CPS security menu
CPS security business
HOME
Handling Manufacturer
solution·
service
column·
example
Document
event·
seminar
Inquiry
column
example

*This column is from the Webinar held on Friday, June 25, 2021.
This is a lecture report of [The "first step" of IoT security measures - learning from Panasonic product security efforts - what the manufacturing industry should be -].

<Character name / position>
Panasonic Corporation
Product Security Center Planning Department Manager and Security Administration Department Manager
Mr. Tetsuya Matsumoto

Cybersecurity is a business strategy

This time, Panasonic's Tetsuya Matsumoto gave a lecture titled "Panasonic's IoT Security - Protecting Panasonic and Changing Its Strengths." As this title indicates, Mr. Matsumoto's lecture will firmly protect the safety and security of your company's brand and customers from the threat of cyberattacks, and make strong protection a source of added value or competitiveness for your products. From this point of view, Panasonic's IoT security initiatives were introduced in detail.

Needless to say, Panasonic is one of Japan's leading manufacturers, with annual sales of approximately 7 trillion yen and approximately 240,000 employees worldwide. Currently, we have established an in-house company system, and the five business domains are handled by the Appliances Company, the Connected Solutions Company, the Industrial Solutions Company, the Automotive Company, and the Life Solutions Company.

The Product Security Center, which consists of about 100 staff, is responsible for security measures for products (products, services, solutions) in such a company.

“For the Company, cyberattacks are as serious a risk as natural disasters/accidents, serious fraud, and quality. Among them, the Product Security Center positions "risk minimization" and "incident response" as the two pillars to ensure the safety, security and competitiveness of our products. While working closely with related organizations inside and outside the company, we are promoting initiatives to minimize risks and deal with indentation. I'm pouring," (Mr. Matsumoto).

Minimize Product Security Risks Before Shipment

Among the "two pillars" that Mr. Matsumoto calls "risk minimization," it is an effort to prevent products from being shipped with security vulnerabilities mixed in. "Threat analysis", "security design", "secure coding / static analysis", "security diagnosis / product review" at each stage of "planning", "design", "implementation", and "diagnosis (test)", which are processes before product shipment. Taking countermeasures is defined as a company-wide rule and is being carried out.

For security diagnosis, we have been using VDOO, an automatic firmware diagnosis solution provided by Macnica networks since 2020.

“the Company excels not only in diagnosing firmware vulnerabilities, but also in automating consistency checks between firmware SBOM (software bill of materials) information and IoT security standards. We are also deploying diagnostics using VDOO in conjunction with conventional penetration and fuzzing tests,” says Matsumoto.

Respond to Incidents with PSIRT

On the other hand, "incident response," another of the two pillars that support product security, refers to efforts to quickly detect, respond, and restore in the unlikely event that a security incident occurs in a product after it is shipped. increase. To achieve this, services such as incident response and security monitoring are being developed.

The Panasonic-PSIRT (Product Security Incident Response Team) located within the Product Security Center plays a central role in this effort.

Panasonic-PSIRT functions as a point of contact for coordination and coordination with internal and external parties in order to promptly respond to incidents that occur in products and vulnerabilities pointed out by external sources. Specifically, Panasonic-PSIRT collectively accepts vulnerability reports from security vendors, software vendors, ISPs/telecommunications carriers, universities/research institutions, and even individuals. In addition, in cooperation with the IRTs of each in-house company and overseas bases, we have each in-house company handle the vulnerability and inform the reporter of the vulnerability about the response information. By the way, Mr. Matsumoto adds that the details of the vulnerability information handling (management) process are as follows.

(1) Register the information of the product developed by the developer in the system (product information database) in SBOM format

(2) The system automatically collects public vulnerability information (PSIRT registers in the system undisclosed vulnerability information discovered within the company)

(3) The system detects the relevant product by matching SBOM information and vulnerability information

(4) The system automatically notifies the developer of the relevant product of the detection result

(5) Vulnerability response status is managed on the system

Focusing on pioneering technology development and SOC deployment

According to Matsumoto, Panasonic is also making more pioneering efforts in IoT security. One is the construction of an IoT Threat Intelligence Platform, and the other is the development of monitoring technology for each business field and the deployment of an IoT-SOC (Security Operation Center).

