Sanibonani nonke! Ingosi eyintandokazi yawo wonke umuntu yayinezihloko eziningi ezihlukene zesitifiketi emkhakheni wokuphepha kolwazi, ngakho-ke ngeke ngifune ubuqobo kanye nokuhluka kokuqukethwe, kodwa ngisangathanda ngempela ukwabelana ngolwazi lwami lokuthola i-GIAC (Global Information Assurance Company) isitifiketi emkhakheni we-industrial cybersecurity. Kusukela ukubonakala kwamagama asabekayo njengalokhu , , Shamoon, Triton, imakethe yokuhlinzekwa kwezinsizakalo zochwepheshe ababonakala be-IT, kodwa futhi bangakwazi ukulayisha ngokweqile ama-PLC ngokubhala kabusha ukucushwa ezitebhisini, futhi ngesikhathi esifanayo isitshalo asikwazi ukumiswa, saqala ukwakha.
Wafika kanjena ke umqondo we-IT&OT (Information Technology & Operation Technology) emhlabeni.
Ngokushesha ngokulandelayo (kusobala ukuthi abasebenzi abangaqeqeshiwe akufanele bavunyelwe ukusebenza) kwafika isidingo sokuqinisekisa ochwepheshe emkhakheni ohlobene nokuqinisekisa ukuphepha kwezinhlelo zokulawula inqubo kanye nezinhlelo zezimboni - okuvela kuzo, kuningi kubo ezimpilweni zethu, kusukela ku-valve yokuhlinzeka ngamanzi okuzenzakalelayo efulethini kuya ohlelweni lwezindiza zezindiza (khumbula isihloko esihle kakhulu mayelana nokuphenya izinkinga ). Futhi ngisho, njengoba kungazelelwe, imishini yezokwelapha eyinkimbinkimbi.
Ingoma emfushane mayelana nokuthi ngafika kanjani esidingweni sokuthola isitifiketi (ungaseqa): Ngemva kokuphothula ngempumelelo izifundo zami e-Faculty of Information Security ekupheleni kweminyaka yama-XNUMXs, ngangena ezinhlwini zezimvu zezinsimbi ngekhanda lami. ibambe phezulu, isebenza njengomakhenikha wamasistimu e-alamu yokuphepha yamanje. Kubonakala sengathi ukuphepha kolwazi ngatshelwa kimi ebhizinisini ngaleso sikhathi :) Waqala kanje umsebenzi wami wokuba uchwepheshe wesistimu yokulawula eneziqu ze-bachelor's in information security. Eminyakeni eyisithupha kamuva, njengoba ngikhuphukele esikhundleni sokuba yinhloko yomnyango wezinhlelo ze-SCADA, ngashiya ngiyosebenza njengomeluleki wezokuphepha wezinhlelo zokulawula izimboni enkampanini yangaphandle edayisa isofthiwe nemishini. Kulapho kwavela khona isidingo sokuba uchwepheshe oqinisekisiwe wokuphepha kolwazi.
kuyintuthuko inhlangano eqhuba ukuqeqeshwa kanye nezitifiketi zochwepheshe bezokuphepha kolwazi. Idumela lesitifiketi se-GIAC liphezulu kakhulu phakathi kochwepheshe namakhasimende ezimakethe ze-EMEA, US, kanye ne-Asia Pacific. Lapha, endaweni ye-post-Soviet nasemazweni e-CIS, isitifiketi esinjalo singacelwa kuphela izinkampani zakwamanye amazwe ezinebhizinisi emazweni ethu, izinhlangano zamazwe ngamazwe kanye nezokubonisana. Ngokwami, angikaze ngihlangabezane nesicelo sesitifiketi esinjalo esivela ezinkampanini zasekhaya. Wonke umuntu empeleni ucela i-CISSP. Lona umbono wami we-subjective futhi uma noma ubani abelana ngolwazi lwakhe kumazwana, kuzojabulisa ukwazi.
