IEC 62443ã·ãªãŒãºã®èŠæ ŒïŒãµã€ããŒæ»æããã€ã³ãã©ã¹ãã©ã¯ãã£ãä¿è·ããæ¹æ³
Thought Leadership
IEC 62443ã·ãªãŒãºã®èŠæ ŒïŒãµã€ããŒæ»æããã€ã³ãã©ã¹ãã©ã¯ãã£ãä¿è·ããæ¹æ³
æŠèŠ
IEC 62443ã·ãªãŒãºã®èŠæ Œã¯ããµã€ããŒã»ãã¥ãªãã£äžã®ã¬ãžãªãšã³ã¹ã確ç«ããéèŠãªã€ã³ãã©ã¹ãã©ã¯ãã£ãšããžã¿ã«ã»ãã¡ã¯ããªãä¿è·ããããã«èšèšãããäžé£ã®ãããã³ã«ã§æ§æãããŠããŸããããã®èšäºã§ã¯ããã®èŠæ Œã®åºæ¬çãªæ ¹æ ãšå©ç¹ã«ã€ããŠè§£èª¬ããŸãããã®å é²çãªèŠæ Œã¯åºç¯ãªã»ãã¥ãªãã£å±€ãæäŸããŸããã蚌æååŸã«ããã£ãŠã®èª²é¡ãããã€ãçããŠããŸããããã§ã¯ãç£æ¥çšèªåå¶åŸ¡ã·ã¹ãã ïŒIACSïŒã³ã³ããŒãã³ãã®èšŒæååŸãšããç®æšã®å®çŸã«äžå¯æ¬ ãªæ¯æŽããã»ãã¥ãªãã£ICãã©ã®ããã«ããŠæäŸããã®ãã説æããŸãã
ã¯ããã«
ãŸããŸãå·§åŠåãããµã€ããŒæ»æã®å¯èœæ§ãå¢å€§ããŠããã«ããããããããããŸã§ã®IACSãžã®ã»ãã¥ãªãã£å¯Ÿçã®å°å ¥ã¯é ã ãããã®ã§ããããã®åå ã®1ã€ã¯ããããã®ã·ã¹ãã ã®èšèšè ãéçšè ãäŸæ ãã¹ãå ±éã®åºæºããªãã£ãããšã§ããIEC 62443ã·ãªãŒãºã®èŠæ Œã¯ãããå®å šãªç£æ¥ã€ã³ãã©ã¹ãã©ã¯ãã£ãžã®éãéããã®ã§ããããããããŸãå©çšããã«ã¯äŒæ¥ããã®è€éãªå å®¹ãæŽçããŠææ¡ãããããã®èŠæ Œã«äŒŽãæ°ããªèª²é¡ãçè§£ããå¿ èŠããããŸãã
ãªã¹ã¯ã«ãããããç£æ¥ã·ã¹ãã
æ°Žéã廿°ŽåŠçãé»åç¶²ãªã©ã®éèŠã€ã³ãã©ã¹ãã©ã¯ãã£ã®ããžã¿ã«åã«ãã£ãŠããããã®ã·ã¹ãã ãžã®ã¢ã¯ã»ã¹ãäžæãããªãããšãæ¯æ¥ã®ç掻ã«ãšã£ãŠäžå¯æ¬ ã«ãªããŸããããããããµã€ããŒæ»æã¯äŸç¶ãšããŠãããã®ã·ã¹ãã ãæ··ä¹±ãããèŠå ã®1ã€ãšãªã£ãŠãããããããã®æ°ã¯ä»åŸãå¢ãããšäºæ³ãããŠããŸã1ã
ã€ã³ãã¹ããª4.0ã¯ãé«åºŠãªãããã¯ãŒã¯ã«æ¥ç¶ããã倿°ã®ã»ã³ãµãŒãã¢ã¯ãã¥ãšãŒã¿ãã²ãŒããŠã§ã€ãã¢ã°ãªã²ãŒã¿ãå¿ èŠãšããŸãããããã¯ãŒã¯ãžã®æ¥ç¶ãå¢ããã°ãµã€ããŒã¢ã¿ãã¯ã«ãããªã¹ã¯ã®å¯èœæ§ãå¢ãããããŸã§ä»¥äžã«ã»ãã¥ãªãã£å¯ŸçãéèŠã«ãªã£ãŠããŸããç±³åœãµã€ããŒã»ãã¥ãªãã£ã»ç€ŸäŒåºç€å®å šä¿éåºïŒCISAïŒã®ãããªçµç¹ã®èšçœ®ã¯ããµã€ããŒæ»æããéèŠã€ã³ãã©ã¹ãã©ã¯ãã£ãä¿è·ãããã®ã¬ãžãªãšã³ã¹ã確ç«ããããšã®éèŠæ§ã瀺ããã®ã§ãããšå ±ã«ããããã®æŽ»åãžã®å®éã®åãçµã¿ã瀺ããã®ã§ããããŸã2ã
ãªãIEC 62443ãªã®ã
