ããã«ã¡ã¯ãã¿ããªïŒ ã¿ããªã倧奜ããªããŒã¿ã«ã«ã¯ãæ
å ±ã»ãã¥ãªãã£åéã®èªå®ã«é¢ããããŸããŸãªèšäºãå€æ°æ²èŒãããŠãããããã³ã³ãã³ãã®ç¬èªæ§ãç¬èªæ§ã䞻匵ããã€ããã¯ãããŸããããããã§ã GIAC (Global Information Assurance Company) ãååŸããç§ã®çµéšãå
±æããããšæããŸããç£æ¥çšãµã€ããŒã»ãã¥ãªãã£åéã®èªèšŒã ãšãããããªã²ã©ãèšèãåºãŠããŠããã
ããããŠIT&OTïŒInformation Technology & Operation TechnologyïŒãšããæŠå¿µãçãŸããŸããã
次ã«ããã« (è³æ Œã®ãªã人å¡ã«äœæ¥ãèš±å¯ãã¹ãã§ã¯ãªãããšã¯æããã§ã)ãããã»ã¹å¶åŸ¡ã·ã¹ãã ãç£æ¥ã·ã¹ãã ã®å®å
šæ§ã®ç¢ºä¿ã«é¢é£ããåéã®å°é家ãèªå®ããå¿
èŠæ§ãçããŸãããã¢ããŒãã®èªå絊氎ãã«ãããé£è¡æ©ã®å¶åŸ¡ã·ã¹ãã ã«è³ããŸã§ããããã¯ç§ãã¡ã®ç掻ã®äžã«ãããŸã (åé¡ã®èª¿æ»ã«é¢ããåªããèšäºãæãåºããŠãã ãã)
ç§ãã©ã®ããã«ããŠè³æ ŒãååŸããå¿ èŠãããããã«ãªã£ãã®ãã«ã€ããŠã®çãæè© (èªã¿é£ã°ããŠãæ§ããŸãã): XNUMX 幎代ã®çµããã«æ å ±ã»ãã¥ãªãã£åŠéšã§ã®å匷ãç¡äºã«çµããç§ã¯ãé ãæ±ããŠèšè£ ã®çŸã®ä»²éå ¥ããããŸãããäœé»æµé²ç¯èŠå ±ã·ã¹ãã ã®æŽå士ãšããŠåããŠããŸããã åœæãäŒæ¥ã§æ å ±ã»ãã¥ãªãã£ã«ã€ããŠæããããããã§ã:) ããããŠãæ å ±ã»ãã¥ãªãã£ã®åŠå£«å·ãååŸããèªåå¶åŸ¡ã·ã¹ãã ã®ã¹ãã·ã£ãªã¹ããšããŠã®ç§ã®ãã£ãªã¢ãå§ãŸããŸããã XNUMX 幎åŸãSCADA ã·ã¹ãã éšéã®è²¬ä»»è ã«æé²ããåŸãç§ã¯éè·ãããœãããŠã§ã¢ãšæ©åšããã³ããŒããå€è³ç³»äŒæ¥ã§ç£æ¥çšå¶åŸ¡ã·ã¹ãã ã®ã»ãã¥ãªã㣠ã³ã³ãµã«ã¿ã³ããšããŠåããŸããã ããã§ãèªå®æ å ±ã»ãã¥ãªãã£ã¹ãã·ã£ãªã¹ãã®å¿ èŠæ§ãçããŸããã
SANSã«ã¯ããªãã®æ°ã®ç°ãªãåéããããŸããïŒæè¿ã圌ãã¯ãã®æ°ãå¢ãããããŠãããšç§ã¯æããŸãïŒãéåžžã«èå³æ·±ãå®è·µçãªã³ãŒã¹ããããŸãã ç¹ã«æ°ã«å
¥ããŸãã
