Press Information

MHI and NTT Complete Prototype of "InteRSePT®" Cyber Security Technology that Delivers Safe and Secure Operation of Control Systems
-- Enables Security Measures for Each Operating State --

Mitsubishi Heavy Industries, Ltd.
Nippon Telegraph and Telephone Corporation
Print

Tokyo, November 30, 2016 - Mitsubishi Heavy Industries, Ltd. (MHI) and Nippon Telegraph and Telephone Corporation (NTT) have completed the joint development of a prototype of "InteRSePT®"*1, a cyber security technology for critical infrastructure control systems. InteRSePT® offers safe and secure system operations using real-time anomaly detection and response for unknown attacks. MHI and NTT aim to apply the newly developed technology in commercial fields such as thermal power generation facilities and chemical plants where continuous availability*2 is of high importance.

MHI's
1. Background
Until now, security countermeasures such as IDS / IPS*3 and firewalls*4 have been developed to prevent cyber-attacks caused by malware*5 and DDoS*6. However, in recent years, advanced malware can monitor the operating characteristics and control commands of the target device and change the timing of transmission or parts of commands, causing the target device to fail. MHI and NTT have been working on cyber security research and development since March this year to respond to such threats. The InteRSePT® prototype is a result of this work, combining the high-reliability and safe control technology developed by MHI for the fields of defense and space, and security orchestration technology*7 developed by NTT.

2. Outline of InteRSePT®
InteRSePT® consists of a network monitoring appliance (NMA) and an advanced security management appliance (ASMA), and monitors real-time data flows in networks in an integrated manner. The system delivers real-time security measures that place importance on availability by changing the security remediation rules on each operating state of the target device. This enables protection against cyber-attacks that exploit control commands, which are difficult to detect and respond to with conventional technology.

Specifically, the system (1) collects and analyzes packets of sensor information flows in the control system network to gain an overall understanding of the operating state; (2) changes the communication control rules of the NMA according to the actual operating state and other factors; (3) analyzes and blocks the packet based on those rules; and (4) aggregates multiple sensor information with the ASMA and monitors the behavior of the entire control system in an integrated manner for early detection. Consequently, it can respond quickly even to unknown cyber-attacks and minimize the damage of such attacks.

3. Future plans
Going forward, at MHI's Cyber Lab, a security development and verification hub located in Tokyo, MHI and NTT will evaluate the technology prototype and verify its adaptability to control systems, to further advance InteRSePT® and expand its application to O&M (operation and maintenance) business.

*1 InteRSePT®: Abbreviation of Integrated Resilient Security and Proactive Technology - a registered trademark of MHI, in Japan
*2 Availability: Continuous operation of a system without stoppage
*3 IDS / IPS: Intrusion Detection System / Intrusion Protection System-systems to detect and protect against cyber intrusions
*4 Firewall: System for discrimination and reporting of unauthorized access
*5 Malware: Abbreviation of malicious software
*6 DDoS: Distributed Denial of Service attack
*7 Security orchestration technology: Technologies that collect and analyze cyber-attack related information including target device / system status and anomaly events, and comprehensively control diversified security appliances