Vol. 80, No. 4, July 2025

SHIMADA Taro

SATA Yutaka

AMANO Takashi

OKADA Koji / SHIMODA Shuichi

Cyber-physical systems (CPS) that fuse cyberspace and physical space technologies at a high level have been introduced with the expansion of digital transformation (DX) in production facilities and the social infrastructure field. On the other hand, the connection of various systems via the network has recently been accompanied by higher cybersecurity risks of such CPS systems, leading to the intensification of cyberattacks. Furthermore, demand has also been increasing for new security measures accompanying the technological innovations in the field of quantum computers.

The Toshiba Group has been taking the initiative in developing and implementing necessary security measures to enhance cyber resilience of a connected society through the use of safe and secure data so as to help realize  carbon neutrality and a circular economy.

GENJIMA Tomoaki / MURATA Atsushi / IHA Shun

In production facilities and the social infrastructure domain, operational technology (OT) systems are subject to specific security restrictions including utilizing legacy equipment reaching the end of its service life, specific platforms, limited communication visibility, ensuring system availability and safety, and strict compliance with security regulations. However, there has previously been no established systematic methodology to efficiently and effectively implement security measures throughout the life cycle of OT systems.

With this in mind, the Toshiba Group has devised an integrated consulting process development method to systematically provide customers with a one-stop solution from risk assessment to security introduction and operation by making full use of its high-level control technologies cultivated through experience in OT system development and operations. This method makes it possible to introduce optimal OT security measures into existing systems using templates and sample documents to fill in requests to customers, and via modelling methods, helping achieve sustainable, stable system operations.

KURODA Hidehiko / OHASHI Kenichiro / TSUJI Hisashi

In recent years, control systems have faced growing threats from cyberattacks along with the spread of general-purpose protocols and advancing information and communication technologies. To maintain the integrity and availability performance of control systems, demand continues to grow for the prevention of cyberattacks,  for greater resilience to minimize the effects on control systems, and for rapid recovery when encountering cyberattacks.

The Toshiba Group has developed a security training system for control systems and launched a security training service incorporating the following features: (1) a role-playing method using control system simulators allowing users to realistically  experience pseudo cyberattacks, and (2) coverage of cyberattack handling processes, including detection, analysis, countermeasures, and system restoration, while tackling system operations and communication data and log analyses. The service equips users with proper systematic countermeasures against cyberattacks, contributing to training and educating personnel.

KANAI Jun / UEHARA Tatsuya / KITO Toshiyuki

In line with recent trends obligating businesses to submit a software bill of materials (SBOM) and quickly respond to software vulnerabilities in various countries, manufacturers providing multiple customers with various products have found it necessary to efficiently address vulnerabilities with a product security incident response team (PSIRT).

To improve the vulnerability handling processes, Toshiba Corporation has developed the following techniques: (1) a vulnerability screening technique to judge whether vulnerabilities impact the target product based on the matching results between SBOM and the information on vulnerabilities through the use of natural language processing techniques, and (2) an environment evaluation technique to estimate the magnitude of the impact based on security measures information introduced to the target product. Through evaluations of vulnerability handling costs based on interviews with experts, we have confirmed that these techniques can reduce the vulnerability handling workload up to 94%.

FUKAI Eigo / AMAKI Satoru / KANAI Jun / ITO Yu

The trend of introducing instrumentation cloud services that facilitate collaboration between operational technology (OT) and information technology (IT) data is accelerating with the aim of driving advancements in digital manufacturing. Cloud-based programmable logic controllers (PLC) on the instrumentation cloud service of digital manufacturing solutions are playing a key role in these services, however, introducing further enhanced security measures compared to conventional OT systems using hardware-based PLCs is essential because they control devices used in OT systems from a control core via the Internet. 

The Toshiba Group has conducted asset-based security threat analyses compliant with guidelines published by the IPA (Information-technology Promotion Agency, Japan). Founded on the results of analyses, we have achieved practical implementation of security measures appropriate for the instrumentation cloud service of digital manufacturing solutions along with zero-trust architecture approaches.

FUJIMATSU Yurie / FUKUJU Yasuhiro / SONE Yuki

The popularization of operational technology (OT) systems applying software-defined technologies, which facilitate the addition and expansion of functions and software updates in conjunction with cloud computing, continues to grow as an alternative to conventional standalone OT systems in line with ongoing advances in information technologies (IT). However, the increasing of these OT systems is accompanied by new security risks due to the use of cloud systems.

The Toshiba Group is developing technologies to design and implement security measures on OT systems in conjunction with cloud systems by applying software-defined technologies. We have applied them to the ELCLOUD elevator cloud service developed by Toshiba Elevator and Building Systems Corporation, contributing to safe and secure elevator operation.

KAWABATA Takeshi / FURUKAWA Ayaji

To achieve carbon neutrality and promote a circular economy, it is necessary to provide stakeholders with information on carbon dioxide (CO₂) emissions, chemical materials, etc., so it is essential for them to understand the environmental impact of the entire supply chain from raw material procurement to product delivery. However, access to such information, data exchange, and ensuring reliability have proved challenging between companies without direct business relationships.

To address these issues, the Toshiba Group participates in the development of trust frameworks in Japan and abroad. Based on the knowledge acquired from these activities, we have expanded the methods to establish a trust framework among three, or more companies. We will implement these methods to help maintain consensus with our supply chain stakeholders.

TOSHIMITSU Kiyoshi / KATO Masakazu / HATANAKA Issei / TANI Yuji

The growing threat of cyberattacks on hospitals, including unauthorized access from outside, has had a major impact on medical treatments in recent years. However, as it is difficult to update individual medical equipment used in hospitals to the latest operating system (OS), there is an increasing need for continuous cybersecurity measures essential for hospital information systems, with two-factor authentication also being essential.

In response, Toshiba Corporation has applied the CYTHEMIS Internet of Things (IoT) security solution to hospital information systems, making it possible to securely network equipment without built-in security measures. We have confirmed that it is effective in preventing unauthorized access to medical equipment used in hospital information systems through real-world testing in cooperation with Asahikawa Medical University Hospital. We have also confirmed that the BISCADE biometric authentication card makes it possible to achieve two-factor authentication system at a lower cost than an authentication system combining integrated circuit (IC) card authentication with face authentication, which is already used at the hospital.

YAMAGUCHI Yuki

The Toshiba Group is engaged in introducing automated tests to ensure the quality of software and shorten development cycles. However, even automated tests tend to prolong the development period due to a large number of regression tests which consume a considerable amount of time.

To address this issue, Toshiba Corporation has developed SmallTests, an optimal test selection service capable of selecting tests related to changes in the source code based on code coverage information during test execution using information on source codes changed during the software development process. Evaluation experiments applying SmallTests to the Defects4J bug dataset have confirmed that it reduces the number of executed tests of a minimum 21.0% and maximum 99.1% score, respectively, compared with our conventional process.