SANS ãæäŸããç£æ¥çšãµã€ã㌠ã»ãã¥ãªãã£èªå®ã®ãã¹ãŠã®çš®é¡ã®äžã§ãããã¯æãæ®éçãªãã®ã§ãã XNUMX çªç®ã¯ã西åŽã§ã¯ç¹å¥ãªæ³šç®ãéããŠãããå¥ã®ã¯ã©ã¹ã®ã·ã¹ãã ã«å±ããŠãããã¯ãŒ ã°ãªãã ã·ã¹ãã ã«é¢é£ããŠããŸãã ãã㊠XNUMX ã€ç® (èªå®è³æ ŒååŸæç¹) ã¯ã€ã³ã·ãã³ã察å¿ã«é¢é£ããŸãã
ãã®ã³ãŒã¹ã¯æ±ºããŠå®ãã¯ãããŸããããIT&OT ã«é¢ããéåžžã«åºç¯ãªç¥èãåŸãããšãã§ããŸãã ããã¯ãããšãã°éè¡æ¥çã® IT ã»ãã¥ãªãã£ããç£æ¥çšãµã€ã㌠ã»ãã¥ãªãã£ãªã©ãåéãå€æŽããããšã決ããåå¿ã«ãšã£ãŠç¹ã«åœ¹ç«ã€ã§ãããã ç§ã¯ãã§ã«ããã»ã¹å¶åŸ¡ã·ã¹ãã ãèšè£
ãæäœæè¡ã®åéã§ã®çµéšããã£ãããããã®ã³ãŒã¹ã§ã¯ç§ã«ãšã£ãŠæ ¹æ¬çã«æ°ããããšã極ããŠéèŠãªããšã¯äœããããŸããã§ããã
ã³ãŒã¹ã¯ 50% ã®çè«ãš 50% ã®å®è·µã§æ§æãããŸãã ç·Žç¿äžãæãèå³æ·±ãã³ã³ãã¹ã㯠NetWars ã§ããã äž»èŠãªææ¥çµäºåŸã® XNUMX æ¥éãå šã¯ã©ã¹ã®çåŸå šå¡ãããŒã ã«åãããã¢ã¯ã»ã¹æš©ã®ååŸãå¿ èŠãªæ å ±ã®æœåºããããã¯ãŒã¯ãžã®ã¢ã¯ã»ã¹ãããã·ã¥ã®ä¿é²ãWireshark ã®æäœãªã©ã®ã¿ã¹ã¯ãå®è¡ããŸããããããŠããããçš®é¡ã®ããŸããŸãªã°ããºã
ã³ãŒã¹ææã¯æ¬ã®åœ¢ã§ãŸãšããããŠãããæ°žç¶çã«äœ¿çšã§ããããã«ãªããŸãã ã¡ãªã¿ã«ã圢åŒã¯ãªãŒãã³ããã¯ãªã®ã§åéšããããšã¯ã§ããŸãããè©Šéšæé㯠3 æéã質åæ°ã¯ 115 åã§ãèšèªã¯è±èªã§ãããããããŸã圹ã«ç«ã¡ãŸããã 3æéäžã15åéã®äŒæ©ãå¯èœã§ãã ãã ãã15 åéäŒæ©ãã5 ååŸã«ãã¹ãã«æ»ããšãæ®ãã® 15 åéãæŸæ£ããããšã«ãªãããšã«æ³šæããŠãã ããããã¹ã ããã°ã©ã ã§ã¯æéãæ¢ããããšãã§ããªããªããŸãã æ倧 XNUMX åãŸã§ã¹ãããã§ãã質åã¯æåŸã«è¡šç€ºãããŸãã