Kunezindawo ezimbalwa ezihlukene ku-SANS (ngombono wami, muva nje abafana bandise inani labo kakhulu), kodwa kukhona nezifundo ezisebenzayo ezithakazelisa kakhulu. Ngayithanda ngokukhethekile . Kodwa indaba izoba ngesifundo nesitifiketi esibizwa ngokuthi: .
Kuzo zonke izinhlobo zezitifiketi ze-Industrial Cyber ββββSecurity ezinikezwa ngabakwa-SANS, lokhu kutholakala emhlabeni wonke. Njengoba eyesibili ihlobene kakhulu nezinhlelo ze-Power Grid, eNtshonalanga ithola ukunakwa okukhethekile futhi iyingxenye yezinhlelo ezihlukene. Futhi okwesithathu (ngesikhathi sendlela yami yesitifiketi) ehlobene Nempendulo Yesigameko.
Isifundo asishibhile, kepha sinikeza ulwazi olubanzi lwe-IT&OT. Kuzoba usizo ikakhulukazi kumaqabane athathe isinqumo sokushintsha insimu yawo, ngokwesibonelo ukusuka kwezokuphepha kwe-IT embonini yamabhange kuya ku-Industrial Cyber ββββSecurity. Njengoba ngase ngivele nginesizinda emkhakheni wezinhlelo zokulawula inqubo, i-instrumentation kanye nobuchwepheshe bokusebenza, kwakungekho okusha noma okubaluleke kakhulu kimina kulesi sifundo.
Isifundo siqukethe 50% ithiyori kanye 50% practice. Kusukela ekuziqeqesheni, umncintiswano owawuthakazelisa kakhulu kwakuyi-NetWars. Izinsuku ezimbili, ngemva kwesifundo esiyinhloko samakilasi, bonke abafundi bawo wonke amakilasi bahlukaniswa ngamaqembu futhi benza imisebenzi ukuze bathole amalungelo okufinyelela, bakhiphe ulwazi oludingekayo, bathole ukufinyelela kunethiwekhi, inqwaba yemisebenzi yokuthuthukisa ama-hashes, ukusebenza ne-Wireshark. kanye nazo zonke izinhlobo zezinto ezihlukahlukene.
Izinto zesifundo zifinyezwa njengezincwadi, ozitholayo ukuze uzisebenzise unomphela. Ngendlela, ungabayisa ukuhlolwa, njengoba ifomethi i-Open Book, kodwa ngeke ikusize kakhulu, njengoba ukuhlolwa kunamahora angu-3, ββimibuzo engu-115, futhi ulimi lokulethwa yisiNgisi. Kuwo wonke amahora ama-3, ungathatha ikhefu imizuzu eyi-15. Kodwa khumbula ukuthi ngokuthatha ikhefu imizuzu engu-15 bese ubuyela ezivivinyweni ngemva kwemi-5, uvele uyeke imizuzu eyishumi esele, njengoba ungeke usakwazi ukumisa isikhathi ohlelweni lokuhlola. Ungeqa imibuzo efika kweyi-15, ezovela ekugcineni.
Ngokwami, angikukhuthazi ukushiya imibuzo eminingi kamuva, ngoba amahora we-3 empeleni awanele, futhi lapho ekugcineni unemibuzo engakaxazululwa, kunethuba elikhulu lokungakwazi ukukwenza. ngesikhathi. Ngashiya kamuva imibuzo emithathu kuphela eyayinzima ngempela kimi, njengoba yayihlobene nolwazi lwezinga le-NIST 800.82 kanye ne-NERC. Ngokwengqondo, imibuzo enjalo "okwakamuva" ithinta izinzwa zakho ekugcineni - lapho ubuchopho bakho bukhathele, ufuna ukuya endlini yangasese, i-timer esikrinini ibonakala isheshisa kakhulu.
