scada-ics-cyber-security-specialist
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseSCADA / ICS Cyber Security Specialist
SCADA / ICS 网络安全专家
When to Use
适用场景
- Define OT/ICS security program scope, governance, and IT/OT coordination model
- Design Purdue/ISA-95 zones, conduits, segmentation, and DMZ patterns for control networks
- Build OT asset inventory — PLCs, RTUs, HMIs, historians, engineering workstations, gateways
- Plan secure remote access — jump hosts, PAM, vendor sessions, MFA, session recording
- Manage patch and vulnerability programs under change windows, compensating controls, and vendor SLAs
- Scope ICS-aware monitoring — passive taps, DPI for Modbus/DNP3/OPC/BACnet (high level), baselines
- Author safety-first OT incident response — coordination with operations, process safety, and IT IR
- Map IEC 62443 and NIST SP 800-82 concepts to gaps, SL-T targets, and remediation priorities
- Produce hardening roadmaps and evidence packs for audits, insurers, and leadership (not legal advice)
- Assess IT/OT convergence risks — shared AD, cloud historians, remote ops, supply chain
- 定义OT/ICS安全项目范围、治理机制及IT/OT协作模式
- 为控制网络设计普渡/ISA-95分区、通信管道、网络分段及DMZ架构
- 构建OT资产清单——包含PLC、RTU、HMI、历史数据库、工程工作站、网关等设备
- 规划安全远程访问方案——跳转主机、PAM、供应商会话、MFA、会话录制
- 在变更窗口、补偿控制及供应商SLA框架下管理补丁与漏洞项目
- 规划ICS感知型监控——被动分流、Modbus/DNP3/OPC/BACnet(高级层面)深度包检测、基线建立
- 编写安全优先的OT事件响应方案——与运营团队、工艺安全团队及IT事件响应团队协同
- 将IEC 62443和NIST SP 800-82标准映射到合规差距、安全等级(SL-T)目标及整改优先级
- 为审计、保险公司及管理层制定系统加固路线图及证据包(非法律建议)
- 评估IT/OT融合风险——共享AD、云端历史数据库、远程运营、供应链等场景
When NOT to Use
不适用场景
- Generic corporate network pentest without OT methodology →
network-pentester - Web application or API testing →
web-pentester - Authorized exploitation and red-team validation on IT paths →
penetration-tester - HIL bench, automotive ECU, or embedded fault-injection testing → (complement for lab validation)
hardware-in-the-loop-security-tester - Enterprise GRC program, audit prep, or vendor questionnaires without OT lens →
compliance-specialist - SOC alert triage and corporate detection playbooks only →
soc-analyst - IT-centric incident command without process-safety and operations coordination →
incident-responder - Corporate SIEM/EDR/IdP implementation without OT architecture →
information-security-engineer - Security strategy and board metrics without OT program delivery →
cybersecurity - Control-by-control evidence automation for IT SOC 2 →
compliance-engineer - Proactive threat hunting on corporate IT telemetry only →
threat-hunter
- 未采用OT方法论的通用企业网络渗透测试 →
network-pentester - Web应用或API测试 →
web-pentester - IT路径上的授权渗透及红队验证 →
penetration-tester - 硬件在环(HIL)测试台、汽车ECU或嵌入式故障注入测试 → (可作为实验室验证的补充)
hardware-in-the-loop-security-tester - 缺乏OT视角的企业GRC项目、审计准备或供应商问卷 →
compliance-specialist - 仅针对SOC告警分诊及企业检测剧本的工作 →
soc-analyst - 未结合工艺安全与运营协同的IT主导型事件指挥 →
incident-responder - 未考虑OT架构的企业SIEM/EDR/IdP部署 →
information-security-engineer - 未涉及OT项目交付的安全战略及董事会指标制定 →
cybersecurity - 针对IT SOC 2的逐控制项证据自动化 →
compliance-engineer - 仅针对企业IT遥测数据的主动威胁狩猎 →
threat-hunter
Related skills
相关技能
| Need | Skill |
|---|---|
| Corporate security program, policies, board narratives | |
| SIEM/EDR/IdP/PAM for enterprise IT stack | |
| GRC program, framework scoping, audit coordination | |
| Technical compliance evidence and control automation | |
| Active IT IR war room, containment, legal coordination | |
| SOC queue triage and corporate playbooks | |
| Hypothesis-driven hunts on IT endpoints/logs | |
| Authorized pentest and exploit validation | |
| Network/AD/infra pentest from corp paths | |
| Web/API OWASP testing | |
| HIL, bus injection, automotive/industrial bench safety | |
| 需求 | 技能 |
|---|---|
| 企业安全项目、政策、董事会汇报材料 | |
| 面向企业IT栈的SIEM/EDR/IdP/PAM部署 | |
| GRC项目、框架规划、审计协调 | |
| 合规技术证据及控制自动化 | |
| 主动式IT事件响应作战室、遏制措施、法务协调 | |
| SOC队列分诊及企业剧本制定 | |
| 基于假设的IT端点/日志狩猎 | |
| 授权渗透测试及漏洞验证 | |
| 从企业路径发起的网络/AD/基础设施渗透测试 | |
| Web/API OWASP测试 | |
| HIL、总线注入、汽车/工业测试台安全 | |
Core Workflows
核心工作流程
1. Scope, safety, and governance
1. 范围、安全与治理
Define OT boundaries, safety constraints, roles, and handoffs with operations and IT.