2010幎ã«StuxnetãåºçŸããããšã«ãã£ãŠç£æ¥çšã€ã³ãã©ã¹ãã©ã¯ãã£ã®è匱æ§ãé²åããŸãã3ãStuxnetã¯ãé æ¹ããIACSãžã®æ»æãæåãããããããšã瀺ããäžçåã®ãµã€ããŒæ»æã§ããããã®åŸã«ç¶ããæ»æã«ãããç¹å®ã¿ã€ãã®æ©åšãæšçã«ã§ãããªã¢ãŒãæ»æãéããŠãç£æ¥çšã€ã³ãã©ã¹ãã©ã¯ãã£ã«å®³ãåãŒãããšãã§ãããšããèªèã確ç«ãããŸããã
æ¿åºæ©é¢ãå ¬å ±ãµãŒãã¹ãIACSã®ãŠãŒã¶ãšè£ 眮ã¡ãŒã«ãŒã¯ãIACSãä¿è·ããå¿ èŠãããããšãããã«çè§£ããŸãããçµæãšããŠãæ¿åºæ©é¢ããŠãŒã¶ã¯çµç¹çãªå¯Ÿçãã»ãã¥ãªãã£ã®æ¹éãèªç¶ã«åŠã³ãè£ çœ®ã¡ãŒã«ãŒã¯ããŒããŠã§ã¢ããœãããŠã§ã¢ã«ãã察å¿çãç ç©¶ããŸããããããã以äžã®ãããªçç±ããã»ãã¥ãªãã£å¯Ÿçã¯é ããŠããŸããã
- ã€ã³ãã©ã¹ãã©ã¯ãã£ãè€éã§ããããš
- é¢ä¿è ã®èå³ãšé¢å¿ãããããç°ãªã£ãŠããããš
- å®è£ ãšäœ¿çšå¯èœãªãªãã·ã§ã³ãå€å²ã«ããã£ãŠããããš
- 枬å®å¯èœãªç®æšããªãã£ãããš
èŠããã«é¢ä¿è ã¯ãç®æšãšãã¹ãé©åãªã¬ãã«ã®ã»ãã¥ãªãã£ãèšãæãããšä¿è·æ©èœãšã³ã¹ããæ éã«ãã©ã³ã¹ãããã»ãã¥ãªãã£ãšãããã®ãææ§ãªç¶æ ã«çŽé¢ããŠããã®ã§ãã
åœéèšæž¬å¶åŸ¡åŠäŒïŒInternational Society for Automation: ISAïŒã¯ãISA99ã€ãã·ã¢ããã®äžã§å ±éã®åºæºãå®ããããã«ãã¯ãŒãã³ã°ã»ã°ã«ãŒããçºè¶³ãããŸãããæçµçã«ã¯ããããIEC 62443ã·ãªãŒãºã®èŠæ Œã®çºè¡šã«ã€ãªãããŸããçŸåšããã®äžé£ã®èŠæ Œã¯ãå³1ã«ç€ºãããã«4ã€ã®ã¬ãã«ãšã«ããŽãªã«ãŸãšããããŠããŸããIEC 62443èŠæ Œã®ç¯å²ã¯éåžžã«å€å²ã«ããã£ãŠãããçµç¹ãšããŠã®æ¹éãæé ããªã¹ã¯ã»ã¢ã»ã¹ã¡ã³ããããŒããŠã§ã¢ããã³ãœãããŠã§ã¢ã»ã³ã³ããŒãã³ãã®ã»ãã¥ãªãã£ãªã©ã®é ç®ãå å«ããŠããŸãããã®åºç¯ãªèŠæ Œã®ç¯å²ã«ãã£ãŠããã®å 容ãå®éã®çŸç¶ã«åãããããçŸç¶ãå 容ã«åæ ããããããããšãå¯èœã«ãªã£ãŠããŸããå ããŠISAã¯ãIACSã«é¢ãããã¹ãŠã®é¢ä¿è ã®æ§ã ãªèå³ã«å¯ŸåŠããéã«ãå æ¬çãªã¢ãããŒããæ¡çšããŸãããäžè¬ã«ãã»ãã¥ãªãã£äžã®é¢å¿ã¯é¢ä¿è ããšã«ç°ãªããŸããäŸãã°ãIPã®ççšã«ã€ããŠèããå ŽåãIACSéçšè ãèå³ãå¯ããã®ã¯è£œé å·¥çšã®ä¿è·ã ãšæããŸãããæ©åšã¡ãŒã«ãŒã®èå³ã®å¯Ÿè±¡ã¯äººå·¥ç¥èœïŒAIïŒã¢ã«ãŽãªãºã ããªããŒã¹ã»ãšã³ãžãã¢ãªã³ã°ããä¿è·ããããšãããããŸããã
