1
Cyber-Security
for Critical Infrastructures
Atsuhiro Goto
President and Professor,
Institute of Information Security (IISEC)
Program Director for SIP,
Cabinet Office, Government of Japan
2
Agenda
Cross-Ministerial Strategic Innovation Promotion
Program (SIP) Overview
SIP “Cyber-Security for Critical Infrastructures”
IISEC as Cybersecurity Capacity Building
Leader
Cyber-Attacks to Critical Infrastructures
Cyber Attack
Critical Infrastructures
NISC designates 13 domains
Chemical Industry
Gas
Finance
Public Service
Communication
Logistics Oil Credit
Railroad ElectricityAviation
Medical Service Water
3
SIP Program 2015FY – 2019FY
“Cyber-Security for Critical Infrastructures”
Technologies to strengthen “organizational capability”
Core technologies for secure infrastructures and IoT systems
by boosting their “cyber-security immunity”
4
The 11th SIP program launched in Jan. 2016 (to Mar. 2020)
Annual Budget: around ¥2.5 B ($24M)
Goals are:
globally competitive critical infrastructure systems
supported by advanced cyber-security technologies
contribution to the safe and secure Tokyo 2020 Olympic
and Paralympic Games and Society5.0.
Project Organization for
“Cyber-Security for Critical Infrastructure”
Japanese Government
Cabinet Office
PD: Atsuhiro Goto
METI / NEDO
Corporations
(NTT group, Fujitsu,
Hitachi, Mitsubishi,
Panasonic, Renesas
and others)
National R&D
Institutes
(AIST)
and Industry
Consortium
(ECSEC, CSSC)
Universities
(Keio Univ.
and others)
Promotion Committee
Chair: PD (Atsuhiro Goto)Secretariat: Cabinet Office
Members:
Experts in critical infrastructure
operators, and academia,
NISC, MIC, METI, other related
ministries and agencies
Cybersecurity
Technology WG
System Operation and
Information Sharing WG
Certification and related
regulation WG
Cybersecurity capacity
building WG
Subsidy
R&D Teams
5
NEDO: New Energy and
Industrial Technology
Development Organization
Cybersecurity Risk in Critical Infrastructure
6
Operation Center
Generator
Substation userSubstation
SubstationSubstation User
Infrastructue
FacilitiesSubstation
Control NetworkControl Servers, Control
Switches, etc.
Office Env.(IT)
Cybersecurity Risk in Critical Infrastructure
7
Operation Center
Generator
Substation userSubstation
SubstationSubstation User
Infrastructue
FacilitiesSubstation
Control NetworkControl Servers, Control
Switches, etc.
Cyber attack(in maintenance)
False dataCyber attack(embedded mal-function)
False command
False command
False command
malfunction
mulfunction
Vulnerable maintenance
port and/or terminal
Risk in System
Development
Office Env.(IT) Malware (ex. Stuxnet)
Cyber attack
Boosting Immunity of Facilities and Organizations
Attackerattack
Authenticity verification and
anomaly detection for
infrastructure facilities, suitable
for long lifecycle equipment
and IoT with tiny devices
StopStop
Best of breed from
the world: Anti-Virus,
IDS, IPS, Firewalls
“Armor” techs
Information Sharing
Other operators
Critical Infrastructure Facilities
“Immunity” techs
Increase self-sufficiency Prompt operators initiative
Intrusion
Human Res.
Development
Org. Capability
8
R&D “Cyber-Security for Critical Infrastructure”
9
Boost Cyber-security “Immunity” in Large-scale Control Network
• Authenticity and integrity monitoring technologies based on authenticity verification platform
• Behavior monitoring/analysis technologies for long life-cycle infrastructure systems where new and old equipments are working together
Strengthen Cyber-security for Future IoT Systems
• Anomaly detection and monitoring technology by means of IoT gateways
• Ultra-low power cryptography implementation technology for tiny IoT devices
Enhance “Organizational Capability” of Critical Infrastructure Operators
• Security framework strategy to support core technology dissemination
• Information Sharing Platform Technology
• Development of Human Resources for Cybersecurity
Risk in System Development and Operation
malwareParts
manufacturer
Assembling
Shipping
Installing
Configuring
Software
Installation
10
Risks of mal-operation
in system deployment
Risks of malware
intrusion during operation
mal-hardware
Risks in
Supply-chain
Authenticity verification platform
11
Control Networks
Detection of mal-operation
in system deployment
Detection of malware intrusion
during operation
Authenticity verification platform
based on chain of trust
Security module as
base of trust
Future Critical Infrastructure with IoT
12
Authenticity and integrity monitoring technology
can strictly monitor integrity (detect unauthorized change) of the
software on network and equipment
Anomaly detection and monitoring technology for IoT devices
can automatically adapt to a wide variety of IoT devices and perform
high-precision analyses of cyberattacks including unknown cyberattacks
Control Network
Cloud ServersOperation Center Root of Trust
Analysis
Server
IoT Gateway
IoT Gateway
IoT Gateway
Equipment
vendor
IoT network Infrastructure Facilities
Network Traffic and
Device information
Chain of Trust
Authenticity
verification
platform
Operator a
Information Sharing to enhance Organizational Capability
13
Shares
information
Sector AInformation Sharing
Structure
Sector BInformation Sharing
Structure
Important Infrastructure FieldsCross-Sector Information Sharing
Structure
Operator b
Division α
Division β
SOC/CSIRT
Threat Intelligence
Vulnerable Information
Division α
Division β
SOC/CSIRT
Information Sharing Platform in SIP
14
To Prompt Operators Initiative
Sharing Tools
◆Use STIX, TAXII for
global information
sharing
◆Ease of use on-site
Users’ Guide
◆Operation manuals
for OT engineers
◆Use in support of
security measure
establishment
Grand Design
◆Motivate
information sharing
◆Strategy for cross-
sector information
sharing
Summary of the SIP program
The goals of 11th SIP program “cyber-security for
critical infrastructures” are:
