Molweni nonke! I-portal ethandwayo yomntu wonke yayinamanqaku amaninzi awohlukeneyo kwisatifikethi kwicandelo lokhuseleko lolwazi, ke andizukubanga imvelaphi kunye nokwahluka komxholo, kodwa ndingathanda ukwabelana ngamava am okufumana i-GIAC (iNkampani yeGlobal Information Assurance) isiqinisekiso kwishishini le-cybersecurity. Ukususela ekuveleni kwamagama amabi njengoko , , Shamoon, Triton, imarike yokubonelela ngeenkonzo zeengcali ezibonakala ngathi ziyi-IT, kodwa ziyakwazi ukulayisha ngaphezulu i-PLCs ngokubhala kwakhona ukucwangciswa kweeleli, kwaye ngexesha elifanayo isityalo asinakunqandwa, saqala ukwenza.
Yile ndlela ingcamango ye-IT & OT (iTekhnoloji yoLwazi kunye neTekhnoloji yokuSebenza) yeza kwihlabathi.
Kwangoko ngokulandelayo (kucacile ukuba abasebenzi abangaqeqeshwanga kufuneka bangavunyelwa ukuba basebenze) kwafika imfuneko yokuqinisekisa iingcali kwinkalo enxulumene nokuqinisekisa ukhuseleko lweenkqubo zolawulo lwenkqubo kunye neenkqubo zoshishino - apho, kuvela, kukho ezininzi kubo kubomi bethu, ukusuka kwivalve yokubonelela ngamanzi ngokuzenzekelayo kwigumbi ukuya kwindlela yokulawula iinqwelomoya (khumbula inqaku eligqwesileyo malunga nokuphanda iingxaki ). Kwaye, njengoko kwavela ngokukhawuleza, izixhobo zonyango ezinzima.
Ingoma emfutshane malunga nendlela endifike ngayo kwisidingo sokufumana isatifikethi (ungasitsiba): Ukugqiba ngempumelelo izifundo zam kwiFakhalthi yoKhuseleko loLwazi ekupheleni kweminyaka yoo-XNUMX, ndangena kuluhlu lweegusha zesixhobo ngentloko yam. ibambe phezulu, isebenza njengomatshini kwiinkqubo ze-alam zokhuseleko lwangoku. Kubonakala ngathi ukhuseleko lolwazi luxelelwe kum kwishishini ngelo xesha :) Yile ndlela umsebenzi wam njengengcali yenkqubo yolawulo oluzenzekelayo kunye nesidanga se-bachelor kukhuseleko lolwazi waqala. Kwiminyaka emithandathu kamva, emva kokuba ndinyukele kwisikhundla sokuba yintloko yesebe leenkqubo zeSCADA, ndemka ndaya kusebenza njengomcebisi wezokhuseleko kwiinkqubo zolawulo lwemizi-mveliso kwinkampani yangaphandle ethengisa isoftware nezixhobo. Kulapho kwavela khona imfuneko yokuba yingcali yokhuseleko eqinisekisiweyo.
luphuhliso umbutho oqhuba uqeqesho kunye nokuqinisekiswa kweengcali zokhuseleko lolwazi. Isidima sesatifikethi se-GIAC siphezulu kakhulu phakathi kweengcali kunye nabathengi kwi-EMEA, US, kunye neemarike zaseAsia Pacific. Apha, kwindawo ye-post-Soviet kunye nakumazwe e-CIS, isatifikethi esinjalo sinokucelwa kuphela kwiinkampani zangaphandle kunye nezoshishino kumazwe ethu, ii-arhente zamazwe ngamazwe kunye nee-consulting. Ngokomntu, andizange ndihlangabezane nesicelo sesiqinisekiso esinjalo kwiinkampani zasekhaya. Wonke umntu ngokusisiseko ucela i-CISSP. Olu luluvo lwam oluzimeleyo kwaye ukuba nabani na wabelana ngamava abo kumazwana, kuya kuba mnandi ukwazi.