ãŸããIACSã¯æ¬æ¥è€éãªãã®ãªã®ã§ãã»ãã¥ãªãã£ã«é¢ããããããèŠçŽ ãèæ ®ããããšãäžå¯æ¬ ã§ããã»ãã¥ãªãã£æ©åšãæé ãæ¹éã«å¯Ÿå¿ããŠããªãå Žåã¯ãæé ãæ¹éã ããã£ãŠãäžååã§ãããé«ãã»ãã¥ãªãã£æ©èœãåããã³ã³ããŒãã³ãã§ãã£ãŠãããã®å®å šãªäœ¿çšæ³ãæé ã«ãã£ãŠé©åã«å®ããããŠããªããã°ç¡é§ã«ãªã£ãŠããŸããŸãã
å³2ã®ã°ã©ãã¯ãISAã®èšŒæãéããŠIEC 62443èŠæ Œæ¡çšã®å€åã瀺ãããã®ã§ããäºæ³éããç£æ¥çã®äž»èŠé¢ä¿è ã«ãã£ãŠå®ããããèŠæ Œã¯ãã»ãã¥ãªãã£å¯Ÿçã®å®è£ ãå éããŸããã
å³2ãISAèšŒææ°ã®å€å4
IEC 62443é©å蚌æã®ååŸïŒè€éãªèª²é¡
IEC 62443ã¯éåžžã«ç¯å²ã®åºã广çãªèŠæ Œã§ãããåæã«ãã®è€éãã«å§åãããŠããŸããããããããŸãããã®éã¯ã»ãŒ1000ããŒãžã«åã³ãŸãããµã€ããŒã»ãã¥ãªãã£ã»ãããã³ã«ãæç¢ºã«çè§£ããã®ã¯åŠç¿æ²ç·ãé¢ä¿ããŠãããããªäœæ¥ã§ãå°éçšèªã身ã«çãã以äžã®ããšãæ±ããããŸããIEC 62443å ã®åã»ã¯ã·ã§ã³ã«ç€ºãæŠå¿µã¯çžäºã«äŸåãåããã®ãªã®ã§ïŒå³3ãåç §ïŒããããã®ã»ã¯ã·ã§ã³ã¯å šäœã®äžã®äžéšãšããŠæããå¿ èŠããããŸãã
äŸãã°ãIEC 62443-4-2ã«åŸã£ãŠIACSå šäœã察象ãšãããªã¹ã¯ã»ã¢ã»ã¹ã¡ã³ããè¡ãå¿ èŠãããããã®çµæã¯æ©åšã®ç®æšã»ãã¥ãªãã£ã»ã¬ãã«ã決å®ããæ¡ä»¶ãšãªããŸã5ã
IEC 62443ã«æºæ ããæ©åšã®èšèš
æãé«ãã»ãã¥ãªãã£ã»ã¬ãã«ã«ã¯ããŒããŠã§ã¢å®è£ ãå¿ èŠ
IEC 62443ã¯ãå³4ã«ç€ºãããã«åãããããèšèã§ã»ãã¥ãªãã£ã»ã¬ãã«ãå®çŸ©ããŠããŸãã
IEC 62443-2-1ã¯ãã»ãã¥ãªãã£ã»ãªã¹ã¯ã»ã¢ã»ã¹ã¡ã³ãã矩åä»ããŠããŸãããã®ããã»ã¹ã®çµæãšããŠãåã³ã³ããŒãã³ãã«ã¯ç®æšã»ãã¥ãªãã£ã»ã¬ãã«ïŒSL-TïŒãå²ãåœãŠãããŸãã
å³1ãšå³3ã«ç€ºãããã«ãèŠæ Œã®ããã€ãã®éšåãããã»ã¹ãšæé ã«ã€ããŠå®ããŠããäžæ¹ã§ãIEC 62443-4-1ãšIEC 62443-4-2ã¯ã³ã³ããŒãã³ãã®ã»ãã¥ãªãã£ã«ã€ããŠå®ããŠããŸããIEC 62443-4-2ã«ããã³ã³ããŒãã³ãã»ã¿ã€ãã¯ããœãããŠã§ã¢ã»ã¢ããªã±ãŒã·ã§ã³ããã¹ãã»ããã€ã¹ãçµèŸŒã¿ããã€ã¹ãããã³ãããã¯ãŒã¯ã»ããã€ã¹ã§ããIEC 62443-4-2ã¯ãããããã®ã³ã³ããŒãã³ãã»ã¿ã€ãã«å¯Ÿãã該åœããã³ã³ããŒãã³ãèŠæ±äºé ïŒCRïŒãšåŒ·åèŠæ±äºé ïŒREïŒã«åºã¥ããŠæ©èœã»ãã¥ãªãã£ã»ã¬ãã«ïŒSL-CïŒãå®ããŠããŸãã衚1ã«ãSL-AãSL-CãSL-Tã®æŠèŠãšçžäºã®é¢ä¿ã瀺ããŸãã