å人çã«ã¯ãå€ãã®è³ªåãåŸåãã«ããããšã¯ãå§ãããŸããã3 æéã§ã¯æ¬åœã«æéã足ããŸãããæåŸã«ãŸã 解決ãããŠããªã質åãããå Žåãåçã§ããªãå¯èœæ§ãé«ããªããŸããéã«åããã NIST 800.82 ãš NERC æšæºã®ç¥èã«é¢é£ãããããç§ã«ãšã£ãŠéåžžã«é£ãã XNUMX ã€ã®è³ªåã ããåŸã§æ®ããŠãããŸããã å¿çåŠçã«ã¯ããã®ãããªãåŸã§ãã®è³ªåã¯ãæåŸã®æåŸã§ç¥çµãçããŸããè³ãç²ããŠãããšãããã€ã¬ã«è¡ããããšããç»é¢äžã®ã¿ã€ããŒãæ¥æ¿ã«ã¹ããŒãã¢ããããããã«èŠããŸãã
äžè¬ã«ããã¹ãã«åæ Œããã«ã¯ã71% ã®æ£ççãç²åŸããå¿ èŠããããŸãã è©Šéšãåããåã«ãå®éã®è©Šéšã§ç·Žç¿ããæ©äŒãåŸãããŸããæéã«ã¯ãå®éã®è©Šéšãšåæ§ã®æ¡ä»¶ã§ 2 åã®æš¡æ¬ãã¹ãã 115 åå«ãŸããŠããŸãã
ãã¬ãŒãã³ã°çµäºåŸ XNUMX ãæåŸã«è©Šéšãåããããšããå§ãããŸãããã® XNUMX ãæéã¯ãèªä¿¡ã®ãªãåé¡ã«ã€ããŠèšç»çã«èªç¿ããŠãã ããã ã³ãŒã¹äžã«åãåã£ãåãããã¯ã®çãèŠçŽã®ãããªå°å·ç©ãæã«åã£ãŠããããã®æžç±ã«å«ãŸããŠãããããã¯ã«é¢ããæ å ±ãæå³çã«æ€çŽ¢ãããšããã§ãããã XNUMX ãæã XNUMX ã€ã®éšåã«åããŠãæš¡æ¬ãã¹ããåããèªåãã©ã®åéãåŸæã§ãã©ããæ¹åããå¿ èŠããããã倧ãŸãã«ææ¡ããŸãã
è©Šéšèªäœãæ§æãã次ã®äž»ãªåéã«çŠç¹ãåœãŠãããšæããŸã (ãã¬ãŒãã³ã° ã³ãŒã¹ã§ã¯ãªããããåºç¯ãªãããã¯ãã«ããŒãããŸã)ã
- ç©ççã»ãã¥ãªãã£: ä»ã®èªå®è©Šéšãšåæ§ããã®åé¡ã¯ GICSP ã§å€§ããªæ³šç®ãéããŠããŸãã ãã¢ã®ç©ççãªããã¯ã®çš®é¡ã«é¢ãã質åããããé»åãã¹ã®åœé ã®ç¶æ³ã説æãããŠãããåé¡ãæ確ã«ç¹å®ããããã«åçããå¿
èŠããããŸãã ç³æ²¹ãã¬ã¹ã®ããã»ã¹ãåååçºé»æãéé»ç¶²ãªã©ã®äž»é¡åéã«å¿ããŠãæè¡ïŒããã»ã¹ïŒã®å®å
šæ§ã«çŽæ¥é¢é£ãã質åããããŸãã ããšãã°ã次ã®ãããªè³ªåãèããããŸããHMI ã®èžæ°æž©åºŠã»ã³ãµãŒããã¢ã©ãŒã ãçºçããå Žåã®ç¶æ³ã¯ãã©ã®ãããªçš®é¡ã®ç©ççã»ãã¥ãªãã£å¶åŸ¡ã§ããããå€æããŠãã ããã ãŸãã¯ã次ã®ãããªè³ªå: æœèšã®å¢çã»ãã¥ãªã㣠ã·ã¹ãã ã®ç£èŠã«ã¡ã©ã®ãããªèšé²ãåæããçç±ãšãªãã®ã¯ã©ã®ãããªç¶æ³ (ã€ãã³ã) ã§ãã?