See .
references/scada_ics_scope_and_safety.md与运营及IT团队共同定义OT边界、安全约束、角色分工及交接流程。
详见 。
references/scada_ics_scope_and_safety.md2. Architecture and segmentation
2. 架构与分段
Apply Purdue zones, conduits, remote access, and IT/OT convergence controls.
See .
references/ot_architecture_and_segmentation.md应用普渡分区、通信管道、远程访问及IT/OT融合控制措施。
详见 。
references/ot_architecture_and_segmentation.md3. Standards and assessment
3. 标准与评估
Map IEC 62443 and NIST SP 800-82 to gaps, maturity, and security levels (practitioner level).
See .
references/standards_and_assessment.md将IEC 62443和NIST SP 800-82标准映射到合规差距、成熟度及安全等级(从业者级)。
详见 。
references/standards_and_assessment.md4. Asset and vulnerability management
4. 资产与漏洞管理
Inventory OT assets; prioritize vulns with OT change constraints and compensating controls.
See .
references/ot_asset_vulnerability_management.md盘点OT资产;结合OT变更约束及补偿控制对漏洞进行优先级排序。
详见 。
references/ot_asset_vulnerability_management.md5. Detection and incident response
5. 检测与事件响应
ICS monitoring patterns, safety-first IR sequencing, and OT threat classes.
See .
references/ot_detection_and_incident_response.mdICS监控模式、安全优先的事件响应流程及OT威胁类别。
详见 。
references/ot_detection_and_incident_response.md6. Hardening roadmaps and evidence
6. 加固路线图与证据
Phased remediation, metrics, test plans, and audit-ready artifacts.
See .
references/hardening_roadmaps_and_evidence.md分阶段整改、指标、测试计划及审计就绪工件。
详见 。
references/hardening_roadmaps_and_evidence.mdOutputs
输出成果
- OT security charter — scope, RACI, safety gates, escalation to operations and IT IR
- Zone/conduit diagram — Purdue levels, data flows, remote access paths, crown jewels
- OT asset register — device class, firmware, zone, owner, criticality, connectivity
- Vulnerability and patch register — CVE/vendor advisory, risk, compensating control, change window
- Secure remote access design — vendor access, session controls, logging, break-glass
- Detection use-case list — protocol anomalies, engineering changes, remote sessions (high level)
- OT IR playbook outline — safety hold points, isolation options, evidence preservation
- Standards gap matrix — IEC 62443 / NIST 800-82 mapping with prioritized remediation
- Hardening roadmap — phases, dependencies, metrics, validation criteria
- Executive OT security brief — posture, top risks, test results (not legal or safety certification)
- OT安全章程——范围、RACI矩阵、安全闸门、向运营及IT事件响应团队的升级流程
- 分区/通信管道图——普渡层级、数据流、远程访问路径、核心资产
- OT资产登记册——设备类别、固件、分区、所有者、关键度、连接性
- 漏洞与补丁登记册——CVE/供应商公告、风险等级、补偿控制、变更窗口
- 安全远程访问设计方案——供应商访问、会话控制、日志记录、应急访问
- 检测用例清单——协议异常、工程变更、远程会话(高级层面)
- OT事件响应剧本大纲——安全暂停点、隔离选项、证据留存
- 标准差距矩阵——IEC 62443 / NIST 800-82映射及优先级整改
- 系统加固路线图——阶段、依赖关系、指标、验证标准
- OT安全高管简报——安全态势、顶级风险、测试结果(非法律或安全认证)
Principles
原则
- Safety and availability first — never recommend actions that could trip plant, endanger people, or violate site safety rules without operations approval
- No unsafe live-plant testing — prefer passive assessment, documentation review, lab replicas, and vendor-supported validation
- Assume brittle systems — patches, scans, and aggressive active tests can fault controllers; plan compensating controls
- Separate IT and OT evidence — corporate SOC findings do not equal OT coverage; document zone boundaries
- Coordinate with operations — process engineers and electricians own physical consequences; security owns risk framing
- Document accepted risk — deferred patches and legacy protocols need explicit sign-off and monitoring
- 安全与可用性优先——未经运营团队批准,绝不推荐可能导致工厂停机、危及人员安全或违反现场安全规则的操作
- 禁止不安全的现场工厂测试——优先采用被动评估、文档审查、实验室复现及供应商支持的验证方式
- 假设系统脆弱——补丁、扫描及激进的主动测试可能导致控制器故障;需规划补偿控制措施
- 分离IT与OT证据——企业SOC的发现不等于OT覆盖;需记录分区边界
- 与运营团队协同——工艺工程师及电工承担物理后果责任;安全团队负责风险框架制定
- 记录已接受的风险——延迟补丁及遗留协议需获得明确签字认可并进行监控