ç®æšã»ãã¥ãªãã£ã»ã¬ãã« | æ©èœã»ãã¥ãªãã£ã»ã¬ãã« | éæã»ãã¥ãªãã£ã»ã¬ãã« | |
ç¥å· | (SL-T) | (SL-C) | (SL-A) |
å®çŸ© | ã·ã¹ãã ã»ã¬ãã«ã®ãªã¹ã¯ã»ã¢ã»ã¹ã¡ã³ãã«åŸã£ãŠæ©åšãéæãã¹ãã»ãã¥ãªãã£ã»ã¬ãã« | IEC 62443-4-2ã«åºã¥ããŠæ©åšããµããŒãããCRã«åŸã£ãŠæ©åšãéæãåŸãã»ãã¥ãªãã£ã»ã¬ãã« | æ©åšãéæããã»ãã¥ãªãã£ã»ã¬ãã« |
ç®æš | SL-T ⥠ãªã¹ã¯ã»ã¢ã»ã¹ã¡ã³ãã«ããæ±ºå®ãããã¬ãã« | SL-C ⥠SL-T | SL-A ⥠SL-T |
ãããã¯ãŒã¯ã«æ¥ç¶ãããããã°ã©ããã«ã»ããžãã¯ã»ã³ã³ãããŒã©ïŒPLCïŒã®äŸãèŠãŠã¿ãŸãããããããã¯ãŒã¯ã»ã»ãã¥ãªãã£ã確ä¿ããã«ã¯ãPLCãæ»æã®å ¥å£ãšãªããªãããã«PLCãèªèšŒããå¿ èŠããããŸããããç¥ãããŠããã®ã¯å ¬ééµããŒã¹ã®èªèšŒã§ããIEC 62443-4-2ã«ã¯æ¬¡ã®ããã«èŠå®ãããŠããŸãã
- ã¬ãã«1ã¯å ¬é鵿å·ãèæ ®ããŠããŸããã
- ã¬ãã«2ã«ã¯ãèšŒææžã®çœ²åã«ãã確èªãªã©ã®äžè¬çã«æ¡çšãããŠããããã»ã¹ãå¿ èŠã§ãã
- ã¬ãã«3ãš4ã§ã¯ãèªèšŒããã»ã¹ã«äœ¿çšãããã©ã€ããŒãéµã®ããŒããŠã§ã¢ä¿è·ãå¿ èŠã§ãã
ã»ãã¥ãªãã£ã»ã¬ãã«2ããã¯ãç§å¯éµãŸãã¯ãã©ã€ããŒãéµã䜿çšããæå·ã«åºã¥ãã¡ã«ããºã ãå«ãå€ãã®ã»ãã¥ãªãã£æ©èœãå¿ èŠã§ããã»ãã¥ãªãã£ã»ã¬ãã«3ãš4ã§ã¯ãå€ãã®å Žåãã»ãã¥ãªãã£æ©èœãŸãã¯æå·æ©èœãããŒããŠã§ã¢ããŒã¹ã§ä¿è·ããå¿ èŠããããŸãããã®å Žåãç£æ¥çšã³ã³ããŒãã³ãèšèšè ã¯ãã¿ãŒã³ããŒåã»ãã¥ãªãã£ICãå©çšããŠã以äžã®ãããªå¿ é ã¡ã«ããºã ãåã蟌ãããšãã§ããŸãã
- å®å šãªéµä¿ç®¡
- ãµã€ãã»ãã£ã³ãã«æ»æããã®ä¿è·
- 以äžã®ãããªæ©èœãåŠçããã³ãã³ã
- ã¡ãã»ãŒãžã®æå·å
- ããžã¿ã«çœ²åã®èšç®
- ããžã¿ã«çœ²åã®ç¢ºèª
ãããã®ã¿ãŒã³ããŒåã»ãã¥ãªãã£ICã¯ãIACSã³ã³ããŒãã³ãã®éçºè ãè€éãªã»ãã¥ãªãã£ã»ããªããã£ãèšèšã«ãªãœãŒã¹ãè²»ãããªããŠãæžãããã«ããŸããã»ãã¥ãªãã£ICã䜿çšãããã1ã€ã®å©ç¹ã¯ãæ±çšã®æ©èœãšå°çšã®ã»ãã¥ãªãã£æ©èœãèªç¶ã«åé¢ã§ãããšããæ¬è³ªçãªé·æãããããšã§ããã»ãã¥ãªãã£ãã·ã¹ãã å šäœã«åæ£ããŠããã®ã§ã¯ãªãã1ã€ã®èŠçŽ ã«éäžããŠããå Žåã¯ãã»ãã¥ãªãã£æ©èœã®åŒ·ã¿ãè©äŸ¡ãããããªããŸããæŽã«ãã®æ©èœã®åé¢ã«ã¯ãã³ã³ããŒãã³ãã®ãœãããŠã§ã¢ãŸãã¯ããŒããŠã§ã¢ã倿ŽããåŸãã»ãã¥ãªãã£æ©èœã®ç¢ºèªãç¶æã§ãããšããå©ç¹ããããŸããã¢ããã°ã¬ãŒããè¡ã£ãŠãããã¹ãŠã®ã»ãã¥ãªãã£æ©èœãè©äŸ¡ãçŽãå¿ èŠã¯ãããŸããã
