åºè·ããæ©åšã¯ãå®å šã§ããã
2026幎7æ02æ¥ããŒã©ã³ãã®åçå¯èœãšãã«ã®ãŒãžã®ãµã€ããŒæ»æããåŠã¶ãå°æ¹Ÿè£œé æ¥ãžã®3ã€ã®èŠé
2025幎æ«ãããŒã©ã³ãã«ãã30ãæãè¶
ãã颚åã»å€ªéœå
çºé»æã®ç£æ¥å¶åŸ¡æ©åšããåæ¥äžæã«æ©èœåæ¢ã«è¿œã蟌ãŸãããæ»æè
ã®ç®çã¯èº«ä»£éã®èŠæ±ïŒã©ã³ãµã ãŠã§ã¢ïŒã§ãæ©å¯æ
å ±ã®çªåã§ããªãããçŽæ¥çãªç Žå£ãã§ãã£ãã倿ŽãããŠããªãã£ãããã©ã«ããã¹ã¯ãŒãã®è匱æ§ãçªããæ©åšã®æé«ç®¡çè
æš©éãå®å
šã«å¥ªåãæªæãããã¡ãŒã ãŠã§ã¢ãã¢ããããŒãããŠã³ã³ãããŒã©ãç¡éã«ãŒãïŒåèµ·åïŒã«é¥ãããããããã¯ãã«ãŠã§ã¢ã«ãã£ãŠããŒã¿ãäžæžããããšããæå£ãå®è¡ããã®ã§ããã
ãã®æ»æã¯ããŒã©ã³ãã®å³ããå¬ã®çã£æäžã«çºçããããããããçºããããã·ã°ãã«ã¯ãå°æ¹Ÿã®æ©åšã¡ãŒã«ãŒã«ãšã£ãŠãåæ§ã«åãã€ããããªãã®ã§ãã£ããä»åæšçãšãªã£ãRTUã³ã³ãããŒã©ãã·ãªã¢ã«ããŒããµãŒããä¿è·ãªã¬ãŒãHMIïŒãã¥ãŒãã³ãã·ã³ã€ã³ã¿ãŒãã§ãŒã¹ïŒãšãã£ãæ©åšã¯ããŸãã«å°æ¹Ÿã®ãããã¯ãŒã¯æ©åšãç£æ¥çšå¶åŸ¡æ©åšããã³èé»ã·ã¹ãã ã¡ãŒã«ãŒã䞻軞ãšãã補åã«ããŽãªãŒãã®ãã®ã ããã§ãããæªçšãããè匱æ§ãããªãã¡ããã©ã«ããã¹ã¯ãŒãã®æŸçœ®ãæå·åãããŠããªãéä¿¡ãããã³ã«ãæ€èšŒä»çµã¿ã®ãªããã¡ãŒã ãŠã§ã¢ã¢ããããŒãã¯ãç§ãã¡ã®çç£ã©ã€ã³ããä»ãªãåºè·ããç¶ããŠãã補åã®çŸç¶ãã®ãã®ãªã®ã§ããã
æ¬çš¿ã§ã¯ã補åéçºã®æææ±ºå®è
ã®èŠç¹ããããã®è£œåã»ãã¥ãªãã£ã€ã³ã·ãã³ããå°æ¹Ÿã®è£œé æ¥ã«ãããã圱é¿ãã補åå®å
šèšèšã®ã®ã£ããããæ¬§å·é£åïŒEUïŒèŠå¶ã«ããåžå Žåå
¥ãžã®å§åããå
è¡è
ãç²åŸã§ããç«¶äºåªäœæ§ãã®3ã€ã®ã¬ã€ã€ãŒã«åè§£ããŠè§£èª¬ããã
1. èªç€Ÿè£œåã®äœãåé¡ã ã£ãã®ãïŒæ»æè ãæªçšããã®ã¯é«åºŠãªè匱æ§ã§ã¯ãªããåºæ¬çãªèšèšãã¹
ããŒã©ã³ãåœå
ã®ãµã€ããŒã»ãã¥ãªãã£ã€ã³ã·ãã³ãã®å¯Ÿå¿ã»ç£èŠãå°éãšããã»ãã¥ãªãã£å¯Ÿå¿ããŒã CERT Polskaã«ããæè¡å ±åæžã«ã¯ãæ»æè
ãåæ©åšäžã§è¡ã£ãå
·äœçãªæäœã詳现ã«èšé²ããŠãããæãæ·±å»ãã€æžå¿µãã¹ãã¯ããã®æ»æææ³ãããã«ç²Ÿå¯ã§ãã£ããã§ã¯ãªããããã«åçŽã§ãã£ãããšããç¹ã§ããã
| 被害ã«éã£ãæ©åš | æ»æè ãè¡ã£ãæäœ | ãªãæåããã®ãïŒè匱æ§ã®åå ïŒ |
