Index

Vol. 77, No. 3, May 2022

Special Reports

Security Technologies Supporting Progress of Cyber-Physical Systems

ISHII Hideaki

AMANO Takashi / OKADA Koji

To contribute to the realization of a sustainable society, the Toshiba Group has set the goal of becoming a company supporting the evolution of social infrastructure and industrial systems through the utilization of digital technologies. In this context, the ongoing shift to cyber-physical systems (CPS) that fuse cyberspace and physical space technologies has led to a recent trend in which not only conventional information technology (IT) systems but also operational technology (OT) systems are facing growing threats from cyberattacks on physical space via cyberspace.

We are responding to this situation by making efforts to enhance our cybersecurity management systems so as to cater to the needs of social infrastructure and industrial systems, while developing cybersecurity services and technologies so as to support the entire supply chain from system development to operation in cooperation with our customers and partners.

KUMAZAKI Yuichiro / FUKUI Yoshihiro

Toshiba IT-Services Corporation has been developing and delivering security monitoring services targeted at information technology (IT) systems. Accompanying the increase in demand for effective utilization of data collected by operational technology (OT) systems in infrastructure facilities and factories by directly connecting IT systems to OT systems, there is a growing need for enhanced countermeasure techniques to protect OT systems from cyberattacks.

With this as a background, we have developed an unauthorized access detection technique for OT systems utilizing our intrusion detection system (IDS), which has already established a long track record in the field of IT systems. We are now conducting verification tests with the aim of applying this technique to security monitoring services for OT systems.

OYA Toshiharu / HARADA Takashi / MURATA Jin

In order to protect operational technology (OT) systems from increasing cybersecurity risks, the Toshiba Group is continuing its efforts to offer security operation center (SOC) services for OT systems.

We have been actively focusing on improving the quality of these SOC services through the development of monitoring technologies to efficiently provide system owners with measures against cyberattacks. These technologies include a security monitoring platform to investigate and narrow down the causes of alerts from security sensors installed in the OT system, and a risk assessment method to evaluate the resultant impact on the OT system. In addition, we have constructed a verification environment assuming cyberattacks on various OT systems in operation using design simulators for power generation and transformation systems.

TOYAMA Haruhiko / MORITA Akira / NAGAMINE Tomoki

Operational technology (OT) systems for critical social and industrial infrastructures in Japan have been facing global security threats including cyberattacks as a consequence of the increasingly widespread utilization of Internet technologies in these areas. In particular, as it is difficult to generally apply security measures for information technology (IT) systems to such OT systems, demand has been rising for security management and operations dedicated to OT systems.

In keeping with the worldwide trend toward the development of guidelines and leading-edge cybersecurity technologies for OT systems, Toshiba Digital Solutions Corporation is offering various solutions for the realization of security management and operations adapted to both OT systems and their operational environments in Japan by integrating the following functions: (1) visualization of assets, protocols, and vulnerabilities; (2) abnormality detection; and (3) network boundary protection using a physical unidirectional communication method.

SATSUKAWA Mitsuaki / FUKUOKA Hiroki / HATANAKA Issei

The progress of cyber-physical system (CPS) technologies in processing large volumes of data generated in the physical space has given rise to the need for enhanced security measures for the authentication of users, devices and systems, and programs in various situations.

Toshiba Infrastructure Systems & Solutions Corporation has developed and released the following security solutions based on authentication, encryption, and key management technologies cultivated through the development of integrated circuit (IC) cards and peripheral systems: (1) the BISCADE card and BISCADE dongle, comprising security devices that achieve multi-factor authentication through the combination of a possession factor with biometrics in a single package; (2) the CYTHEMIS Internet of Things (IoT) security solution, which makes it possible to network devices that lack adequate security measures; and (3) the AKTEGRIS security solution, which ensures the validity of firmware at the time of online updates. These security solutions are contributing to enhanced security of customers’ devices and systems.

KANAI Jun / TAKUMI Shinya / UEHARA Tatsuya

Accompanying the ongoing shift to cyber-physical system (CPS) technologies in operational technology (OT) systems for social infrastructures, the movement toward the application of container-based virtualization technologies such as Docker™, which make it possible to easily manage and update software operating in cloud systems, has recently accelerated. However, instead of using deny lists for execution control as employed in information technology (IT) systems, execution control technologies using allow lists have been commonly adopted as security measures for OT systems due to their advantage of stable long-term operation. Demand has therefore been increasing for enhanced security measures appropriate for such container-based virtualization technologies operating in OT systems so as to realize the frequent updating of allow lists.

Toshiba Corporation has now developed a container-based virtualization technology that ensures the security of Docker™ and incorporated it into WhiteEgret, an allowlisting execution control solution. This makes it possible to achieve stable long-term operation of CPS systems by denying the execution of malware in containers, taking advantage of the characteristics of container-based virtualization technologies that can flexibly update multiple programs in containers.

GENJIMA Tomoaki / IMIZU Ryo

Accompanying the expansion of cyber-physical systems (CPS), a strong need exists for the protection of people’s lives and corporate activities against cyberattacks on the physical spaces of CPS via cyberspace. Demand has consequently arisen for risk management systems that can take responsibility for each phase of the life cycle of CPS systems and services. However, various problems must be overcome including a lack of experienced personnel in this field, costly and time-consuming analysis and estimation work, and differences in the analysis results obtained by personnel having different experience levels and skills even when the same method is used.