Ngokuvamile, ukuze uphumelele isivivinyo udinga ukuthola izimpendulo ezilungile ezingama-71%. Ngaphambi kokuthatha izivivinyo, uzoba nethuba lokuzilolonga ezivivinyweni zangempela - njengoba intengo ihlanganisa izivivinyo zokuzijwayeza ezi-2 zemibuzo eyi-115 kanye nezimo ezifana nokuhlolwa kwangempela.
Ngincoma ukuthatha ukuhlolwa inyanga ngemva kokuqeda ukuqeqeshwa, ukuchitha le nyanga ngokuzifundela okuhlelekile ngalezo zinkinga ozizwa ungaqiniseki ngazo. Kungaba kuhle uma uthatha izinto eziphrintiwe ezitholwe phakathi nezifundo, ezibukeka njengezifushaniso ezimfushane esihlokweni ngasinye - futhi ufune ngamabomu ulwazi ngezihloko eziqukethwe kulezi zincwadi. Hlukanisa inyanga ibe izingxenye ezimbili, wenze izivivinyo zokuzilolonga futhi uthole isithombe esinzima sokuthi yiziphi izindawo oqine kuzo nokuthi udinga ukuzithuthukisa kuphi.
Ngingathanda ukugqamisa lezi zindawo ezibalulekile ezilandelayo ezakha isivivinyo ngokwaso (hhayi isifundo sokuqeqesha, njengoba sihlanganisa izihloko ezibanzi kakhulu):
- Ukuphepha Komzimba: Njengezinye izivivinyo zesitifiketi, lolu daba lunakwa kakhulu ku-GICSP. Kunemibuzo mayelana nezinhlobo zokukhiya ngokomzimba eminyango, izimo ezinokukhwabanisa kwamaphasi e-elekthronikhi zichazwe, lapho udinga ukunikeza impendulo ukuze ukhombe inkinga. Kunemibuzo ehlobene ngqo nokuphepha kobuchwepheshe (inqubo), kuye ngendawo okukhulunywa ngayo - izinqubo zikawoyela negesi, izimboni zamandla enuzi noma amagridi kagesi. Isibonelo, kungase kube nombuzo ofana nokuthi: Thola ukuthi hlobo luni lokulawula ukuphepha komzimba okuyisimo lapho i-alamu iphuma kunzwa yezinga lokushisa lesitimu ku-HMI? Noma umbuzo onjengokuthi: Isiphi isimo (umcimbi) esizosebenza njengesizathu sokuhlaziya okurekhodiwe kwevidiyo kusuka kumakhamera okuqapha wesistimu yokuphepha ye-perimeter yesikhungo?
Ngokwemibandela yamaphesenti, ngizoqaphela ukuthi inani lemibuzo kulesi sigaba ekuhlolweni kwami ββnasekuhlolweni kokusebenza alidlulanga u-5%.
- Esinye nesinye sezigaba ezivame kakhulu zemibuzo imibuzo mayelana nezinhlelo zokulawula inqubo, i-PLC, i-SCADA: lapha kuzodingeka ukuthi usondele ngokuhlelekile ekutadisheni izinto zokwakha ukuthi izinhlelo zokulawula inqubo zakhiwe kanjani, kusukela kuzinzwa kuya kumaseva lapho isofthiwe yesicelo ngokwayo. uyagijima. Inombolo eyanele yemibuzo izotholakala ezinhlotsheni zezivumelwano zokudluliswa kwedatha yezimboni (ModBus, RTU, Profibus, HART, njll.). Kuzoba nemibuzo mayelana nokuthi i-RTU ihluke kanjani ku-PLC, indlela yokuvikela idatha ku-PLC ekuguqulweni ngumhlaseli, lapho izindawo zememori i-PLC igcina khona idatha, nalapho i-logic ngokwayo igcinwa khona (uhlelo olubhalwe ngumhleli wesistimu yokulawula inqubo. ). Isibonelo, kungase kube nombuzo walolu hlobo: Nikeza impendulo yokuthi ungakuthola kanjani ukuhlasela phakathi kwe-PLC ne-HMI esebenzisa iphrothokholi ye-ModBus?