| Hitachi RTU560ã³ã³ãããŒã© | Web管çç»é¢ããã0xFFãã®ç¡å¹ãªåœä»€ãå«ãæªæãããã¡ãŒã ãŠã§ã¢ãã¢ããããŒãããããã»ããµãŒãç¡éåèµ·åïŒã«ãŒãïŒã«é¥ãããã | è£œé æïŒå·¥å Žåºè·æïŒã®ããã©ã«ãã¢ã«ãŠã³ããDefaultãã®ãŸãŸãã°ã€ã³ãããã ãã¡ãŒã ãŠã§ã¢ã®ã¢ããããŒãæã«ããã¡ã€ã«ãæ¹ãããããŠããªãããæ€èšŒããããžã¿ã«çœ²åã®æ€èšŒæ©èœããªãã£ãã |
| Mikronika RTU ã³ã³ãããŒã©ãŒ | rootæš©éã§SSHãµãŒãã¹ã«ãã°ã€ã³ããã³ãã³ããå®è¡ããŠæ©åšå šäœã®Linuxãã¡ã€ã«ã·ã¹ãã ãåé€ããã | SSHãµãŒãã¹ã«è£œé æã®ããã©ã«ããã¹ã¯ãŒãã䜿çšãããŠãããå°å ¥åŸãäžåºŠã倿ŽãããŠããªãã£ãã |
| Hitachi Relion 650 IEDïŒä¿è·ãªã¬ãŒïŒ | FTPãµãŒãã¹ãä»ããŠãæ©åšã®åäœã«å¿ èŠãªã·ã¹ãã äžã®éèŠãã¡ã€ã«ãåé€ããã | FTPãµãŒãã¹ãããã©ã«ãã§æå¹åãããŠããããã€ããã©ã«ãã®ãŠãŒã¶ãŒåã»ãã¹ã¯ãŒãã倿ŽãããŠããªãã£ãã |
| Moxa NPortïŒã·ãªã¢ã«ããŒããµãŒãïŒ | æ©åšãå·¥å Žåºè·ç¶æ ïŒåæç¶æ ïŒã«ãªã»ãããã管çãã¹ã¯ãŒãã倿Žãããã«IPã¢ãã¬ã¹ãã127.0.0.1ïŒããŒã«ã«ãã¹ãïŒãã«æžãæããããšã§ãã·ã¹ãã 管çè ããããã¯ãŒã¯çµç±ã§ã¢ã¯ã»ã¹ã§ããªãããã«ããã | 管çç»é¢ãžã®ã¢ã¯ã»ã¹å¶éãè¡ãããŠããããä»»æã®ãœãŒã¹IPã¢ãã¬ã¹ããã®ã¢ã¯ã»ã¹ãããã©ã«ãã§èš±å¯ãããŠããã ãã€ãããã©ã«ãã®ãŠãŒã¶ãŒåã»ãã¹ã¯ãŒãã倿ŽãããŠããªãã£ãã |
| Windows HMI | RDPïŒãªã¢ãŒããã¹ã¯ãããïŒçµç±ã§ãã°ã€ã³ããã¯ã€ããŒåïŒããŒã¿ç Žå£åïŒãã«ãŠã§ã¢ãDynoWiperããææãããŠããŒã¿ãç Žå£ããã | è匱ãªãã¹ã¯ãŒãïŒåŒ±çµç¹ãã¹ã¯ãŒãïŒã§ãã°ã€ã³ãããã SMBå ±æãã©ã«ãã®ã¢ã¯ã»ã¹æš©éãé©åã«èšå®ãããŠããããããã©ã«ãã§èª°ã§ãã¢ã¯ã»ã¹ã§ããç¶æ ã ã£ãã |
ããã§ãäžã€ã®å
±éãã¿ãŒã³ãæµ®ãã³äžãããæ»æè
ã¯ãŒããã€è匱æ§ãªã©å¿
èŠãšããŠããªãã£ãã圌ããæªçšããã®ã¯ã補åã®åºè·æ®µéããååšããŠãããèšèšäžã®éžæãã®äžåã§ãããããªãã¡ããã¹ã¯ãŒãã®åŒ·å¶å€æŽããã¡ãŒã ãŠã§ã¢ã®çœ²åæ€èšŒãæ»æé¢ã®æå°åãšãã£ã察çã®æ¬ åŠã ããããã¯ãå°å
¥çŸå Žã«ãããéçšã®åé¡ãã§ã¯ãªãã補åã®èšè𿮵éã§æ±ºå®ã§ããã¯ãã®äºæã§ããã
ããã«èŽåœçã ã£ãã®ã¯ããããã®æ©åšã30ã«æä»¥äžã®çºé»æã«ãããŠãå
šãåãããã©ã«ãèšå®ã®ãŸãŸå€§éã«å°å
¥ãããŠããç¹ã ãæ»æè
