ISO/IEC 27009 Controls for non-nuclear Energy Utilities (ISO/IEC 27019)	KA – 40 min VN XI
16:10 – 16:30	Safety & Security Grading, Security Maturity Level (IEC 62443) Controls for process industry (IEC 62443)	VE KA à 20 min
16:30 – 16:45	Security Controls Guidance in China (IT, Industry, Nuclear)	XX – in Chinese from CN
16:45 – 17:00	Example Security Control: Whitelisting & Blacklisting for OT	VE
17:00 – 17:30	End of 1st  Day Question Round	all
18:30	歡迎晚餐/Welcome Dinner

 
 

第二天/2st  Day – 2019-03-28 [Technical]
時間	內容/Topic	演講者/Presenter
開場白/Introduction
09:00 – 09:10	Summary of previous day	Venesa Watson (VE)
09:10 – 09:20	Overview and scope for 2nd  day of Training & Workshop	Dr. Karl Waedt (KA)
電氣系統信息安全/Security for Electrical Power Systems (EPS)
09:20 – 09:35	EPS Architectures and Equipment (SIPROTEC)	VE, DE, DA
09:35 – 10:05	Security Controls for Electrical Power Systems (EPS) EPS in the Asherah NPP Model (AEA CRP)	KA, DE, DA – 30 min
功能安全與接口/Functional Safety & Security Interface
10:05 – 10:30	Considering Nuclear Safety & Security (IEC 62589) Considering Functional Safety & Security (IEC TR 63069) Safety & Security Interface Guide/DKE TBINK AK IT-Security	IN VE, IN, XI – 25 min IN
10:30 – 11:00	會間茶歇/Coffee Break
11:00 – 11:25	Attribute Based Access Control for Plants and Station Control	VE, JO
安全測試/Security Testing
11:25 – 11:45	Security Testing in Main Lifecycle Phases	KA, IN
11:45 – 12:00	Security Testing during Development (ISO/IEC/IEEE 29119)	KA, XI, IN
12:00 – 12:15	Security Testing Guidance in China (IT, Industry, Nuclear)	XX – in Chinese from CN
12:15 – 12:30	Pen Testing and Smart Fuzz Testing (DEFENSICS/synopsis)	VE, RA
12:30 – 13:30	午餐/Lunch Break
安全治理與應用安全/Security Governance and Application Security
13:30 – 13:50	Application Security Controls (ASCs)	KW, AS, XI
13:50 – 14:10	Security Along the Supply Chain	VE, IN
14:10 – 15:00	Secure Configuration (BIOS, SCALANCE, Firewall) and Security Hardening (OS Level, SLES, RHEL, Windows)	VE, DE AS, IN
15:00 – 15:30	會間茶歇/Coffee Break
15:30 – 15:50	Developments in Crypto Standardization for Real-time	VE
安全開發/Secure Development
15:50 – 16:30	Secure Software Development Guidance (ISO/IEC TR 24772) & Secure FPGA/HDL Development Environment (IEC 62566)	KA, IN, XI AS, SA
16:30 – 16:45	Secure Development Guidance in China (IT, Industry, Nuclear)	XX – in Chinese from CN
16:45 – 17:00	Independent Security V&V, Certification for Industry & Nuclear	KA, IN
17:00 – 17:30	End of 2nd  Day Question Round	all
18:30	晚餐/Dinner

 
 

第三天/3rd  Day – 2019-03-29 [Technical & Management]
時間	內容/Topic	演講者/Presenter
安全法規與控制/ Cybersecurity Regulation
09:00 – 09:10	Summary of previous days	Dr. Karl Waedt (KA)
09:10 – 09:40	E.g. National Cybersecurity Regulation	Mr. Kim, Korea
09:40 – 9:55	Sino-German Cooperation in Industry 4.0/IM: Safety & Security	KA, XI
09:55 – 10:30	Major Cybersecurity IAEA topic	Mr. Michael Rowland
10:30 – 11:00	會間茶歇/Coffee Break
11:00 – 11:25	CN Presentation – e.g. HTR Cybersecurity	XX – in Chinese from CN
11:25 – 11:45	Application and Organization Normative Framework for Security	KA, AS
11:45 – 12:15	Nuclear IEC Cybersecurity Controls – IEC 63096 Concepts	VE, XI
12:15 – 12:30	Cybersecurity training concepts for nuclear and Industry 4.0/IM	KA
12:30 – 13:30	午餐/Lunch Break
13:30 – 14:00	Safe Engineering in the Digital Age	Mr. Peter Sieber
14:00 – 14:15	CN Presentation – e.g. security for one Chinese I&C platform	XX – in Chinese from CN
14:15 – 14:30	CN Presentation – e.g. by SNERDI/SNPAS	XX – in Chinese from CN
總結與展望/Conclusion and Outlook
14:30 – 14:50	Questions & feedback	all
14:50 – 15:00	Final discussion and outlook to further events	all
15:00	End of 3rd  day Training & Workshop

 
 
 
附件 2
 
 
 
 
 
 
核電廠網絡安全技術國際交流與培訓報名表
 

姓名	性別	工作單位、職務	聯系電話	電子郵件	住宿要求   （單間、合?。?/strong>

請將此表于 2019 年 3 月 24 日前發郵件或傳真至中國核能行業協會信息化專業委員會秘書處。
聯系人：鄭東 15600680181   郵箱：[email protected]   傳真：010-88510021
 
 
 
- 8 -

附件 3
專家簡介
 
Dr. Karl Waedt

Concepts & Architecture / Cybersecurity in Framatome GmbH ICPGDA

He is deputy chair of DKE UK 967.1 (German Mirror Committee of TC45/SC45A), German delegate in TC45/SC45A WG3(I&C) and WG9(Cybersecurity), Chairperson to CEN/CENELEC CLC/TC 45AX (I&C and EPS) and Deputy in KTA UK EL (I&C and ES Board), IAEA TMs pm Cybersecurity, on behalf on German Ministry BMWi, Member of DKE/TBINK Safety & Security by Design, German Delegate in ISO/IEC JTC1/SC27 WG4 Security Controls and Services, Technical R&D Coordinator, together with 6 German University Partners and Member of GI (German Informatics Society) and IEEE.

Venesa Watson

Ph.D. Candidate (Cybersecurity) in Framatome GmbH

She works with a team of eight (8) PhD students as a part of the SMARTEST R&D project, which was formulated to combine the competences of universities/colleges with industry to develop test procedures for the systematic security analysis of the IT security of computerized nuclear process control systems. The project seeks to identify as many weak points as possible in these control systems, with the overall aim to lower the risk of critical incidents. They employ various security testing methods such as fuzzing, remote code execution, packet injection and forensics examination to achieve the goals of the project. Her focus is on fuzzing of the systems and other message manipulation attacks, where both public and proprietary protocols are analysed and used.

Peter Sieber

Vice President Norms and Standards, Vice President Region China in HIMA Paul Hildebrandt GmbH

He is Responsible for HIMA business in China, Coordination of Norms & Standard activities  and  Review  and  Expansion  of  HIMA  Portfolio.  He  has  participated  at
development of IEC 61508/61511, EN 50156, IEC 62443, IEC TR 63069, IEC 62337,
IEC 62382 AND IEC 62881.