Bazat e ICS dhe SCADA

Mesatar 15 min Siguria e IoT-së

Hyrje

Industrial Control Systems (ICS) are the computers that monitor and control physical processes: power plants, water treatment, manufacturing lines, oil pipelines and building automation.

Teoria

A typical ICS has several layers. At the top, operators sit at HMIs (Human-Machine Interfaces) that present plant state and allow commands. Below that, a SCADA server collects data from the field via protocols like Modbus, DNP3, Profinet and OPC UA. At the bottom, PLCs (Programmable Logic Controllers) read sensors and drive actuators: valves, motors, relays, pumps. The whole system is often called "OT" (operational technology) to distinguish it from IT (information technology). ICS networks were historically air-gapped, but that assumption no longer holds. Business IT systems now pull production data from SCADA for dashboards and analytics; remote vendors need remote support access; converged IT/OT deployments are the norm. The result is that ICS now faces the same attack surface as corporate IT, while still using decades-old protocols that were never designed for security — Modbus, for example, has no authentication at all. High-profile ICS incidents — Stuxnet (2010), Ukraine power grid (2015, 2016), Triton (2017), Colonial Pipeline (2021) — show what can go wrong. Defenders rely on network segmentation (Purdue model, DMZ between IT and OT), monitoring tools purpose-built for OT protocols (Nozomi, Dragos, Claroty), and strict patch management that respects maintenance windows and safety certifications.

Mjetet

Konceptet:

  • Purdue model (Level 0–5): sensorët, kontrollorët (PLC), SCADA HMI, MES, ERP.
  • Protokollet: Modbus, DNP3, S7, OPC UA.
  • Siguria historikisht e munguar — prioriteti është availability dhe safety.

Praktika

Skan Modbus me Nmap NSE:

nmap --script modbus-discover -p 502 10.0.0.0/24

Monitorim trafiku ICS me Zeek + ICS protocol analyzers.

Ushtrime

  1. Lexo raportin e Stuxnet (Langner) dhe përmblidh tre teknikat kryesore.
  2. Identifiko tri dallime midis sigurisë IT dhe OT.

Burime

  • NIST SP 800-82 — ICS Security Guide.
  • IEC 62443.

Vlerësimet dhe komentet

Kyçu për të lënë një vlerësim.

Ende pa komente. Bëhu i pari!

Diskutime

Ende pa diskutime. Hap një temë të re