ã¯ããã£ãäžã€ã®å°å
¥ãã³ãã¬ãŒããçªç Žããã ãã§ããµãã©ã€ãã§ãŒã³äžã«ããåã¿ã€ãã®ã€ã³ãã©ãã¹ãŠãåæã«æ©èœåæ¢ã«è¿œã蟌ãããšãã§ããã
ããŒã©ã³ãCERTããã³è
åšã€ã³ããªãžã§ã³ã¹æ©é¢ã®Dragosã¯ããããããªããŒã¿ãã«ã»ã¢ã¿ãã¯ïŒRepeatable AttackïŒåçŸå¯èœãªæ»æïŒããšåŒãã§ãããããã¯ã忣åãšãã«ã®ãŒãæ¥éã«æ¡å€§ããäžã§ãæšæºåãããèšèšããããããæ§é çãªä»£åã«ã»ããªããªãã
èšåè£œé æ¥è
ã«ããã補åã»ãã¥ãªãã£èšèšã®èªå·±ç¹æ€
- 補åã®ååèµ·åæã«ããã¹ã¯ãŒããèšå®ããªãããŸãã¯åæèšå®ã®ããã©ã«ããã¹ã¯ãŒãã倿ŽããªããŸãŸãçŽæ¥æäœã€ã³ã¿ãŒãã§ãŒã¹ãžå ¥ãããšãå¯èœã§ãããã
- ãã¡ãŒã ãŠã§ã¢æŽæ°æ©æ§ã¯ãæŽæ°ãã¡ã€ã«ã®çæ£æ§ãæ€èšŒããä»çµã¿ãåããŠãããã
- 補åã¯ãFTPãTelnetãHTTPãªã©ã®å®å šã§ã¯ãªãéä¿¡ãããã³ã«ãäŸç¶ãšããŠããã©ã«ãã§æå¹åããŠãããã
- 顧客ãåäžã®æ§æã§50æ ç¹ã«åœè©²è£œåãå±éããå Žåãã²ãšãã³è匱æ§ãçºèŠãããéã®åœ±é¿ç¯å²ïŒé²åºãªã¹ã¯ïŒã¯ã©ã®çšåºŠãšãªããã
2. æ³èŠå¶ã¯ãã¯ãææžäœæ¥ã«ãšã©ãŸããªãïŒEU CRAãããããåžå Žåå ¥ãžã®éå£
ä»åã®ããŒã©ã³ãã§ã®ã€ã³ã·ãã³ãã¯ãåãªãã»ãã¥ãªãã£ã³ãã¥ããã£å
ã®è°è«ã«ãšã©ãŸããã®ã§ã¯ãªããããã¯ãCRAïŒæ¬§å·ãµã€ããŒã¬ãžãªãšã³ã¹æ³ïŒãæ±ããèŠä»¶ã®æ£åœæ§ã蚌æãããæã説åŸåã®ããçŸå®ã®çãã蚌æ ã§ããã
ãªããªããCRAã矩åä»ããŠããèŠå¶å
容ã¯ããŸãã«ä»åã®æ»æã§ç Žããããã¹ãŠã®è匱ãªèŠçŽ ã®å¯Ÿæ¥µã«ãããæ¬æ¥ããã¹ãå®å
šåºæºãã®ãã®ã ããã§ããã
| ããŒã©ã³ãäºæ¡ã®å€±æã¢ãŒã | CRAãè£œé æ¥è ã«æ±ããèŠæ± | æ¡ææ ¹æ | äžé©åã®çµæ |
| æ©åšãåæã®IDã»ãã¹ã¯ãŒãã®ãŸãŸéçšãããååèµ·åæã«åŒ·å¶å€æŽããä»çµã¿ããªãã£ãã | 補åã¯åæç¶æ ã§å®å šã«æ§æãããŠããªããã°ãªããªããïŒSecure by DefaultïŒ | Art. 13(2), Annex I Part I §1(d) Part I (b) | 1.CEããŒã¯ã®ååŸã»ç¶æãäžå¯èœãšãªããæ¬§å·åžå Žã§ã®è²©å£²ãå šé¢çã«çŠæ¢ãããã 2.ãµã€ããŒã»ãã¥ãªãã£äžã®èšè𿬠é¥ã«å¯Ÿããã¡ãŒã«ãŒãçŽæ¥çãªæ³åŸäžã®è³ å責任ãè² ãã 3.æé«1,500äžãŠãŒããŸãã¯å šäžç売äžé«ã®2.5%ã®ããããé«ãæ¹ã®çœ°éãç§ãããã 4. åºè·åŸãé·æã®ã»ãã¥ãªãã£ä¿å®ã矩åä»ããããåŸæ¥ã®ã売ãåãåïŒShip and ForgetïŒãã®ããžãã¹ã¢ãã«ã¯å®å šã«éçšããªããªãã |