Kuzoba nemibuzo mayelana nomehluko phakathi kwezinhlelo ze-SCADA ne-DCS. Inombolo enkulu yemibuzo emithethweni yokuhlukanisa amanethiwekhi okulawula inqubo okuzenzakalelayo ezingeni le-L1, L2 kusukela ezingeni le-L3 (ngizochaza ngokuningiliziwe esigabeni esinemibuzo kunethiwekhi). Imibuzo yesimo kulesi sihloko izophinde ihluke kakhulu - ichaza isimo ekamelweni lokulawula futhi udinga ukukhetha izenzo okufanele zenziwe yi-opharetha yenqubo noma i-dispatcher.
Ngokuvamile, lesi sigaba sichaza ngokucacile futhi siwumngcingo. Kudinga ukuthi ube nolwazi oluhle:
- Isistimu yokulawula ezenzakalelayo, ingxenye yensimu (izinzwa, izinhlobo zokuxhunywa kwedivayisi, izici ezibonakalayo zezinzwa, i-PLC, i-RTU);
- izinhlelo zokuvala izimo eziphuthumayo (i-ESD - uhlelo lokuvala ucingo oluphuthumayo) lwezinqubo nezinto (ngendlela, kukhona uchungechunge oluhle kakhulu lwezihloko ngalesi sihloko ku-HabrΓ© kusuka )
- ukuqonda okuyisisekelo kwezinqubo ezibonakalayo ezenzekayo, isibonelo, ekucwengeni uwoyela, ukukhiqizwa kukagesi, amapayipi, njll.;
- ukuqonda kwezakhiwo ze-DCS kanye nezinhlelo ze-SCADA;
Ngingaqaphela ukuthi imibuzo yalolu hlobo ingenzeka ifike ku-25% kuyo yonke imibuzo eyi-115 yokuhlolwa. - Ubuchwepheshe benethiwekhi nokuphepha kwenethiwekhi: Ngicabanga ukuthi inombolo yemibuzo kulesi sihloko iza kuqala ekuhlolweni. Cishe kuzoba khona konke ngokuphelele - imodeli ye-OSI, kumaphi amazinga lokhu noma lelo phrothokholi lisebenza, imibuzo eminingi ngokuhlukaniswa kwenethiwekhi, imibuzo yesimo ekuhlaselweni kwenethiwekhi, izibonelo zamalogi wokuxhumana anesiphakamiso sokunquma uhlobo lokuhlasela, izibonelo zokucushwa koshintsho. ngesiphakamiso sokunquma ukucushwa okusengozini, imibuzo mayelana nezivumelwano zenethiwekhi yokuba sengozini, imibuzo mayelana nemininingwane yokuxhumana kwenethiwekhi yezivumelwano zokuxhumana zezimboni. Abantu ikakhulukazi babuza okuningi nge-ModBus. Isakhiwo samaphakethe enethiwekhi ye-ModBus efanayo, kuye ngohlobo lwayo nezinguqulo ezisekelwa idivayisi. Ukunaka okuningi kukhokhwa ekuhlaselweni kwamanethiwekhi angenawaya - i-ZigBee, i-Wireless HART, imibuzo nje mayelana nokuphepha kwenethiwekhi yawo wonke umndeni we-802.1x. Kuzoba nemibuzo mayelana nemithetho yokubeka amaseva athile kunethiwekhi yesistimu yokulawula inqubo (lapha udinga ukufunda izinga le-IEC-62443 futhi uqonde imigomo yamamodeli ereferensi yamanethiwekhi wezinhlelo zokulawula inqubo). Kuzoba nemibuzo mayelana nemodeli ye-Purdue.