Kukho iindawo ezimbalwa ezahlukeneyo kwi-SANS (ngokombono wam, kutshanje abafana baye bandisa inani labo kakhulu), kodwa kukho iikhosi ezinomdla kakhulu. Ndandiyithanda kakhulu . Kodwa ibali liya kuba malunga nekhosi kunye nesatifikethi esibizwa ngokuba: .
Kuzo zonke iintlobo zezatifikethi ze-Industrial Cyber ββββSecurity ezibonelelwa yi-SANS, le yeyona nto ikhoyo kwihlabathi liphela. Ekubeni eyesibini inxulumene ngakumbi kwiinkqubo zeGridi yaMandla, apho eNtshona ifumana ingqalelo ekhethekileyo kwaye iyinxalenye yenkqubo eyahlukileyo. Kwaye okwesithathu (ngexesha lendlela yam yesatifikethi) enxulumene neMpendulo yesiganeko.
Ikhosi ayibizi, kodwa ibonelela ngolwazi olubanzi lwe-IT&OT. Kuya kuba luncedo ngakumbi kumaqabane agqibe ekubeni atshintshe intsimi yawo, umzekelo, ukusuka kukhuseleko lwe-IT kwishishini lebhanki ukuya kwi-Industrial Cyber ββββSecurity. Ekubeni ndandisele ndinemvelaphi kwinkalo yolawulo lweenkqubo, izixhobo zokusebenza kunye neteknoloji yokusebenza, kwakungekho nto intsha okanye ibaluleke kakhulu kum kule khosi.
Ikhosi ine-50% yethiyori kunye ne-50% yokuziqhelanisa. Ukusuka ekusebenzeni, olona khuphiswano lunomdla yayiyiNetWars. Kwiintsuku ezimbini, emva kwekhosi ephambili yeeklasi, bonke abafundi bazo zonke iiklasi bahlulahlulwe ngamaqela kwaye benza imisebenzi yokufumana amalungelo okufikelela, ukukhupha ulwazi oluyimfuneko, ukufikelela kwinethiwekhi, iqela lemisebenzi yokukhuthaza i-hashes, ukusebenza kunye ne-Wireshark. kunye nazo zonke iintlobo zezinto ezahlukeneyo.
Izinto zokufunda zishwankathelwa ngohlobo lweencwadi, othi emva koko uzifumane ukuze uzisebenzise ngokusisigxina. Ngendlela, unokuzithatha kwiimviwo, ekubeni ifomathi i-Open Book, kodwa abayi kukunceda kakhulu, ekubeni uviwo luneeyure ezi-3, imibuzo ye-115, kunye nolwimi lokunikezelwa kwesiNgesi. Ngexesha leeyure ezi-3 zizonke, unokuthatha ikhefu lemizuzu eli-15. Kodwa khumbula ukuba ngokuthatha ikhefu le-15 imizuzu kwaye ubuyele kwiimvavanyo emva kwe-5, unikezela nje imizuzu elishumi eseleyo, kuba awusayi kuphinda umise ixesha kwinkqubo yokuvavanya. Ungatsiba ukuya kutsho kwimibuzo eli-15, eya kuthi emva koko ivele ekupheleni.
Ngokomntu, andikucebisi ukushiya imibuzo emininzi kamva, kuba iiyure ze-3 ngokwenene azikho ixesha elaneleyo, kwaye xa ekugqibeleni unemibuzo engekasonjululwa, kukho amathuba aphezulu okungakwazi ukwenza. ngexesha. Ndiye ndemka emva kwemibuzo emithathu kuphela eyayinzima kum, kuba yayinxulumene nolwazi lwe-NIST 800.82 kunye ne-NERC standard. Ngokwengqondo, imibuzo enjalo "emva kwexesha" ibetha i-nerve yakho ekupheleni - xa ingqondo yakho idiniwe, ufuna ukuya kwindlu yangasese, i-timer esikrinini ibonakala ikhawuleza ngokukhawuleza.