| æ¹ããããããã¡ãŒã ãŠã§ã¢ããã®ãŸãŸå®è¡ãããæ©åšåŽã§æŽæ°ãã¡ã€ã«ã®å€æŽæç¡ãæ€èšŒããªãã£ãã | æŽæ°ããã°ã©ã ãæ¹ãããããŠããªãããæ€èšŒããªããã°ãªããªãã | Art. 13(5), Annex I Part I §1(f) 2(2)(f) | |
| ã€ã³ã·ãã³ãçºçåŸããŠãŒã¶ãŒåŽã§ã©ã®æ©åšã圱é¿ãåããã®ã倿ã§ããªãã£ãã | è£œé æ¥è ã¯è£œåè奿 å ±ãæäŸããªããã°ãªããªãã | Art. 13(15) | |
| è€æ°ãã³ããŒã®æ©åšã®è匱æ§ãæªçšããããã飿ºããŠé瀺ã»å¯ŸåŠããããã®çªå£ãã«ãŒãããªãã£ãã | è£œé æ¥è ã¯ãæªçšãããã»ãã¥ãªãã£è匱æ§ãå ±åããä»çµã¿ãæ§ç¯ããªããã°ãªããªãã | Art. 13(6)141 | |
| æ©åšã®èšçœ®åŸãã»ãã¥ãªãã£ç£èŠãç¶ç¶çãªã¢ããããŒããè¡ãä»çµã¿ãæ¬ åŠããŠããã | 補åã®æ³å®å¯¿åœæéå ã«ãããã»ãã¥ãªãã£ã¢ããããŒãã®ç¶ç¶æäŸããã | Art. 13(8) |
CRAã¯2027幎ã«å
šé¢æœè¡ãããäºå®ã§ããããã®æç¹ã§ãã»ãã¥ãªãã£èŠä»¶ãæºãããªããããžã¿ã«èŠçŽ ãå«ã補åãã¯æ¬§å·åžå Žãžã®åå
¥ãäžå¯èœãšãªããããã«ã¯ããããã¯ãŒã¯æ©åšãç£æ¥çšã³ã³ãããŒã©ãŒãèé»ã·ã¹ãã ïŒESSïŒã®ãšãã«ã®ãŒç®¡çã¢ãžã¥ãŒã«ãã¹ããŒãã°ãªããæ©åšãªã©ãå°æ¹Ÿã¡ãŒã«ãŒã®äž»å茞åºè£œåããã¹ãŠå«ãŸããã
éèŠãªã®ã¯ãCRAã®èŠå¶ããžãã¯ãçè§£ããããšã ãCRAã¯åºè·æã®å®å
šåºæºã ãã§ãªãã補åã®ãå
šã©ã€ããµã€ã¯ã«ãã«å¯Ÿããã¡ãŒã«ãŒã®è²¬ä»»ãèŠæ±ããŠãããããã«ã¯ãå°å
¥åŸã®è匱æ§ç£èŠãã»ãã¥ãªãã£ã¢ããããŒãã®æäŸããããŠã€ã³ã·ãã³ãçºçæã®éå ±çŸ©åãå«ãŸãããããã¯ãå°æ¹Ÿã¡ãŒã«ãŒãé·å¹Žæ
£ã芪ããã§ããã売ã£ããçµããïŒShip and ForgetïŒãã®ããžãã¹ã¢ãã«ããæ¬§å·åžå Žã«ãããŠå®å
šã«éæ³ãšãªãããšãæå³ããŠããã
欧å·ã ãã§ã¯ãªãïŒç±³åœé£éŠæ¿åºèª¿éãããæé€ãããäžå®å
šãªãšããžæ©åš
åžå Žåå
¥ãžã®å§åã¯æ¬§å·CRAã«ãšã©ãŸããªãã2026幎2æ5æ¥ãç±³CISAïŒãµã€ããŒã»ãã¥ãªãã£ã»ã€ã³ãã©ã»ãã¥ãªãã£åºïŒã¯ãæ³çææåã®ããè¡æ¿æä»€ãBOD 26-02ããçºä»€ãããããã¯ãç±³åœã®ãã¹ãŠã®é£éŠæ¿åºæ°éè¡æ¿æ©é¢ã«å¯ŸãããµããŒããçµäºãããã¹ãŠã®ãšããžæ©åšïŒã«ãŒã¿ãŒããã¡ã€ã¢ãŠã©ãŒã«ãVPNã²ãŒããŠã§ã€ãããŒããã©ã³ãµãŒãªã©ïŒã12ã18ã«æä»¥å