ããŒã»ã³ããŒãžã§èšãã°ãç§ã®è©Šéšããã³æš¡æ¬è©Šéšã«ããããã®ã»ã¯ã·ã§ã³ã®åé¡æ°ã¯ 5% ãè¶ ããªãã£ãããšãããããŸãã
- ãã XNUMX ã€ã®æãåºç¯ãªè³ªåã«ããŽãªãŒã® XNUMX ã€ã¯ãããã»ã¹å¶åŸ¡ã·ã¹ãã ãPLCãSCADA ã«é¢ãã質åã§ããããã§ã¯ãã»ã³ãµãŒããã¢ããªã±ãŒã·ã§ã³ ãœãããŠã§ã¢èªäœãå«ãŸãããµãŒããŒã«è³ããŸã§ãããã»ã¹å¶åŸ¡ã·ã¹ãã ãã©ã®ããã«æ§æãããŠãããã«é¢ããè³æã®ç 究ã«äœç³»çã«ã¢ãããŒãããå¿
èŠããããŸããèµ°ãã ç£æ¥çšããŒã¿è»¢éãããã³ã«ã®çš®é¡ (ModBusãRTUãProfibusãHART ãªã©) ã«é¢ããååãªæ°ã®è³ªåãèŠã€ãããŸãã RTU ãš PLC ã®éããPLC å
ã®ããŒã¿ãæ»æè
ã«ããå€æŽããä¿è·ããæ¹æ³ãPLC ãããŒã¿ãä¿åããã¡ã¢ãªé åãããžãã¯èªäœãä¿åãããå Žæ (ããã»ã¹å¶åŸ¡ã·ã¹ãã ã®ããã°ã©ããŒãäœæããããã°ã©ã ) ã«ã€ããŠã®è³ªåããããŸãã ïŒã ããšãã°ã次ã®ãããªè³ªåããããããããŸãããModBus ãããã³ã«ã䜿çšããŠåäœãã PLC ãš HMI ã®éã®æ»æãã©ã®ããã«æ€åºã§ãããã«ã€ããŠçããŠãã ããã
SCADA ã·ã¹ãã ãš DCS ã·ã¹ãã ã®éãã«é¢ãã質åããããŸãã èªåããã»ã¹å¶åŸ¡ãããã¯ãŒã¯ã L1ãL2 ã¬ãã«ãš L3 ã¬ãã«ã§åé¢ããããã®ã«ãŒã«ã«é¢ãã質åãå€æ°ãããŸã (ãããã¯ãŒã¯ã«é¢ãã質åã®ã»ã¯ã·ã§ã³ã§è©³ãã説æããŸã)ã ãã®ãããã¯ã«é¢ããç¶æ³è³ªåãéåžžã«å€æ§ã§ãããããã¯å¶åŸ¡å®€ã®ç¶æ³ã説æããããã»ã¹ãªãã¬ãŒã¿ãŒãŸãã¯ãã£ã¹ãããã£ãŒãå®è¡ããå¿ èŠãããã¢ã¯ã·ã§ã³ãéžæããå¿ èŠããããŸãã
äžè¬ã«ããã®ã»ã¯ã·ã§ã³ã¯æãå ·äœçã§ãå 容ãéå®ãããŠããŸãã ååãªç¥èãå¿ èŠã§ãã
â èªåå¶åŸ¡ã·ã¹ãã ããã£ãŒã«ãéšåïŒã»ã³ãµãŒãããã€ã¹æ¥ç¶ã®çš®é¡ãã»ã³ãµãŒã®ç©ççç¹åŸŽãPLCãRTUïŒã
â ããã»ã¹ãšãªããžã§ã¯ãã®ç·æ¥ã·ã£ããããŠã³ ã·ã¹ãã (ESD â ç·æ¥ã·ã£ããããŠã³ ã·ã¹ãã ) (ã¡ãªã¿ã«ãHabré ã«ã¯ããã®ãããã¯ã«é¢ããåªããäžé£ã®èšäºããããŸãããŠã©ãžããŒã«ã»ã¹ã¯ãªã£ã« )
â äŸãã°ãç³æ²¹ç²Ÿè£œãçºé»ããã€ãã©ã€ã³ãªã©ã§çºçããç©ççããã»ã¹ã«ã€ããŠã®åºæ¬çãªç解ã