– globally competitive critical infrastructure
systems for Society5.0
– contribution to the safe and secure Tokyo
2020 Olympic and Paralympic Games.
The SIP program focuses on R&D of:
– core technologies to boost “immunity to cyber
attacks”
– platform to enhance “organizational capability”
15
17
Institute of Information Security
Graduate School specializing in
Information Security founded in 2004.
Master’s Degree (Informatics)
Ph.D.(Informatics)
Most students, about 80%, are working
adults in governments, industries, etc.
FSA, MoD, NPA, JCG, and others
NTT group, Hitachi, NEC, JRs, banks, and
leading manufacturers..
By March 2018, 363 Masters & 33
Ph.D. They play an active part in the
information security fields in Japan.
http://www.iisec.ac.jp/
PresidentAtsuhiro Goto
18
Integrated and Practical Education and
Research at Graduate School, IISEC
Security and Risk Management
Cybersecurity & Governance
System Design
Mathematical Science
Technology
orientedSocial Science
oriented
19
IISEC Graduate School Curriculum
Internet Technology
Cyber-security Techniques
Network System Design and Operation
Management
Law and Ethics in Information Security
Introduction to Legal Study
Intellectual Property System
Legal Cases in Information Security
Individual Identification and Privacy
Protection
Cybersecurity Threat Intelligence
Cybersecurity & Governance
Capture The Flag(CTF)
Incident Response & CSIRT Basics
Practical Secure Systems
Advanced Secure Systems
Hands-on Exercises
Network Security Technology
Web Application Inspection and
Vulnerability Countermeasure
Digital Forensic
Cryptography, Authentication and
Social Systems
Cryptographic Protocol
Algorithms Basics
Basic Number Theory
Theory of Cryptography
AI and Machine Learning
Mathematical Science
20
IISEC Graduate School Curriculum
Statistical Research Methods
Statistical Risk Management
Risk Economics
Risk Control and Mass Media
Security Auditing
System and Security Audit
Information Security Management
System
Security Management and
Business Administration
Risk Management
Organizational Behavior and
Information Security
International Standards and
Guidelines
Security and Risk Management
Programming
Software Design
Operating Systems
Information Devices Technology
Information Systems Design
Secure System Architecture
Secure Programming and Secure
Operating Systems
Practical IoT Security
Systems Design
21
enPiT: educational networking program cultivating practical IT
human resources by Japanese leading universities and industry
collaboration subsidized by MEXT
enPiT/SecCap to enPiT-Pro/ProSec-X
enPiT / SecCap
Graduate School (MS)
Fund 2012-2016
IISEC, Tohoku-U, JAIST, NAIST, Keio-U
enPiT2 / Basic SecCap
Undergraduate
Fund 2016-2020
Tohoku-U and others
enPiT-Pro /
ProSec-X
Professions (Working adults)
Fund 2017-2021
IISEC and othersMEXT : Ministry of Education, Culture, Sports,
Science and Technology
22
IISEC : Cybersecurity Capacity
Building Leader
Cybersecurity
Expert
Beginner Course (MOOC)
Doctor Course
Master Course
enPiT1 security
(SecCap)
enPiT-Pro
(ProSec-X)
Education at Graduate School
Education for
Industry and
Government
Education for
young people
Technologist and Manager
with Cybersecurity Practice
Supremo
Advisory Committee
of Cabinet, others
enPiT2 security
(Basic SecCap)
23
Thank you very much
Cross-Ministerial Strategic Innovation Promotion
Program (SIP) Overview
SIP “Cyber-Security for Critical Infrastructures”
IISEC as Cybersecurity Capacity Building Leader
Atsuhiro Goto