ã«èª¿æ»ã»äº€æããããšã矩åä»ãããã®ã§ããã
CISAã¯åæä»€ã«ãããŠããåœå®¶çŽã®è
åšäž»äœãããµããŒãçµäºãããšããžæ©åšãå€§èŠæš¡ã«æªçšããŠããããšæèšããããŒã©ã³ãã®ãšãã«ã®ãŒã€ã³ãã©ãžã®æ»æäºä»¶ããã®èšŒæ ãšããŠæãããããã«5æ¥åŸã®2æ10æ¥ãCISAãšç±³ãšãã«ã®ãŒçïŒDOE CESERïŒã¯å
±åã§ç¹å¥èŠææ
å ±ãçºåºãããŒã©ã³ãCERTã®å ±åæžãçŽæ¥åŒçšããæ¬¡ã®3ã€ã®çµè«ã匷調ããã
- ãšããžæ©åšã®è匱æ§ãæå€§ã®æ»æã®äŸµå ¥å£ã§ããã
- ãã¡ãŒã ãŠã§ã¢æ€èšŒæ©èœã®ãªãOTæ©åšã¯ã修埩äžèœãªç©ççæå·ïŒæ°žä¹ çãªç Žå£ïŒãåããã
- ããã©ã«ããã¹ã¯ãŒãã®æŸçœ®åé¡ã¯ãç¹å®ã®ãã³ããŒã«éã£ã話ã§ã¯ãªãã
å°æ¹Ÿè£œé æ¥ãžã®æå³ïŒäŸçµŠåŽãšéèŠåŽããã®æã¿æã¡
å°æ¹Ÿã®ã¡ãŒã«ãŒã«ãšã£ãŠã®æå³ã¯æ¥µããŠæç¢ºã§ãããèªç€Ÿè£œåãç±³åœé£éŠæ¿åºé¡§å®¢ã®EOSïŒãµããŒãçµäºïŒãªã¹ãã«èŒãããã€ã»ãã¥ãªãã£åºæºãæºãããæç¢ºãªåŸç¶æ©çš®ãæç€ºã§ããªããã°ããã®è£œåã¯é£éŠæ¿åºã®èª¿ééžæè¢ããå³åº§ã«æ¹æ¶ãããã
BOD 26-02ã¯ãåæ©é¢ã«å¯ŸããŠ24ã«æä»¥å
ã«ïŒäžå®å
šãªæ©åšãïŒç¶ç¶çã«æ€ç¥ããä»çµã¿ã®æ§ç¯ãæ±ããŠãããããã¯ãéå»ã«å£²ãæãã補åããããåŒ·å¶æé€ã®å¯Ÿè±¡ã«ãªãããšãæå³ããã
欧å·CRAããäŸçµŠåŽïŒã¡ãŒã«ãŒïŒããã補åã®å®å
šèšèšã矩åä»ããç±³åœBOD 26-02ããéèŠåŽïŒåžå ŽïŒãããäžå®å
šãªè£œåãæé€ããããããäºå€§åžå Žã®èŠå¶ã®ãã¯ãã«ã¯ãå®å
šã«äžèŽãã€ã€ããã
3. å è¡è ã®ç«¶äºåªäœïŒã»ãã¥ãªãã£é©åã¯ã³ã¹ãã§ã¯ãªããåžå Žããžã·ã§ãã³ã°ã§ãã
æ³èŠå¶äžã®å§åã¯äºå®ã§ãããããããåãªãã³ã¹ããšæããã®ã¯çèŠçã§ãããæ©æã«åžç³ãæã€è£œé æ¥è
ã«ãšã£ãŠãCRAãžã®é©åã¯ã以äžã®3å±€ã®ç«¶äºåªäœæ§ãããããã
3.1 åžå Žã¢ã¯ã»ã¹ã«ãããæéå·®
2027å¹Žã®æœè¡æãEUåžå Žã§è²©å£²ããããã¹ãŠã®å¯Ÿè±¡è£œåã¯æ³ãžã®é©åã矩åä»ãããããããããå®å šãªéçºã©ã€ããµã€ã¯ã«ïŒSDLïŒã®æ§ç¯ã補åã®ã»ãã¥ãªãã£è©äŸ¡ãSBOMïŒãœãããŠã§ã¢éšå衚ïŒã®äœæããããŠPSIRTïŒè£œåã»ãã¥ãªãã£ã€ã³ã·ãã³ã察å¿ããŒã ïŒã®ããã»ã¹èšèšã«è³ãã³ã³ãã©ã€ã¢ã³ã¹ã®æºåã«ã¯ãéåžž12ã18ã¶æãèŠãããçŸæç¹ããæºåãéå§ããã¡ãŒã«ãŒã¯ã2027幎ã«èŠå¶ã®ããŒãã«ãæå¹åãããéã«ãã¹ã ãŒãºã«åžå Žãžåå ¥ã§ãããäžæ¹ã§ãæªã è¡åãèµ·ãããŠããªãç«¶åä»ç€Ÿã¯ã補åã®è²©å£²åæ¢ãåžå Žæå ¥ã®é å»¶ãšãããªã¹ã¯ã«çŽé¢ããããã®ã¿ã€ã ã©ã°ããããå è¡è ã®ããžãã¹ãã£ã³ã¹ãšãªãã