- DCS ããã³ SCADA ã·ã¹ãã ã®ã¢ãŒããã¯ãã£ã®ç解ã
ãã®çš®ã®åé¡ã¯ãè©Šéšã®å š 25 åãéããŠæ倧 115% çºçããå¯èœæ§ãããããšã«æ³šæããŠãã ããã - ãããã¯ãŒã¯ ãã¯ãããžãšãããã¯ãŒã¯ ã»ãã¥ãªãã£: ãã®ãããã¯ã®åé¡æ°ã¯è©Šéšã§æåã«åºé¡ããããšæããŸãã OSI ã¢ãã«ããã®ãããã³ã«ãŸãã¯ãã®ãããã³ã«ãã©ã®ã¬ãã«ã§åäœãããããããã¯ãŒã¯ã®ã»ã°ã¡ã³ããŒã·ã§ã³ã«é¢ããå€ãã®è³ªåããããã¯ãŒã¯æ»æã«é¢ããç¶æ³ã«å¿ãã質åãæ»æã®çš®é¡ãå€æããããã®ææ¡ãå«ãæ¥ç¶ãã°ã®äŸãã¹ã€ããæ§æã®äŸãªã©ããããããã¹ãŠãå«ãŸããŸããè匱ãªæ§æã決å®ããããã®ææ¡ããããã¯ãŒã¯ ãããã³ã«ã®è匱æ§ã«é¢ãã質åãç£æ¥çšéä¿¡ãããã³ã«ã®ãããã¯ãŒã¯æ¥ç¶ã®è©³çŽ°ã«é¢ãã質åã ç¹ã« ModBus ã«ã€ããŠãã質åãããŸãã åã ModBus ã®ãããã¯ãŒã¯ ãã±ããã®æ§é ã¯ãããã€ã¹ããµããŒãããã¿ã€ããšããŒãžã§ã³ã«å¿ããŠç°ãªããŸãã ZigBeeãWireless HART ãªã©ã®ã¯ã€ã€ã¬ã¹ ãããã¯ãŒã¯ã«å¯Ÿããæ»æããã㊠802.1x ãã¡ããªå šäœã®ãããã¯ãŒã¯ ã»ãã¥ãªãã£ã«é¢ããåçŽãªçåã«å€ãã®æ³šæãæãããŠããŸãã ããã»ã¹å¶åŸ¡ã·ã¹ãã ãããã¯ãŒã¯ã«ç¹å®ã®ãµãŒããŒãé 眮ããããã®ã«ãŒã«ã«é¢ãã質åããããŸã (ããã§ã¯ãIEC-62443 èŠæ Œãèªã¿ãããã»ã¹å¶åŸ¡ã·ã¹ãã ãããã¯ãŒã¯ã®åç §ã¢ãã«ã®åçãç解ããå¿ èŠããããŸã)ã Purdue ã¢ãã«ã«ã€ããŠã®è³ªåããããŸãã
- éé»ã·ã¹ãã ããã³ãã®æ å ±ã»ãã¥ãªã㣠ã·ã¹ãã ã®éçšã®æ©èœçç¹åŸŽã«ã®ã¿é¢é£ããåé¡ã®ã«ããŽãªã ç±³åœã§ã¯ããã®ã«ããŽãªã®èªåããã»ã¹å¶åŸ¡ã·ã¹ãã ã¯ãã¯ãŒã°ãªãããšåŒã°ããå¥ã®åœ¹å²ãå²ãåœãŠãããŠããŸãã ãã®ç®çã®ããã«ããã®åéã®æ å ±ã»ãã¥ãªã㣠ã·ã¹ãã ãäœæããã¢ãããŒããèŠå¶ããå¥ã®èŠæ Œ (NIST 800.82) ãçºè¡ãããŠããŸãã ç§ãã¡ã®åœã§ã¯ãã»ãšãã©ã®å Žåããã®åé㯠ASKUE ã·ã¹ãã ã«éå®ãããŠããŸã (é é»ããã³é éã·ã¹ãã ãç£èŠããããã®ããæ¬æ Œçãªã¢ãããŒããèŠã人ããããèšæ£ããŠãã ãã)ã ãã®ãããè©Šéšã§ã¯ãã¯ãŒã°ãªããã«é¢é£ããéåžžã«å ·äœçãªè³ªåãåºé¡ãããŸãã ã»ãšãã©ã®å Žåããããã¯çºé»æã§éçºãããç¹å®ã®ç¶æ³ã®ãŠãŒã¹ã±ãŒã¹ã§ããããç¹ã«é»å網ã§äœ¿çšãããããã€ã¹ã«é¢ãã調æ»ãè¡ãããå ŽåããããŸãã ãã®ã«ããŽãªã®ã·ã¹ãã ã«é¢ãã NIST ã»ã¯ã·ã§ã³ã®ç¥èã«å¯ŸåŠãã質åããããŸãã