æŽã«ãã»ãã¥ãªãã£ICãã³ããŒã¯ãPCBã¬ãã«ãã·ã¹ãã ã»ã¬ãã«ã§ã¯ã¢ã¯ã»ã¹ã§ããªããæ¥µããŠåŒ·åãªä¿è·ææ³ãå®è£ ããããšãã§ããŸããããã¯ã極ããŠå·§åŠãªæ»æã«å¯ŸããŠãæé«ã¬ãã«ã®èæ§ãå®çŸã§ãã匷ååã®EEPROMããã©ãã·ã¥ã»ã¡ã¢ãªããããã¯ç©çè€è£œå°é£é¢æ°ïŒPUFïŒãªã©ã®ã±ãŒã¹ã§ããç·åçã«èŠããšãã»ãã¥ãªãã£ICã¯ã·ã¹ãã ã»ã»ãã¥ãªãã£ã確ç«ããããã®åŒ·åãªåºç€ãšãªããŸãã
ãšããžã®ã»ãã¥ãªãã£ç¢ºä¿
ã€ã³ãã¹ããª4.0ãå®çŸãããšããããšã¯ãããããå Žæã§ããããæã«æ€åºãè¡ãããšãæå³ããŸãããããã£ãŠãããå€ãã®ãšããžã»ããã€ã¹ãå±éããå¿ èŠããããŸããIACSãšããžã»ããã€ã¹ã«ã¯ãã»ã³ãµãŒãã¢ã¯ãã¥ãšãŒã¿ãããããã»ã¢ãŒã ãPLCãšãã®I/Oã¢ãžã¥ãŒã«ãªã©ãå«ãŸããŸããåãšããžã»ããã€ã¹ã¯é«åºŠã«ãããã¯ãŒã¯åãããã€ã³ãã©ã¹ãã©ã¯ãã£ã«æ¥ç¶ãããã®ã§ãæ»æã®æœåšçãªå ¥å£ãšãªããŸããæ»æè¡šé¢ã¯ããã€ã¹æ°ã«æ¯äŸããŠåºãããŸãããããã ãã«æ¢ãŸããã倿§ãªããã€ã¹ã®çµã¿åããã¯æ¬è³ªçã«æ»æãã¯ãã«ã®çš®é¡ãæ¡å€§ããŸããã¢ããªã®ã»ãã¥ãªãã£ããã³äŸµå ¥ãã¹ãã»ãã³ããŒã§ããSEWORKSã®CTOãåããYaniv Kartaæ°ã¯ããæ¢åã®ãã©ãããã©ãŒã ã«ã¯å©çšå¯èœãªæ»æãã¯ãã«ã倿°ååšãããšã³ããã€ã³ãããšããžã»ããã€ã¹ãè åšã«ãããããããšãå€ããªãããšèªã£ãŠããŸããäžäŸãšããŠãè€éãªIACSã§ã¯ããã¹ãŠã®ã»ã³ãµãŒãåããã³ããŒã®ãã®ãšã¯éããããã€ã¯ãã³ã³ãããŒã©ããªãã¬ãŒãã£ã³ã°ã»ã·ã¹ãã ããããã¯éä¿¡ã¹ã¿ãã¯ã«é¢ããã¢ãŒããã¯ãã£ãå ±éããŠããããã§ããããŸããããŸããããããã®ã¢ãŒããã¯ãã£ãåºæã®åŒ±ç¹ãæ±ããŠããå¯èœæ§ããããŸããMITRE ATT&CKããŒã¿ããŒã¹6ãICS-CERTã¢ããã€ã¶ãª7ã瀺ãããã«ãçµæãšããŠIACSã«ã¯è匱æ§ãèç©ãããããã«ãã£ãŠè åšã«ãããããããšã«ãªããŸãã