2027å¹Žã®æœè¡æãEUåžå Žã§è²©å£²ããããã¹ãŠã®å¯Ÿè±¡è£œåã¯æ³ãžã®é©åã矩åä»ãããããããããå®å šãªéçºã©ã€ããµã€ã¯ã«ïŒSDLïŒã®æ§ç¯ã補åã®ã»ãã¥ãªãã£è©äŸ¡ãSBOMïŒãœãããŠã§ã¢éšå衚ïŒã®äœæããããŠPSIRTïŒè£œåã»ãã¥ãªãã£ã€ã³ã·ãã³ã察å¿ããŒã ïŒã®ããã»ã¹èšèšã«è³ãã³ã³ãã©ã€ã¢ã³ã¹ã®æºåã«ã¯ãéåžž12ã18ã¶æãèŠãããçŸæç¹ããæºåãéå§ããã¡ãŒã«ãŒã¯ã2027幎ã«èŠå¶ã®ããŒãã«ãæå¹åãããéã«ãã¹ã ãŒãºã«åžå Žãžåå ¥ã§ãããäžæ¹ã§ãæªã è¡åãèµ·ãããŠããªãç«¶åä»ç€Ÿã¯ã補åã®è²©å£²åæ¢ãåžå Žæå ¥ã®é å»¶ãšãããªã¹ã¯ã«çŽé¢ããããã®ã¿ã€ã ã©ã°ããããå è¡è ã®ããžãã¹ãã£ã³ã¹ãšãªãã
3.2 B2B調éã«ãããä¿¡é Œãã¬ãã¢ã
ããŒã©ã³ãã§ã®äºæ¡ä»¥éãæ¬§å·ã®ãšãã«ã®ãŒäºæ¥è ãèšå調éã®ä»æ§æžã«ãããŠIEC 62443ãžã®é©åãèŠæ±ããåãã¯ãäºæããããã¬ã³ããšãªã£ãŠãããç±³åœã®CISAïŒãµã€ããŒã»ãã¥ãªãã£ã»ã€ã³ãã©ã»ãã¥ãªãã£åºïŒããåäºæ¡ãåããŠOT/ICSïŒå¶åŸ¡æè¡/ç£æ¥çšå¶åŸ¡ã·ã¹ãã ïŒã®ã»ãã¥ãªãã£ã®ã£ããã«é¢ããæ³šæåèµ·ãçºè¡ãããéèŠã€ã³ãã©ã®èª¿éæææ±ºå®ã«ãããŠã第äžè æ€èšŒã¬ããŒããSBOMããã¥ã¡ã³ããè匱æ§é瀺ããªã·ãŒãå«ãå®å šãªã»ãã¥ãªãã£ã³ã³ãã©ã€ã¢ã³ã¹ã®èšŒæãæäŸã§ãããµãã©ã€ã€ãŒã¯ãäŸ¡æ Œç«¶äºãè¶ ãã远å ã®ä¿¡é Œãã¬ãã¢ã ãç²åŸã§ãããäŸ¡æ Œç«¶äºã®æ¿ããå°æ¹Ÿã®ODM/OEMäŒæ¥ã«ãšã£ãŠãããã¯ãã³ã¹ãç«¶äºãããã䟡å€ç«¶äºããžãšã·ããããããã®å ·äœçãªéçã§ããã
ããŒã©ã³ãã§ã®äºæ¡ä»¥éãæ¬§å·ã®ãšãã«ã®ãŒäºæ¥è ãèšå調éã®ä»æ§æžã«ãããŠIEC 62443ãžã®é©åãèŠæ±ããåãã¯ãäºæããããã¬ã³ããšãªã£ãŠãããç±³åœã®CISAïŒãµã€ããŒã»ãã¥ãªãã£ã»ã€ã³ãã©ã»ãã¥ãªãã£åºïŒããåäºæ¡ãåããŠOT/ICSïŒå¶åŸ¡æè¡/ç£æ¥çšå¶åŸ¡ã·ã¹ãã ïŒã®ã»ãã¥ãªãã£ã®ã£ããã«é¢ããæ³šæåèµ·ãçºè¡ãããéèŠã€ã³ãã©ã®èª¿éæææ±ºå®ã«ãããŠã第äžè æ€èšŒã¬ããŒããSBOMããã¥ã¡ã³ããè匱æ§é瀺ããªã·ãŒãå«ãå®å šãªã»ãã¥ãªãã£ã³ã³ãã©ã€ã¢ã³ã¹ã®èšŒæãæäŸã§ãããµãã©ã€ã€ãŒã¯ãäŸ¡æ Œç«¶äºãè¶ ãã远å ã®ä¿¡é Œãã¬ãã¢ã ãç²åŸã§ãããäŸ¡æ Œç«¶äºã®æ¿ããå°æ¹Ÿã®ODM/OEMäŒæ¥ã«ãšã£ãŠãããã¯ãã³ã¹ãç«¶äºãããã䟡å€ç«¶äºããžãšã·ããããããã®å ·äœçãªéçã§ããã