Ngokubanzi, ukuze uphumelele uvavanyo kufuneka ufumane iimpendulo ezichanekileyo ezingama-71%. Ngaphambi kokuthatha uviwo, uya kuba nethuba lokuziqhelanisa novavanyo lokwenene - njengoko ixabiso libandakanya iimvavanyo ze-2 zemibuzo ye-115 kunye neemeko ezifana noviwo lokwenene.
Ndincoma ukuthatha uviwo kwinyanga emva kokugqiba uqeqesho, ndichithe le nyanga ngokuzifundela ngokucwangcisiweyo kule miba oziva ungaqinisekanga ngayo. Kuya kuba kuhle ukuba uthatha izinto eziprintiweyo ezifunyenwe ngexesha lekhosi, ezibukeka njengezicatshulwa ezimfutshane kwisihloko ngasinye - kwaye ngenjongo yokukhangela ulwazi kwizihloko eziqulethwe kwezi ncwadi. Yahlula inyanga ibe ngamacandelo amabini, uthatha iimvavanyo zokuziqhelanisa kwaye ufumane umfanekiso onzima wokuba zeziphi iindawo owomeleleyo kunye nalapho kufuneka uphucule khona.
Ndingathanda ukuqaqambisa le mimandla iphambili ilandelayo eyenza uviwo ngokwalo (hayi ikhosi yoqeqesho, kuba igubungela izihloko ezibanzi ngakumbi):
- Ukhuseleko loMzimba: Njengezinye iimviwo zesatifikethi, lo mba unikwa ingqwalasela enkulu kwi-GICSP. Kukho imibuzo malunga neentlobo zokutshixa ngokwasemzimbeni kwiingcango, iimeko ezinobuqhetseba bokupasa kwe-elektroniki zichazwe, apho kufuneka unike impendulo yokuchonga ingxaki ngokungathandabuzekiyo. Kukho imibuzo enxulumene ngqo nokhuseleko lwethekhinoloji (inkqubo), ngokuxhomekeke kummandla wesifundo - iinkqubo ze-oyile negesi, oomatshini bamandla enyukliya okanye iigridi zamandla. Umzekelo, kunokubakho umbuzo onje: Ukumisela ukuba luhlobo luni lolawulo lokhuseleko lomzimba oluyimeko xa i-Alarm ivela kwi-sensor yobushushu be-steam kwi-HMI? Okanye umbuzo onje: Yiyiphi imeko (isiganeko) eya kusebenza njengesizathu sokuhlalutya ukurekhoda kwevidiyo kwiikhamera zokujonga inkqubo yokhuseleko lwe-perimeter yesibonelelo?
Ngokwemiqathango yepesenti, ndiya kuqaphela ukuba inani lemibuzo kweli candelo kuviwo lwam kunye neemvavanyo practice alidlulanga 5%.
- Enye kunye nenye yeendidi ezixhaphake kakhulu zemibuzo yimibuzo kwiinkqubo zokulawula inkqubo, i-PLC, i-SCADA: apha kuya kufuneka ukuba usondele ngokucwangcisiweyo kwisifundo sezinto eziphathekayo malunga nendlela iinkqubo zokulawula inkqubo ezakhiwe ngayo, ukusuka kuluvo ukuya kwiiseva apho isofthiwe yesicelo ngokwayo. iyabaleka. Inani elaneleyo lemibuzo liya kufumaneka kwiindidi zeeprothokholi zokudlulisa idatha yezoshishino (i-ModBus, i-RTU, i-Profibus, i-HART, njl.). Kuya kuba nemibuzo malunga nendlela i-RTU ehluke ngayo kwi-PLC, indlela yokukhusela idatha kwi-PLC ekuguqulweni ngumhlaseli, apho iindawo zememori i-PLC igcina idatha, kwaye apho ingqiqo ngokwayo igcinwa khona (inkqubo ebhaliweyo yinkqubo yokulawula inkqubo ). Umzekelo, kusenokubakho umbuzo wolu hlobo: Nika impendulo kwindlela onokulubhaqa ngayo uhlaselo phakathi kwe-PLC kunye ne-HMI esebenza kusetyenziswa i-modBus protocol?