æŽã«ãããå€ãã®ã€ã³ããªãžã§ã³ã¹æ©èœããšããžã«çµã¿èŸŒããšããç£æ¥çšã¢ãã®ã€ã³ã¿ãŒãããïŒIIoTïŒã®ãã¬ã³ã8ã«ãã£ãŠãã·ã¹ãã çãªæ±ºå®ãèªåŸçã«äžãããããªããã€ã¹ãéçºãããããã«ãªã£ãŠããŸãããããã£ãŠããããã®æ±ºå®ãå®å šãã·ã¹ãã ã®åäœããã®ä»ã«ãšã£ãŠéåžžã«éèŠã§ãããšããããšãèžãŸãããšãããã€ã¹ã®ããŒããŠã§ã¢ãšãœãããŠã§ã¢ãä¿¡é Œã§ãããã®ã«ããããšãæŽã«éèŠã«ãªããŸããå ããŠãããã€ã¹éçºè ã®R&D IPæè³ãççšããä¿è·ããããšïŒäŸãã°AIã¢ã«ãŽãªãºã ã«é¢ãããã®ãªã©ïŒã¯äŸå€ãªãèæ ®ãã¹ãäºé ã§ãããããã¯ãã¿ãŒã³ããŒåã»ãã¥ãªãã£ICããµããŒãã§ããä¿è·ææ®µãå°å ¥ãããšããæ±ºå®ã®äž»èŠãªåæ©ãšãªãåŸãŸãã
ãã1ã€ã®éèŠãªãã€ã³ãã¯ãäžååãªãµã€ããŒã»ãã¥ãªãã£ã¯æ©èœå®å šã«æªåœ±é¿ãåãŒããšããããšã§ããæ©èœå®å šãšãµã€ããŒã»ãã¥ãªãã£ã®é¢ä¿ã¯è€éã§ãããããã«ã€ããŠè«ããããšãããšå¥éèšäºãæžããªããã°ãªããªããããã§ããããšãããã以äžã®ç¹ã匷調ããŠããããšãã§ããŸãã
- IEC 61508ïŒé»æ°åŒïŒé»ååŒïŒããã°ã©ããã«é»ååŒã®å®å šé¢é£ã·ã¹ãã ã®æ©èœå®å šã«ã¯ãIEC 62443ã«åºã¥ããµã€ããŒã»ãã¥ãªãã£ã»ãªã¹ã¯ã®åæãäžå¯æ¬ ã§ãã
- IEC 61508ã¯äž»ãšããŠãã¶ãŒããšãªã¹ã¯ã®åæã«çŠç¹ãåœãŠãŠããããµã€ããŒã»ãã¥ãªãã£ã«é¢ããäºè±¡ãæ·±å»ãªãã®ã§ãã£ãå Žåã¯ããã®éœåºŠã»ãã¥ãªãã£ã«å¯Ÿããè åšã®åæãšè匱æ§ã®åæãäºåŸã«è¡ããã矩åä»ããŠããŸãã
äžã«æããIACSãšããžã»ããã€ã¹ã¯çµèŸŒã¿ã·ã¹ãã ã§ããIEC 62443-4-2ã¯ãæªæããã³ãŒãããã®ä¿è·ã¡ã«ããºã ãå®å šãªãã¡ãŒã ãŠã§ã¢ã»ã¢ããããŒããç©ççã¿ã³ããªã³ã°ã®é²æ¢ãšæ€åºãä¿¡é Œã®åºç¹ã®ããããžã§ãã³ã°ãããŒãã»ããã»ã¹ã®å®å šæ§ãªã©ã®ã·ã¹ãã ã«ã€ããŠãå ·äœçãªèŠæ±äºé ãå®ããŠããŸãã
ADIã®ã»ãã¥ã¢ã»ãªãŒã»ã³ãã£ã±ãŒã¿ã«ããIEC 62443ã®ç®æšãéæ
ã¢ããã°ã»ããã€ã»ãºã®ã»ãã¥ã¢ã»ãªãŒã»ã³ãã£ã±ãŒã¿ã¯ã»ãã¥ã¢ã»ãšã¬ã¡ã³ããšãåŒã°ããå®è£ ã®å®¹æããšè¯å¥œãªã³ã¹ãå¹çã念é ã«ããããã®èŠæ±ãæºãããããã«èšèšãããŠããŸãããã¹ãã»ããã»ããµã«å¿ èŠãªãã¹ãŠã®ãœãããŠã§ã¢ã»ã¹ã¿ãã¯ãåããåºå®æ©èœICããã¿ãŒã³ããŒã»ãœãªã¥ãŒã·ã§ã³ã§ãã
çµæãšããŠã»ãã¥ãªãã£ã®å®è£ ã¯ã¢ããã°ã»ããã€ã»ãºã«å§èšãã圢ãšãªããã³ã³ããŒãã³ãã®èšèšè ã¯æ¬æ¥ã®æ¥åã«éäžããããšãã§ããŸããã»ãã¥ã¢ã»ãªãŒã»ã³ãã£ã±ãŒã¿ã¯æ¬è³ªçã«ä¿¡é Œã®åºç¹ã§ãããã«ãŒãéµãç§å¯æ å ±ããããŠãã¡ãŒã ãŠã§ã¢ã»ããã·ã¥ãªã©ã®è£ çœ®ç¶æ ã瀺ãèŠæ³šæããŒã¿ããå®å šãã€æ¹ããã§ããªã圢ã§ä¿åããŸãããããã®ãªãŒã»ã³ãã£ã±ãŒã¿ã¯ãèªèšŒãæå·ãã»ãã¥ã¢ã»ããŒã¿ã»ã¹ãã¬ãŒãžãã©ã€ããµã€ã¯ã«ç®¡çãã»ãã¥ã¢ã»ããŒãïŒã¢ããããŒããå«ããåºç¯ãªæå·æ©èœã®ã»ãããåããŠããŸãã