3.3 é©åæè³ã®åå©çšå¹æ
IEC 62443ïŒç£æ¥çšèªååã»å¶åŸ¡ã·ã¹ãã ã®ã»ãã¥ãªãã£ïŒãšCRAã®æè¡çèŠä»¶ã«ã¯ãå®å šãªéçºããã»ã¹ãè匱æ§ç®¡çããããã¬ãŒã·ã§ã³ãã¹ãã補åã»ãã¥ãªãã£è©äŸ¡ãªã©ãå€ãã®éè€ãååšãããããã2ã€ã®ã³ã³ãã©ã€ã¢ã³ã¹ãåæã«æºåããã¡ãŒã«ãŒã¯ãæè¡çãªæºåäœæ¥ã®çŽ60ïœ70%ãå ±éåããããšãå¯èœã§ãããããã«ãETSI EN 303 645ïŒæ¶è²»è åãIoTã»ãã¥ãªãã£ïŒã®æšæºåãžã®åæåŸåãå å³ããã»ãã¥ãªãã£ã³ã³ãã©ã€ã¢ã³ã¹ãžã®éçãäœç³»çã«èšç»ããããšã§ãéè€æè³ãåé¿ããè€æ°ã®åžå Žãžã®åå ¥ãå éãããããšãã§ããã
IEC 62443ïŒç£æ¥çšèªååã»å¶åŸ¡ã·ã¹ãã ã®ã»ãã¥ãªãã£ïŒãšCRAã®æè¡çèŠä»¶ã«ã¯ãå®å šãªéçºããã»ã¹ãè匱æ§ç®¡çããããã¬ãŒã·ã§ã³ãã¹ãã補åã»ãã¥ãªãã£è©äŸ¡ãªã©ãå€ãã®éè€ãååšãããããã2ã€ã®ã³ã³ãã©ã€ã¢ã³ã¹ãåæã«æºåããã¡ãŒã«ãŒã¯ãæè¡çãªæºåäœæ¥ã®çŽ60ïœ70%ãå ±éåããããšãå¯èœã§ãããããã«ãETSI EN 303 645ïŒæ¶è²»è åãIoTã»ãã¥ãªãã£ïŒã®æšæºåãžã®åæåŸåãå å³ããã»ãã¥ãªãã£ã³ã³ãã©ã€ã¢ã³ã¹ãžã®éçãäœç³»çã«èšç»ããããšã§ãéè€æè³ãåé¿ããè€æ°ã®åžå Žãžã®åå ¥ãå éãããããšãã§ããã
4. å ·äœçãªè¡åããŒããããïŒçŸåšãã2027幎ã«åããŠ
以äžã¯ãããŒã©ã³ãã®äºæ¡ã«ãã£ãŠæããã«ãªã£ã補åã»ãã¥ãªãã£ã®ã®ã£ãããèžãŸããCRAã®é©åèŠä»¶ãçµã¿åãããŠãå°æ¹Ÿã®è£œé æ¥è
åãã«æç€ºããæ®µéçãªè¡åæèšã§ããã
| ææ | 段éç®æš | äž»èŠã¢ã¯ã·ã§ã³ | æ³å®ææç© |
| çŸåšïœ2026幎Q3 | ã®ã£ããæ£åžã | äž»èŠèŒžåºè£œåã©ã€ã³ã察象ã«è£œåã»ãã¥ãªãã£è©äŸ¡ïŒProduct Security AssessmentïŒã宿œããããã©ã«ããã¹ã¯ãŒãããã¡ãŒã ãŠã§ã¢çœ²åãéä¿¡ãããã³ã«çã®èšèšäžã®ã®ã£ãããç¹å®ãããšãšãã«ãCRAé©åã®ã£ããåæãå®äºããã | 補åã»ãã¥ãªãã£ã®ã£ããå ±åæžãCRAã®ã£ããåæå ±åæžãåªå æ¹åé ç®ãªã¹ã |
