Cyber Security Center
PG-SIRT Group CISSP
Masaru Tanaka

Cyber Security Center
PG-SIRT Group
Incident Response Team Leader Mr. Takashi Kosuge

Increasing threats to industrial systems
Immediate need to strengthen security measures ahead of the Tokyo Olympics

As a power transmission and distribution business company of the TEPCO Group, TEPCO Power Grid supplies power through its power transmission and distribution network in the Tokyo metropolitan area, which is the center of Japan's industry and economy. The amount supplied is equivalent to about one-third of Japan's total supply, and it is said to be the world's top class for its advanced technology and high reliability. It is also promoting a plan to install 27 million smart meters in all areas of the group by 2020.

Security measures to prevent terrorism and cyberattacks are one of the top priorities for the company, which is responsible for the extremely important social infrastructure of electricity. For this reason, a multi-layered defense mechanism has been established by taking various physical, technical, and human measures. However, with the changes in the environment, we were forced to consider new countermeasures.

Since around 2015, cyber-attacks targeting social infrastructure in various countries have been increasing, and their methods are also becoming more sophisticated. The company has also taken appropriate measures while catching up on these trends, but the problem of what to do with the security of industrial systems has surfaced. Regarding this point, Mr. Masaru Tanaka of the Cyber Security Center PG-SIRT Group CISSP said, "We thought that industrial systems had a low risk of attack, but based on recent attack cases, it became necessary to consider new countermeasures. I did,” he explains.

As a business operator responsible for social infrastructure, the company is required to take necessary measures under regulations by the government and regulatory authorities, and there is also the fact that the Tokyo Olympics will be held in 2020. Mr. Takashi Kosuge, leader of the incident response team of the PG-SIRT Group of the Cyber Security Center, also emphasizes, "We thought it was urgent to strengthen security measures in order to continue a stable power supply to the Tokyo metropolitan area."

Compatible with industrial systems that use proprietary protocols, etc.
eyeInspect (formerly SilentDefense) meets your requirements

In 2015, TEPCO Power Grid conducted an investigation into IDS (Intrusion Detection) products that can monitor the company's industrial systems. While collecting a wide range of information to protect systems, the product that caught our attention was ``eyeInspect'' by ForeScout of the Netherlands.
"I found eyeInspect's features attractive and I was very interested, but at the time no company in Japan was offering it.However, in 2016, when I learned that Macnica started offering it, I decided to introduce it again. I decided to consider it.'' (Mr. Tanaka)

The requirements that the company sought for the product when introducing it were as follows. First, in consideration of the rapid increase in unknown attacks in recent years, we decided to use a whitelist method as the detection method to deal with this. In addition, since the company's industrial system uses a unique protocol, it was also essential to be able to support it. In addition, it also mentions that it can be introduced without affecting existing systems and that it can receive high-quality support in Japan.

eyeInspect fulfilled all these requirements. eyeInspect is a DPI (Deep Packet Inspection) product that visualizes not only the IP address but also layer 7 (application layer) of communications flowing through an industrial system network. can be monitored. It is also possible to detect cyber-attacks on industrial systems by performing whitelist detection based on this visualization ability.

In addition, eyeInspect has a function called SD Script, which incorporates the scripting language Lua engine.By writing in Lua script, it can be used for industrial systems that use proprietary protocols, and it can also be written using only packet header information. It is possible to capture unexpected changes in the status or values of industrial systems that are passed in payloads without any need for data processing. In addition, there is no need to make major changes to the system during introduction, which reduces the burden. Although it is an overseas product, you can expect generous support from Macnica. “That's why we decided to make full-scale moves toward introducing eyeInspect.” (Mr. Kosuge)

Immediate detection of abnormal communication
Get the right response in the shortest possible time

In May 2017, TEPCO Power Grid borrowed a test machine from Macnica and conducted verification of eyeInspect. We checked whether existing systems and networks would be affected and whether packets could be understood.
"At this time, Macnica provided us with technical support and other support. Thanks to them, we were able to confirm in about a week that eyeInspect met all of the Company requirements." (Mr. Tanaka)

The company officially decided to adopt eyeInspect in August and started building it. The configuration of the system is to aggregate the packets collected from many sites to be monitored into the eyeInspect monitoring sensor and send them to the eyeInspect command center for monitoring.
“What we are most looking forward to when deploying eyeInspect is to be able to quickly learn about internal and external movements that we are unaware of. We focused on being able to track it.” (Mr. Tanaka)

eyeInspect can immediately notify you of abnormal communications with its whitelist function. In addition, detailed analysis for each device is possible, and the screen display is easy to understand, allowing you to clearly visualize the system status. Mr. Kosuge also evaluates, "If we can see what we could not see before, even if an incident occurs, we will be able to take appropriate measures in the shortest possible time."

Started operation in April 2018
Hopes for Macnica 's support in utilization

TEPCO Power Grid completed its hardware deployment in FY2017 and began operating eyeInspect in April 2018. To support this, Macnica will keep up to date with the latest specifications and functions of eyeInspect and provide the content in Japanese and Japanese quality. The company also plans to provide feedback to the developer of eyeInspect on the needs of the field. Mr. Tanaka said, "We expect Macnica to support the Company in localization, training, and other aspects of utilization as they become more familiar with eyeInspect.