- æšæºã®ç¥èã«é¢ãã質å: NIST 800-82ãNERCãIEC62443ã ããã§ã¯ç¹å¥ãªã³ã¡ã³ãã¯ãªããšæããŸããèŠæ Œã«å«ãŸããå 容ãšæšå¥šäºé ãæ åœããèŠæ Œã®ã»ã¯ã·ã§ã³ãããã²ãŒãããå¿ èŠããããŸãã ããšãã°ãã·ã¹ãã ã®æ©èœããã§ãã¯ããé »åºŠãæé ãæŽæ°ããé »åºŠãªã©ãå ·äœçãªè³ªåããããŸãã ãã®ãããªè³ªåã®å²åãšããŠã¯ã質åã®ç·æ°ã®æ倧 15% ãçºçããå¯èœæ§ããããŸãã ããããããã¯ç¶æ³ã«ãããŸãã ããšãã°ãXNUMX ã€ã®æš¡æ¬ãã¹ãã§ã¯ã䌌ããããªåé¡ã¯ XNUMX ã€ãããããŸããã§ããã ã§ãè©Šéšäžã¯æ¬åœã«å€ãã£ãã§ãã
- æåŸã®ã«ããŽãªã®è³ªåã¯ãããããçš®é¡ã®ãŠãŒã¹ã±ãŒã¹ãšç¶æ³ã«å¿ãã質åã§ãã
äžè¬ã«ãCTF NetWars ãé€ããŠããã¬ãŒãã³ã°èªäœã¯ãæœåšçã«æ°ããç¥èãç²åŸãããšããç¹ã§ç§ã«ãšã£ãŠããŸãæçã§ã¯ãããŸããã§ããã ããããç¹ã«æè¡æ å ±ã®éä¿¡ã«äœ¿çšãããç¡ç·ãããã¯ãŒã¯ã®çµç¹ãšä¿è·ã®åéã§ãããã€ãã®ãããã¯ã®ãã詳现ãªè©³çŽ°ãåŸããããŸãããã®ãããã¯ã«ç¹åããå€åœèŠæ Œã®æ§é ã«é¢ããããçµç¹åãããè³æãåŸãããŸããã ãããã£ãŠãããã»ã¹å¶åŸ¡ã·ã¹ãã /èšè£ ã·ã¹ãã ãŸãã¯ç£æ¥çšãããã¯ãŒã¯ã«é¢ããååãªç¥èãšçµéšãæã€ãšã³ãžãã¢ãå°é家ã®å Žåã¯ããã¬ãŒãã³ã°ã®ç¯çŽãæ€èšã (ç¯çŽããã®ã¯çã«ããªã£ãŠããŸã)ãæºåãæŽããŠèªå®è©Šéšã®åéšã«ããã«åãçµãããšãã§ããŸããã¡ãªã¿ã«ã700USDã®äŸ¡å€ããããŸãã 倱æããå Žåã¯å床æéãæ¯æãå¿ èŠããããŸãã è©Šéšãåããããèªå®ã»ã³ã¿ãŒã¯ãããããããŸãããéèŠãªã®ã¯äºåã«ç³è«ããããšã§ãã äžè¬ã«ãè©Šéšæ¥ãããã«èšå®ããããšããå§ãããŸããããããªããšãæºåããã»ã¹ãä»ã®éèŠãªåé¡ããå®å šã«éèŠã§ã¯ãªãåé¡ã«çœ®ãæããŠãåžžã«è©Šéšæ¥ãé ãããããšã«ãªãããã§ãã ãããŠãå ·äœçãªç· ãåãæ¥ãèšå®ãããšãããæ°ãçãŸããŸãã
åºæïŒ habr.com