- Isigaba sezinkinga esihlobene ngokukhethekile nezici zokusebenza zokusebenza kwamasistimu okudluliswa kukagesi kanye nezinhlelo zokuphepha zolwazi zazo. E-USA, lesi sigaba sezinhlelo zokulawula inqubo ezizenzakalelayo sibizwa ngeGridi Yamandla futhi sinikezwe indima ehlukile. Ngale njongo, amazinga ahlukene akhishwa ngisho (NIST 800.82) alawula indlela yokudala amasistimu okuvikela ulwazi kulo mkhakha. Emazweni ethu, ingxenye enkulu, lo mkhakha ukhawulelwe ezinhlelweni ze-ASKUE (ungilungise uma kukhona obone indlela ebaluleke kakhulu yokuqapha ukusatshalaliswa kukagesi kanye nezinhlelo zokulethwa). Ngakho-ke, ekuhlolweni uzothola imibuzo eqondile ehlobene ne-Power Grid. Ngokwengxenye enkulu, lezi kwakuyizimo zokusebenzisa isimo esithile esakheka Esikhungweni Samandla, kodwa kungase futhi kube nezinhlolovo kumadivayisi asetshenziswa ngokuqondile kuGridi Yamandla. Kuzoba nemibuzo ekhuluma ngolwazi lwezigaba ze-NIST zalesi sigaba samasistimu.
- Imibuzo ehlobene nolwazi lwamazinga: NIST 800-82, NERC, IEC62443. Ngicabanga lapha ngaphandle kokuphawula okukhethekile - udinga ukuzulazula ezigabeni zezindinganiso, ezibhekene nalokho nokuthi yiziphi izincomo ezikuqukethe. Kukhona imibuzo ethile, isibonelo, ukubuza imvamisa yokuhlola ukusebenza kwesistimu, imvamisa yokubuyekeza inqubo, njll. Njengephesenti lemibuzo enjalo, kufika ku-15% yenani eliphelele lemibuzo okungahlangatshezwana nalo. Kodwa kuya ngokuthi. Isibonelo, ezivivinyweni ezimbili zokuzijwayeza ngathola imibuzo embalwa efanayo. Kodwa babebaningi ngempela ngesikhathi sokuhlolwa.
- Hhayi-ke, isigaba sokugcina semibuzo siyizo zonke izinhlobo zokusebenzisa kanye nemibuzo yesimo.
Sekukonke, ukuqeqeshwa ngokwako, ngaphandle kwe-CTF NetWars, akuzange kungifundise kakhulu mayelana nokuthola ulwazi olusha okungenzeka lube nalo. Kunalokho, kwatholwa imininingwane ejulile yezinye izihloko, ikakhulukazi emkhakheni wokuhlelwa nokuvikelwa kwamanethiwekhi omsakazo asetshenziselwa ukudlulisa ulwazi lobuchwepheshe, kanye nezinto ezihleleke kakhudlwana ngesakhiwo samazinga angaphandle anikelwe kulesi sihloko. Ngakho-ke, konjiniyela nochwepheshe abanolwazi olwanele kanye nesipiliyoni sokusebenza nezinqubo zokulawula izinhlelo/izinhlelo zezinsimbi noma ama-Industrial Networks, ungacabanga ngokonga ekuqeqeshweni (futhi ukonga kunengqondo), uzilungiselele futhi uqonde ngqo ukuyothatha izivivinyo zesitifiketi, okuyinto Kodwa-ke, ibiza i-700USD. Uma kwenzeka wehluleka, kuzodingeka ukhokhe futhi. Kunenqwaba yezikhungo zezitifiketi ezizokwamukela ukuthi uhlolwe; into esemqoka ukufaka isicelo kusenesikhathi. Ngokuvamile, ngincoma ukubeka usuku lokuhlolwa ngaso leso sikhathi, ngoba uma kungenjalo uzolibambezela njalo, ushintsha inqubo yokulungiselela ngezinye izinto ezibalulekile futhi ezingabalulekile ngokuphelele. Futhi ukuba nedethi eqondile yomnqamulajuqu kuzokukwenza uzikhuthaze.
Source: www.habr.com