机械工业时代有他的限制因素,但是对于国家安全而言,重点制造业关系着国防工业和核心国家产业,因此国家更加关注其可用性和完整性问题,这也许是实质今日,传统工业领域依然认为的观点,这个阶段人们所认为的更多再与生产安全和生产的可靠性。与之所对抗的是战争、自然灾害等不可抗力产生的问题,当然电力危机和机械自身的损害必不可少,同时人为破坏做为一种不可饶恕的错误被立法约束。
从机械时代到电子时代,如果说最早的黑客在黑什么,这可能是一个有趣的话题,大家会说,当然是病毒了,亦或是计算机。其实最早的黑客应该是攻击电信系统,比如盗打长途电话,毕竟,在当年这是高价值产业,实质上世纪90年代,盗打长途电话依旧是电信攻击的重要手段,每个黑客想要解决的第一要务当然是生存问题,而这种攻击不管是立法还是追踪都存在很多不确定性。
工业革命改变着人类,但是工业革命也改变着网络安全的视角。从第一次工业革命开始,工业体系是孤立的,甚至说没有工业革命就没有信息技术,所以研究信息安全部了解工业革命本身就是一个伪命题。即使是在第二次工业革命开始,工业体系依旧由于其独特的架构、技术特征、物理环境而言对外界是封闭的。甚至说为工业体系单独开发通讯协议,控制协议,为其独立的硬件逻辑编写简单的,轻量级代码来实现枯燥和不断重复的工序。这就意味着我们在用最基础的机器语言0,1给工业设备和设施传达指令。简约增加了开发的复杂性,但是却带来了程序的可读性和可稽核性。很佩服当年的开发工程师,用简单的0,1去解决复杂的工程逻辑,即使在90年代初期,我们在装配计算机时需要不断的通过适配各种板卡的跳线开关来解决内存、DMA和IRQ的冲突问题,其本质是加重了用户的负担。很多时候,各种机械设备中的跳线开关也使的很多技术不透明,有些老工人可能一辈子也不敢去动设备上的有些跳线开关的组合,大家信奉的三个字是“不要动”。而这种问题就变成技术探索者在好奇的驱使下的行动动力,而这就带来了新的安全问题,成功的绕开特权获得控制设备的能力或者寻找到连开发人员都不能预测的功能。
不管何种动机或者因素,此时的工业控制安全更多的是为生产安全服务,毕竟能够接触设备的人是有限的,能够利用设备的人是有特定目的的,针对设备的操作能力同样是有限的。这就是我常说的一个问题“我们在90年代初期卖计算机卖的是技术,给你一堆组件可能你一辈子都装不出一台主机;现在买计算机卖的是体力,是个人都能在即插即用技术下独立完成安装和配置”。所以经常在想,人工智能最终带来的是人的智障,当机器能够代替人的一切行为时,人类离灭亡也就不远了。
文章到此我们要离开工业控制体系一段时间,因为工业控制通信协议是一直在发展,三种类型的发展涵盖了整个通信体系,第一类完全基于TCPUDPIP,硬件层未更改,采用传统以太网控制器,典型的有标准PROFINET、ETHERNET/IP、MODBUS TCP;第二类部分基于TCPUDPIP,硬件层未更改,具有Process Data协议,直接由以太网帧进行传输,TCP/UDP依然存在,不过由Timing Layer控制,典型的有PROFINET RT、POWERLINK;第三类硬件层更改,使用实时以太网控制器,典型的有PROFINET IRT、CC-LINK IE 、SERCOS III 、ETHERCAT[1]此处可能需要更多的人来完善和补充,毕竟传统的IT 领域和OT 总是水火不相容。
[1] https://zhuanlan.zhihu.com/p/356309011
The advent of the mechanical industry has not been given attention to information security, perhaps because it is only executing simple and boring 0 and 1 instructions within a very narrow scope, and people cannot see the operation status of 0 and 1. Almost all workers are concerned about the activities on the assembly line, and even worry about whether they will be sent to the distant unknown world by the assembly line. There is an interlude here. In the mechanical age, everyone passed on European civilization, but when we think about the ancestors of Luban locks and mechanical locks, it is China. From the perspective of information security, Luban locks focus on algorithms, while mechanical locks focus on keys. This cryptographic mechanism is much older than the emergence of classical and modern cryptography in Europe.
