Cybersecurity for Industrial Control Systems (and Introduction to RISEC/AIST)

Industrial Control Systems (ICS) including Smart Grid and SCADA (Supervisory Control And Data Acquisition) systems are indispensable to the current industry, critical infrastructures and smart cities. On the other hand, the target of cyber attacks is moving toward critical infrastructures due to the huge impact after exploitation. The strategy of attacks is also moving to persistent and targeted rather than casual and non-targeted.

Industrial Control Systems used to be isolated from public networks and consisted of specialized systems, such as special purpose OS and original network protocols. They are, however, gradually replaced with general purpose systems, such as versatile OS and standard network protocols, to increase the interoperability and connectivity with other systems in office and management networks. Adaptation of general purpose systems can reduce the cost, but it enlarges the risk of cyber attacks exploiting vulnerabilities of general purpose systems. Even if the network is isolated, it is targeted by way of USB memories, brought PCs for maintenance and so on, such as Stuxnet. The requirements for ICS include high availability and a long life cycle, and they hinder the rapid application of security patches and counter measures against newly found vulnerabilities.

In this talk, we summarize and explain potential threats and their counter measures introducing activities in Japan including R&D, validation of components, standardization, enlightenment and so on, to enhance the security of ICS.
Prof. and Dr. Kazukuni Kobara is the Leader of Control System Security Research Group at Research Institute for Secure Systems (RISEC), National Institute of Advanced Industrial Science and Technology (AIST), as well as a Visiting Professor at Chiba Univ. Japan