ChipDNAâ¢ã®ç©çè€è£œå°é£é¢æ°ïŒPUFïŒæè¡ã¯ãåŸæ¥ã®ããã«ãã©ãã·ã¥ãEEPROMã«æå·éµãä¿åããã®ã§ã¯ãªãããŠã§ãŒãã®è£œé éçšã§èªç¶ã«çºçããç¡äœçºã®å€åãå©çšããŠæå·éµãäœæããŸããå©çšããããã®å€åã¯ããããããªãã®ãªã®ã§ããããã®ãªããŒã¹ã»ãšã³ãžãã¢ãªã³ã°ã«äœ¿ãããæ¥µããŠé«äŸ¡ãã€é«åºŠãªäŸµå ¥æè¡ïŒèµ°æ»åé»åé¡åŸ®é¡ãåæã€ãªã³ã»ããŒã ããã€ã¯ããããŒãã³ã°ãªã©ïŒã§ããéµãåãåºãããšã¯ã§ããŸãããéç©å路以å€ã§ãã®ã¬ãã«ã®æµæãå®çŸã§ããæè¡ã¯ãããŸããã
ã»ãã¥ã¢ã»ãªãŒã»ã³ãã£ã±ãŒã¿ã¯ãèšŒææžããã³èšŒææžãã§ãŒã³ã管çããããšãã§ããŸã9ã
å ããŠãã¢ããã°ã»ããã€ã»ãºã¯éåžžã«å®å šæ§ã®é«ãéµãšèšŒææžã®äºåããã°ã©ãã³ã°ã»ãµãŒãã¹ãå·¥å Žã§æäŸããŠããã®ã§ãåèšã¡ãŒã«ãŒïŒOEMïŒã¯ããããžã§ãã³ã°æžã¿ã®ããã€ã¹ãåãåã£ãŠããããèªç€Ÿã®å ¬ééµã€ã³ãã©ã¹ãã©ã¯ãã£ïŒPKIïŒã«ã·ãŒã ã¬ã¹ã«çµã¿èŸŒãã ãããªãã©ã€ã³PKIãã€ããŒãã«ãããããããšãã§ããŸããé«ãä¿¡é Œæ§ãåãããã®æå·æ©èœã¯ãå®å šãªãã¡ãŒã ãŠã§ã¢ã»ã¢ããããŒããšããŒããå¯èœã«ããŸãã
ã»ãã¥ã¢ã»ãªãŒã»ã³ãã£ã±ãŒã¿ã¯æ¢åã®èšèšã«é«åºŠãªã»ãã¥ãªãã£ã远å ããã®ã«æé©ã®ãªãã·ã§ã³ã§ããBOMã³ã¹ããäœãæããªãããã»ãã¥ãªãã£ç¢ºä¿ãç®çãšããããã€ã¹ã®ã¢ãŒããã¯ãã£å€æŽã«å¿ èŠãªR&Dã®è² æ ã軜æžããŸããäŸãã°ãã¡ã€ã³ã®ãã€ã¯ãã³ã³ãããŒã©ã倿Žããå¿ èŠã¯ãããŸãããäžäŸãæãããšãDS28S60ããã³MAXQ1065ã»ãã¥ã¢ã»ãªãŒã»ã³ãã£ã±ãŒã¿ã¯ãå³5ã«ç€ºãããã«ãIEC 62443-4-2ã®ãã¹ãŠã®ã¬ãã«ã®èŠæ±ã«å¯Ÿå¿ããŠããŸãã
DS28S60ãšMAXQ1065ã¯3mm à 3mmã®TDFNããã±ãŒãžã䜿çšããŠããã®ã§ãã¹ããŒã¹ã®å¶çŽãå³ããèšèšã«é©ããŠããŸãããŸããæ¶è²»é»åãå°ãªãã®ã§ãæ¶è²»é»åãå³ããå¶éããããšããžã»ããã€ã¹ã«ãæé©ã§ãã
ããã€ã¹æ©èœ | DS28S60/MAXQ1065 |
ããã€ã¹æ©èœ | â40°Cïœ+105°C |
ãã¹ãã»ã€ã³ã¿ãŒãã§ãŒã¹ | SPIïŒI2Cã¯éçºäžïŒ |
黿ºé»å§ | 1.62Vïœ3.63V |
æå€§ã¢ã¯ãã£ã黿µ | 3 mA |
ã¢ã€ãã«é»æµïŒä»£è¡šå€ã25ºCïŒ | 0.4 mA |
ãã¯ãŒããŠã³é»æµïŒ25ºCïŒ | 100 nA |
