GB/Z 43030-2023
Low voltage switchgear and control equipment cyber security (English Version)
- Standard No.
- GB/Z 43030-2023
- Language
- Chinese, English version preview
- Release Date
- 2023
- Published By
- General Administration of Quality Supervision, Inspection and Quarantine of the People‘s Republic of China
- Latest
- GB/Z 43030-2023
- Scope
- This document applies to the main safety-related functions of switchgear and controlgear throughout their life cycle. It applies to wired and wireless data communication methods and the physical accessibility of the equipment within the limits of its environmental conditions. This document aims to increase awareness of safety aspects and provide guidance and requirements for reasonable countermeasures to reduce risk vulnerabilities. This document focuses on potential risk vulnerabilities leading to: ——Unintended operation of switchgear, controlgear or sensors, which may lead to hazardous situations; ——Failure of protection functions (overcurrent, ground leakage current, etc.). This document does not include safety requirements for information technology (IT) and industrial automation and control systems (IACS). It is only used to guide the use of appropriate safety countermeasures in switchgear and controlgear, which are derived from the basic safety publication ISO/IEC27001 and the common safety publication IEC62
- Introduction
Analysis of the core content of the standard
This standard is equivalent to IEC TS63208:2020. Aiming at the cybersecurity risks of low-voltage switchgear and control equipment throughout their life cycle, it proposes a three-dimensional protection system covering physical security, communication security and system integrity.
Comparison of Key Technical Requirements
Security Elements SL-1 Requirements SL-4 Requirements Firmware Authentication Basic Digital Signature X.509 Certificate + CRL Revocation Check Communication Encryption SSL/TLS IPsec VPN+Secure Modbus Physical Protection Mechanical Locks Tamper-Proof Housing + Access Log
Typical Application Scenarios
Protection against malicious firmware upgrades (Use Case B.2)
Through the cryptographic signature verification mechanism of the circuit breaker, attackers are prevented from launching logic bomb attacks by forging firmware. Implementation points include:
- Use FIPS186-4 standard asymmetric algorithm
- Secure boot verification chain
- Regular CRL list update
Implementation recommendations
Building a defense-in-depth system
- Network layering: Isolate OT/IT networks according to CF1-CF3 functional levels
- Access control: RBAC mechanism + least privilege principle
- Continuous monitoring: Audit log integrity protection (see 7.4.6)
Standard evolution analysis
This standard introduces the IEC62443 safety level (SL) into the low-voltage electrical appliance field for the first time, and will be integrated into the IEC60947-1 general standard in the future. Together with GB/T22080, GB/T42456 and other standards, it forms a cluster of industrial control system network security standards.
GB/Z 43030-2023 history
- 2023 GB/Z 43030-2023 Low voltage switchgear and control equipment cyber security