Kuya kubakho imibuzo malunga nomahluko phakathi kwe-SCADA kunye neenkqubo ze-DCS. Inani elikhulu lemibuzo kwimithetho yokwahlula amanethiwekhi olawulo lwenkqubo ezenzekelayo kwinqanaba le-L1, i-L2 ukusuka kwinqanaba le-L3 (ndiya kuchaza ngokubanzi kwicandelo elinemibuzo kwinethiwekhi). Imibuzo yemeko kwesi sihloko nayo iya kuhluka kakhulu - ichaza imeko kwigumbi lokulawula kwaye kufuneka ukhethe izenzo ezimele zenziwe ngumqhubi wenkqubo okanye i-dispatcher.
Ngokubanzi, eli candelo lelona lithe ngqo kwaye limxinwa-iprofayile. Ifuna ukuba ube nolwazi oluhle:
- inkqubo yokulawula ngokuzenzekelayo, inxalenye yentsimi (i-sensors, iintlobo zokudibanisa izixhobo, iimpawu ezibonakalayo zeenzwa, i-PLC, i-RTU);
- Iinkqubo zokuvala ngokukhawuleza (i-ESD - inkqubo yokuvala ngokukhawuleza) yeenkqubo kunye nezinto (ngendlela, kukho uluhlu oluhle kakhulu lwamanqaku kwesi sihloko kuHabrΓ© ukusuka )
- ukuqonda okusisiseko kweenkqubo ezibonakalayo ezenzekayo, umzekelo, ekucoceni ioli, ukuveliswa kombane, imibhobho, njl.;
- ukuqonda koyilo lwe-DCS kunye neenkqubo ze-SCADA;
Ndiya kuqaphela ukuba imibuzo yolu hlobo ingenzeka ukuya kuthi ga kwi-25% kuyo yonke imibuzo eyi-115 yoviwo. - Itekhnoloji yenethiwekhi kunye nokhuseleko lwenethiwekhi: Ndicinga ukuba inani lemibuzo kwesi sihloko liza kuqala kuviwo. Kuya kubakho ngokuqinisekileyo yonke into - imodeli ye-OSI, ngawaphi amanqanaba le nto okanye le protocol isebenza, imibuzo emininzi kwi-segmentation yenethiwekhi, imibuzo yemeko ekuhlaselweni kwenethiwekhi, imizekelo yezigodo zoqhagamshelwano kunye nesiphakamiso sokumisela uhlobo lohlaselo, imizekelo yoqwalaselo lokutshintsha. kunye nesindululo ukumisela uqwalaselo olusemngciphekweni, imibuzo kwiiprothokholi womnatha vulnerabilities, imibuzo kwiinkcukacha zothungelwano unxibelelwano lweprothokholi yonxibelelwano lwezoshishino. Abantu ngakumbi babuza okuninzi malunga neModBus. Ubume beepakethi zenethiwekhi zeModBus efanayo, kuxhomekeke kuhlobo lwayo kunye neenguqulelo ezixhaswa sisixhobo. Ingqwalasela eninzi ihlawulwa kuhlaselo kwiinethiwekhi ezingenazingcingo - iZigBee, i-HART engenazingcingo, kunye nemibuzo ngokulula malunga nokhuseleko lwenethiwekhi yosapho lonke lwe-802.1x. Kuya kuba nemibuzo malunga nemigaqo yokubeka iiseva ezithile kwinkqubo yolawulo lwenkqubo yothungelwano (apha kufuneka ufunde umgangatho we-IEC-62443 kwaye uqonde imigaqo yereferensi yeemodeli zenkqubo yokulawula iinkqubo zothungelwano). Kuya kubakho imibuzo malunga nemodeli yePurdue.