With this as a background, the Toshiba Group is continuously developing and improving risk assessment methods that allow even inexperienced personnel having a certain level of skill to obtain results equal to or better than those obtained by experienced personnel. These methods are expected to contribute to the realization of CPS with improved security.

AOKI Satoshi / HARUKI Hiroyoshi / SATO Toshiyuki

In order to protect various systems from cyberattacks, it is essential to implement risk assessment and to adopt security measures appropriate for each type of attack. The need for accurate risk assessment has led to increasing demand for evaluation of the effects of cyberattacks on target systems and the difficulty levels of such attacks by actually conducting cyberattacks, in addition to the inspection of vulnerabilities. However, issues have been pointed out regarding the evaluation of cybersecurity from the standpoint of attackers, which is currently being carried out by only a limited number of experts with technical know-how referred to as ethical hackers.

To rectify this situation, the Toshiba Group is engaged in research and development aimed at realizing cyberattack emulation technologies that make it possible to automatically conduct offensive security tests. As part of this work, we have conducted studies on vulnerabilities of multifunctional peripherals (MFPs) equipped with multiple external interfaces as a motif. Based on the results of vulnerability assessments including offensive security tests carried out by an expert, we have clarified the test items for which assessments need to be performed either automatically or manually.

KAWABATA Takeshi

With the progress of cyber-physical systems (CPS), people and society in the physical space are facing security threats from cyberattacks via cyberspace. In order to minimize the effects of security risks, it is necessary to strengthen communication between service providers and customers by exchanging information associated with their risks. However, the difficulty encountered in such risk communication due to the different expressions of standards and guidelines adopted in each business field is a serious issue.

The Toshiba Group has created the Toshiba IoT Reference Architecture (hereafter abbreviated as TIRA) as a common platform to promote the development and operation of CPS, and has established its proprietary security standard for TIRA based on the Cybersecurity Framework (CSF) formulated by the National Institute of Standards and Technology (NIST) of the United States and the Cyber/Physical Security Framework (CPSF) formulated by the Ministry of Economy, Trade and the Industry (METI) of Japan. As part of these efforts, we have developed evaluation profiles compliant with TIRA for TOSHIBA SPINEX CPS products and services in the energy field so as to facilitate risk communication with customers.

HANATANI Yoshikazu / YONEMURA Tomoko / IKEDA Tatsuro

Data services are expected to provide new added value by making effective use of a wide variety of data generated in the physical space. Therefore, the protection of such data against security risks in compliance with different regulations and guidelines in Japan and other countries, as well as in diverse service business fields, has become increasingly important.

The Toshiba Group has defined security requirements and a reference architecture for data management platforms in order to provide highly secure data services in compliance with regulations and guidelines. We have prototyped some of the functions of a genome information platform and confirmed that the basic performance of the platform is attained.

AKIYAMA Koichiro / TANIZAWA Yoshimichi

Conventional cryptographic technologies supporting information security have begun to be compromised in recent years with the advent of quantum computers. Efforts toward the development of new cryptographic technologies are therefore being actively promoted in Japan and other countries.

As a solution to this social issue, the Toshiba Group has developed the following two cryptographic technologies as measures against cryptanalytic attacks with the advent of quantum computers: a cryptographic communication technology using quantum key distribution (QKD) equipment, which enables the transmission of highly confidential data while also offering high-speed performance, stability, and interoperability; and a lightweight post-quantum cryptography (PQC) technology with a small public key, which can be implemented even in low-end devices. We are aiming to realize highly secure networks by making full use of these technologies.

Feature Articles

KAWAMOTO Shinya / OKA Masaaki

A large number of control cables are used to transmit signals between equipment and control panels in electric power facilities including power generation plants and substations. However, as detailed data on such cable connections still depend on paper-based control cable drawings, these data not only require considerable time and effort for maintenance but also cannot be used as digital data at sites.

Toshiba Energy Systems & Solutions has developed a control cable management tool that contributes to improved efficiency of maintenance and other work at sites. This tool makes it possible to convert paper-based information related to control panels, terminal boxes, cables, and their connections to a digital format and to export necessary data and drawings as easy-to-use digitized data.

TAKIGUCHI Takeru / MATSUMOTO Yuji

In the logistics and physical distribution field, the growing volume of articles being handled accompanying the expansion of e-commerce has resulted in increases in both the number and size of physical distribution bases. Demand has therefore been rising for the improvement of work efficiency and introduction of automated processes for picking large numbers of articles from shelves in physical distribution warehouses in order to reduce the burden on workers engaged in shipping operations.

The Toshiba Group is responding to this situation by developing shelf picking robot systems to provide goods-to-person picking solutions in physical distribution warehouses. We have designed software for such shelf picking robots that can contribute to the overall optimization of operations in physical distribution warehouses by optimizing robot operation planning and shipping order preparation and by facilitating collaboration with the warehouse execution system (WES).

Frontiers of Research & Development

Automated Work Progress Estimation Method Based on Information on Workers’ Movements and Product Status Using Image Recognition Technology


*Company, product, and service names appearing in each paper include those that are trademarks or registered trademarks of their respective companies.