In order to realize the IoT Threat Intelligence platform, we will deploy honeypots around the world to observe cyberattacks on home appliances, collect and analyze malware targeting home appliances, and analyze the results. We are developing activities such as utilizing this to strengthen the security of IoT products.

From November 2017 to December 2020, there were nearly 800 million attacks on the honeypots already installed by Panasonic, and more than 71,000 pieces of malware (of which more than 23,000 were IoT malware) could be collected. Mr. Matsumoto clarifies that there is, and continues as follows.

"By collecting such a huge amount of malware, we intend to improve the threat intelligence of IoT and home appliances and apply it to the development of defense modules."

On the other hand, regarding the development of monitoring technology and the deployment of the IoT-SOC (Security Operation Center), we have already started operating the SOC that performs security monitoring (abnormality monitoring and detection) at Panasonic factories. In addition, as an initiative to ensure building automation security, we are working with Mori Building on joint research and demonstration experiments on a mechanism to detect abnormalities in building control commands, and we are working with Tokyo Tatemono to demonstrate security solutions for building automation systems. It is said that the experiment will start in January 2020. In addition, we are planning to build and commercialize a vehicle security monitoring center (vehicle) SOC jointly with security vendor McAfee.

“Today, IoT devices are exposed to a huge number of attacks. We intend to focus on the development of technologies and systems to raise the level of security, as well as human resource development." (Mr. Matsumoto)

Start IoT/OT security measures with Macnica networks solutions

In this webinar, the OT/IoT solutions provided by Macnica networks were also briefly introduced. One of the solutions introduced was "VDOO," which is also used by Panasonic, and the other was "FORESCOUT."

Today, in line with the concept of "Society 5.0" launched by the Japanese government, cyberspace and physical space are integrated, and data collected from physical space through IoT is analyzed on the cloud (or virtual space, etc.). There is a growing movement to realize a society in which people can live more comfortably by intelligently controlling physical space.

In this trend, for example, factory OT, which has been isolated from the Internet or corporate IT networks (OA networks), is now connected to the Internet, and as a result, it is beginning to be exposed to the threat of cyberattacks. . Similarly, a huge number of IoT devices and information appliances that are premised on Internet connectivity have spread widely throughout society, making them easy targets for cyberattacks.

Detect and respond to OT attacks early

In fact, in terms of attacks on OT, in February 2021, a water supply facility in the United States was damaged by a cyberattack, and in May, a cyberattack (attack using ransomware) destroyed a meat processing company's factory. has been forced out of business. At the same time, oil pipelines also suffered real damage from similar cyberattacks.

If OT is attacked in this way and the factory line is forced to stop for a long time, there will be a huge economic loss. There is also the risk of life-threatening accidents if cybercriminals take over the OT environment and gain unauthorized control. Therefore, there is a strong need to increase the speed from detection to response to OT attacks.

FORESCOUT is the solution to solve such problems. This solution makes it possible to detect attacks by catching unauthorized communications occurring on the OT network at an early stage, quickly identify the extent of the attack's impact, and prevent the spread of damage.

Protecting the safety and security of society and life with VDOO

On the other hand, as mentioned in Mr. Matsumoto's lecture, Vdoo is a solution that provides a firmware diagnosis function. It is a mechanism to protect In addition to the firmware diagnosis function, it also has a function to detect and block unknown attacks on IoT products using a protection agent, and a function to notify when new vulnerabilities are found in IoT products. .

Like attacks on OT, attacks on IoT devices are dangerous and can lead to life-threatening situations. By using Vdoo, device manufacturers can avoid or greatly reduce such risks.

Contact Us