- Uluhlu lwemiba ehambelana ngokukodwa kwiimpawu ezisebenzayo zokusebenza kweenkqubo zokuhambisa umbane kunye neenkqubo zokhuseleko lolwazi kubo. E-USA, olu luhlu lweenkqubo ezizenzekelayo zokulawula iinkqubo zibizwa ngokuba yiGridi yaMandla kwaye inikwe indima eyahlukileyo. Ngenxa yale njongo, imigangatho eyahlukileyo ide yakhutshwa (NIST 800.82) elawula indlela yokudala iinkqubo zokhuseleko lolwazi kweli candelo. Kumazwe ethu, ubukhulu becala, eli candelo lilinganiselwe kwiinkqubo ze-ASKUE (ndilungise ukuba kukho nabani na obone indlela enzulu yokubeka esweni ukuhanjiswa kombane kunye neenkqubo zokuhanjiswa kombane). Ke, kuviwo uya kufumana imibuzo ethile enxulumene neGridi yaMandla. Ubukhulu becala, ezi ibiziimeko zokusetyenziswa kwimeko ethile eye yaphuhliswa kwi-Power Plant, kodwa kusenokubakho uphando kwizixhobo ezisetyenziswa ngokukodwa kwiGridi yoMbane. Kuya kubakho imibuzo ejongene nolwazi lwamacandelo e-NIST kolu didi lweenkqubo.
- Imibuzo enxulumene nolwazi lwemigangatho: NIST 800-82, NERC, IEC62443. Ndicinga ukuba apha ngaphandle kwamazwana akhethekileyo - kufuneka uhambe kumacandelo emigangatho, ejongene nokuba yintoni kunye neziphi iingcebiso eziqulethwe. Kukho imibuzo ethile, umzekelo, ukubuza ukuphindaphinda kokujonga ukusebenza kwenkqubo, ukuphindaphinda kokuhlaziya inkqubo, njl. Njengepesenti yemibuzo enjalo, ukuya kuthi ga kwi-15% yenani lilonke lemibuzo ekunokufunyanwa kuyo. Kodwa kuxhomekeke. Umzekelo, kwiimvavanyo ezimbini zokuziqhelanisa ndadibana nesibini semibuzo efanayo. Kodwa ngokwenene babebaninzi ngexesha loviwo.
- Ewe, udidi lokugqibela lwemibuzo luzo zonke iintlobo zokusebenzisa iimeko kunye nemibuzo yemeko.
Ngokubanzi, uqeqesho ngokwalo, ngaphandle kwe-CTF NetWars enokwenzeka, belungenalwazi kum ngokumalunga nokufumana ulwazi olutsha olunokubakho. Kunoko, iinkcukacha ezinzulu zezinye izihloko zafunyanwa, ngakumbi kwintsimi yombutho kunye nokukhuselwa kweenethiwekhi zerediyo ezisetyenziselwa ukuhambisa ulwazi lwezobuchwepheshe, kunye nezinto ezicwangcisiweyo ngakumbi kwisakhiwo semigangatho yangaphandle enikezelwe kwesi sihloko. Ngoko ke, kwiinjineli kunye neengcali ezinolwazi olwaneleyo kunye namava okusebenza kunye neenkqubo zokulawula inkqubo / iinkqubo zezixhobo okanye i-Industrial Networks, unokucinga malunga nokonga kuqeqesho (kunye nokugcina ingqiqo), uzilungiselele kwaye uhambe ngokuthe tye ukuthatha uvavanyo lwesatifikethi, oluya kuthi . , ngendlela, ixabisa i-700USD. Kwimeko yokusilela, kuya kufuneka uhlawule kwakhona. Kukho ininzi yamaziko esiqinisekiso aya kukwamkela kuviwo, eyona nto iphambili kukufaka isicelo kwangaphambili. Ngokubanzi, ndincoma ukuseta umhla weemviwo kwangoko, kuba kungenjalo uya kulibazisa, utshintshe inkqubo yokulungiselela kunye neminye imiba ebalulekileyo kwaye ayibalulekanga ngokupheleleyo. Kwaye ukuba nomhla obekiweyo obekiweyo kuya kukwenza uzikhuthaze.
umthombo: www.habr.com