| 2026幎Q3ïœ2027幎Q1 | ããã»ã¹æ§ç¯ | ã»ãã¥ãªãã£éçºã©ã€ããµã€ã¯ã«ïŒSDLïŒãå°å ¥ãããœãããŠã§ã¢éšå衚ïŒSBOMïŒã®äœæã»ç¶æããã»ã¹ãæ§ç¯ããè匱æ§å¯Ÿå¿åã³é瀺ããªã·ãŒãèšèšããã | SDLããã»ã¹ææžãSBOMãã³ãã¬ãŒããè匱æ§å¯Ÿå¿åã³é瀺ããªã·ãŒ |
| 2027幎Q1ïœ2027幎Q3 | è£œåæ€èšŒ | æ¹ååŸã®è£œåã«ã€ããŠè£œåæ€èšŒäœæ¥ã宿œããIEC 62443 / CRAé¢é£ã®ç¬¬äžè
è©äŸ¡å ±åæžãååŸããæè¡ææžïŒTechnical DocumentationïŒã®æºåãå®äºãã. | 第äžè è©äŸ¡å ±åæžãCEããŒãã³ã°ã«å¿ èŠãªæè¡ææž |
5. 次ã®ããŒã©ã³ãäºæ¡ãçºçããåã«
ããŒã©ã³ãã§ã®äºæ¡ã¯ã忣åãšãã«ã®ãŒã€ã³ãã©ãæšçãšããåã®å€§èŠæš¡ãã€ç Žå£çãªæ»æã§ãã£ããããããæåŸã«ãªãããšã¯ãªãããµã€ããŒè
åšã€ã³ããªãžã§ã³ã¹æ©é¢ã§ããDragosã¯ãICSïŒç£æ¥çšå¶åŸ¡ã·ã¹ãã ïŒãžã®æ»æèœåãæã€åœå®¶æ¯æŽåçµç¹ãã匷åºã«é²åŸ¡ãããåºå¹¹éé»ç¶²ãããé²åŸ¡ã®èã忣åã®ç©çãšããžèšåãžãšæšçãç§»ããŠããããšãæç¢ºã«ææããŠããããããŠããããã®èšåã®äžã§çšŒåããŠããã®ããå°æ¹Ÿã®è£œé æ¥è
ã補é ãã補åã§ããã
ããã¯åãªãè
åšã§ã¯ãªããåžå ŽãçºããŠããã·ã°ãã«ã§ããããã®ã·ã°ãã«ã«å¿ãã補åã«ãããŠãSecure by DesignïŒèšè𿮵éããã®ã»ãã¥ãªãã£ç¢ºä¿ïŒããå®è·µããã³ã³ãã©ã€ã¢ã³ã¹ã«ãããŠå
è¡ããŠåžç³ãæã€ããšãã§ããè£œé æ¥è
ã¯ãã°ããŒãã«ãµãã©ã€ãã§ãŒã³ã«ãããä¿¡é Œã®åæ§ç¯ã®äžã§åªäœãªå°äœãå ããããšã«ãªãã
DEKRAã°ã«ãŒãã¯ã詊éšãæ€æ»ãèªèšŒãããã³ã³ã³ãã©ã€ã¢ã³ã¹ãµãŒãã¹ã«ãããäžççãªãªãŒãã£ã³ã°æ©é¢ã§ãããæšä»ã泚ç®ã济ã³ãŠãããµã€ããŒã»ãã¥ãªãã£ãµãŒãã¹ã¯ãIoTããã³ç£æ¥çšå¶åŸ¡ã·ã¹ãã ã®ãããã¯ãŒã¯ã»ãã¥ãªãã£æ€èšŒãšã³ã³ãã©ã€ã¢ã³ã¹ãµãŒãã¹ã«ç¹åããŠããã補åã»ãã¥ãªãã£è©äŸ¡ãIEC 62443é©åã³ã³ãµã«ãã£ã³ã°ã欧å·CRAæºåããããã¬ãŒã·ã§ã³ãã¹ããããã³è匱æ§ç®¡çã®åéã«ãããŠãèšåè£œé æ¥è
ãèšèšããåžå Žæå
¥ã«è³ããŸã§ã®äœç³»çãªã»ãã¥ãªãã£èœåãæ§ç¯ã§ããããæ¯æŽãè¡ã£ãŠãããDEKRAã¯ãæ©èœå®å
šïŒFunctional SafetyïŒããµã€ããŒã»ãã¥ãªãã£ïŒCybersecurityïŒããããŠAIä¿èšŒïŒAI AssuranceïŒã®3ã€ã®ãµãŒãã¹èœåãåæã«å
Œãåãããäžçã§ãæ°å°ãªãTICïŒè©Šéšã»æ€æ»ã»èªèšŒïŒæ©é¢ã§ãããã³ã³ãã©ã€ã¢ã³ã¹é¡§åã§ãããšåæã«ç¬¬äžè
èªèšŒæ©é¢ã§ãããã