IEC 62443-4-2ã®èŠæ±ã«å¯Ÿå¿ããã»ãã¥ãªãã£æ©èœãåãããã€ã¯ãã³ã³ãããŒã©ããIACSã³ã³ããŒãã³ãã»ã¢ãŒããã¯ãã£ã«æ¢ã«çµã¿èŸŒãŸããŠããå Žåã§ããéµãèšŒææžãé åžããããã«ã»ãã¥ã¢ã»ãªãŒã»ã³ãã£ã±ãŒã¿ã®å©ç¹ãçããããšãã§ããŸããç§å¯ICèªèšŒæ å ±ãæ±ãããã«ã¯é«äŸ¡ãªè£œé æœèšãå¿ èŠã§ãããããã«ãã£ãŠOEMããã®å¥çŽã¡ãŒã«ãŒã«ããæè³ã®è² æ ã軜æžãããŸãããã®ã¢ãããŒãã¯ããã€ã¯ãã³ã³ãããŒã©ã«ä¿åãããéµãä¿è·ããJTAGãªã©ã®ãããã®ã³ã°ã»ããŒã«ãéããŠæãåºãããã®ãé²ãããšã«ããªããŸãã
ããŒããã©ãªãªã®è£œåæ§æãšè£œåã®è©³çްã¯analog.com/en/product-category/secure-authenticators.htmlã§åç §ã§ããŸãã
ãŸãšã
IEC 62443èŠæ Œã®èŠæ±äºé ããŸãšãããããæ¡çšããããšã«ãã£ãŠãIACSã®é¢ä¿è ã¯ä¿¡é Œã§ããå®å šãªã€ã³ãã©ã¹ãã©ã¯ãã£ãžã®éãéããŸãããã»ãã¥ã¢ã»ãªãŒã»ã³ãã£ã±ãŒã¿ã¯ãããŒããŠã§ã¢ã»ããŒã¹ã®ã»ãã¥ãªãã£ãå¿ èŠãšããIEC 62443èŠæ Œæºæ ã³ã³ããŒãã³ãã®æªæ¥ãæ¯ããåºç€ã§ããOEMã¯ãã»ãã¥ã¢ã»ãªãŒã»ã³ãã£ã±ãŒã¿ãèªç€Ÿã®æ±ãã蚌æãå®çŸããå©ããšãªãããšãçè§£ããèªä¿¡ãæã£ãŠèšèšãè¡ãããšãã§ããŸãã
åèè³æ
1Lorenzo Franceschi-Bicchierai. âRansomware Gang Accessed Water Supplierâs Control System.â Vice, August 2022.
2âProtecting Critical Infrastructure.â Cybersecurity and Infrastructure Security Agency.
3Bruce Schneier. âThe Story Behind The Stuxnet Virus.â Forbes, October 2010.
4âISASecure CSA Certified Components.â ISASecure.
5Patrick OâBrien. âCybersecurity Risk Assessment According to ISA/IEC 62443-3-2.â Global Cybersecurity Alliance.
6âATT&CK Matrix for Enterprise.â MITRE ATT&CK®.
7âCybersecurity Alerts & Advisories.â Cybersecurity and Infrastructure Security Agency.
8Ian Beavers. âã€ã³ãã¹ããªã¢ã«IOTã®ã»ã³ã·ã³ã°ãšèšæž¬: ãšããžã»ããŒãâ Analog Devices, Inc., August 2017.
9âTrust Your Digital CertificatesâEven When Offline.â Design Solutions, No.56, May 2017.