Accompanying the ongoing shift to cyber-physical system (CPS) technologies in operational technology (OT) systems for social infrastructures, the movement toward the application of container-based virtualization technologies such as Docker™, which make it possible to easily manage and update software operating in cloud systems, has recently accelerated. However, instead of using deny lists for execution control as employed in information technology (IT) systems, execution control technologies using allow lists have been commonly adopted as security measures for OT systems due to their advantage of stable long-term operation. Demand has therefore been increasing for enhanced security measures appropriate for such container-based virtualization technologies operating in OT systems so as to realize the frequent updating of allow lists.
Toshiba Corporation has now developed a container-based virtualization technology that ensures the security of Docker™ and incorporated it into WhiteEgret, an allowlisting execution control solution. This makes it possible to achieve stable long-term operation of CPS systems by denying the execution of malware in containers, taking advantage of the characteristics of container-based virtualization technologies that can flexibly update multiple programs in containers.