The era of mechanical industry has its limiting factors, but for national security, the key manufacturing industry is related to national defense industry and core national industries. Therefore, the country pays more attention to its availability and integrity issues. This may be the essence that traditional industrial fields still believe today. At this stage, people believe more about production safety and reliability. The challenges it faces are those caused by force majeure such as war and natural disasters. Of course, power crises and mechanical damage are essential. At the same time, human destruction, as an unforgivable mistake, is subject to legislative constraints.
From the mechanical age to the electronic age, if we were to talk about what the earliest hackers were doing, it could be an interesting topic. People would say, of course, it could be viruses or computers. In fact, the earliest hackers should have attacked telecommunications systems, such as stealing long-distance calls. After all, in the 1990s, this was a high-value industry. In fact, stealing long-distance calls was still an important means of telecommunications attacks. The first priority that every hacker wants to solve is undoubtedly survival problems, and this type of attack, whether it is legislation or tracking, has many uncertainties.
The Industrial Revolution is changing humanity, but it is also changing the perspective of cybersecurity. Since the first industrial revolution, the industrial system has been isolated, and even without the industrial revolution, there would be no information technology. Therefore, studying the Ministry of Information Security to understand the industrial revolution itself is a false proposition. Even at the beginning of the Second Industrial Revolution, the industrial system remained closed to the outside world due to its unique architecture, technological features, and physical environment. Even developing communication protocols and control protocols separately for industrial systems, writing simple, lightweight code for their independent hardware logic to achieve tedious and repetitive processes. This means that we are using the most basic machine language, 0,1, to communicate instructions to industrial equipment and facilities. Simplicity increases the complexity of development, but it also brings readability and auditability to the program. I really admire the development engineers who used simple 0s and 1s to solve complex engineering logic. Even in the early 1990s, when assembling computers, we needed to constantly solve conflicts between memory, DMA, and IRQ by adapting jumper switches to various boards, which essentially increased the burden on users. Many times, the jumper switches in various mechanical equipment also make many techniques opaque. Some veteran workers may never dare to move some combinations of jumper switches on the equipment for a lifetime. The three words that people believe in are "do not move". And this kind of problem becomes the driving force for technology explorers driven by curiosity, which brings new security issues, successfully bypassing privileges to gain the ability to control devices or finding features that even developers cannot predict.
Regardless of the motivation or factors, industrial control safety at this time is more about serving production safety. After all, the number of people who can access the equipment is limited, the number of people who can use the equipment is specific, and the ability to operate the equipment is also limited. This is a question I often say: "In the early 1990s, we sold computers for technology and gave you a bunch of components. You may never be able to install a host in your lifetime; now, buying computers sells physical strength, and individuals can independently complete installation and configuration with plug and play technology.". So I often think that artificial intelligence will ultimately bring about human intellectual disability. When machines can replace all human behavior, humans will not be far from extinction.
At this point in the article, we need to leave the industrial control system for a period of time, because the industrial control communication protocol has been constantly developing, and three types of development cover the entire communication system. The first type is completely based on TCP UDP IP, with no changes to the hardware layer, using traditional Ethernet controllers. Typical types include standard PROFINET, ETHERNET/IP, and MODBUS TCP; The second type of part is based on TCP/UDP/IP, with unchanged hardware layer and Process Data protocol, which is directly transmitted by Ethernet frames. TCP/UDP still exists, but is controlled by the Timing Layer. Typical examples include PROFINET RT and POWERLINK; The third type of hardware layer modification, using real-time Ethernet controllers, typical examples include PROFINET IRT, CC-LINK IE, SERCOS III, ETHERCAT [1]. This may require more people to improve and supplement, as traditional IT fields and OT are always incompatible.
原文始发于微信公众号(河南等级保护测评):漫谈网络安全(连载三)
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论