Control System Security Center

ICS SECURITY IN JAPAN

INTRODUCTION OF CONTROL SYSTEM
SECURITY CENTER
(CSSC)

April 26th, 2017

The 3rd French Japanese Meeting on Cybersecurity

Kenzo Yoshimatsu
R&D Division
Control System Security Center （CSSC）

20170426 1
 Control System Security Center

http://www.css-center.or.jp/en/index.html

CSSC Promotion Video

About 8 Minutes
If Tokyo city falls into wide-area blackout, ・・・・・・・・
http://www.youtube.com/watch?v=qgsevPqZpAg&feature=youtu.be

2
 Control System Security Center

Where is CSSC?
 Headquarter Tohoku Tagajo HQ
– Tohoku Tagajo Headquater (TTHQ)

– TAGAJO CITY,
MIYAGI

 Tokyo Branch TAGAJO

Tokyo Rsearch Center

– Tokyo Research CHOFU
(TRC)
Center
– CHOFU-SHI,
YOKYO

Source: http://www.city.tagajo.miyagi.jp/ 3
 Control System Security Center

Where is Tagajo?
 Jo = castle; since 8 th century
 Historically famous and important place in Japan
 Tsunami (2-4 m height) caused by the earthquake
has covered the 33% of the city land
(Mar.11.2011)

 After the earthquake, Tagajo city launched

“Research Park for Disaster Reduction” plan.
– Internationally prominent effort for achieving
disaster reduction
– Development of distinct technologies and
products
– Policies for disaster reduction

“The testbed of CSSC truly suits the concept of

Research park for disaster reduction.”
(Mayor of Tagajo)

Source: http://www.city.tagajo.miyagi.jp/ 4
 Control System Security Center

Industrial Control System Network

Internet Maintenance／services, related factories, sales

Office network
Firewall

Infrastructure
Industrial Control System network
(factories, building, filter
plant, sewage plant,
disaster control center) DCS PLC
opening/closing valve Monitoring room(SCADA)
controlling
temperature, pressure Engineering PC
and robot
Parameter configuration
Evaluation

DCS: Distributed Control System

PLC: Programmable Logic Controller SCADA: Supervisory Control And Data Acquisition

5
 Control System Security Center

PLC and DCS

DCS PLC

Usually, a DCS configuration comprises three PLC comprises a combination of PC monitoring and
elements: an HMI (Human Machine Interface) control software and performs process monitoring
used by the operator for control and monitoring and control. PLC is used, for example, in assembly
and a control network that connects the HMI plants or for building control.
and controller and is connected to a field
network. DCS is used in facilities such as
chemical and gas plants.

6
 Control System Security Center

Control Security and Information Security

• The term “cyber security” means maintaining the
confidentiality, integrity, and availability of
Confidentiality
information assets. These are the three
requirements of cyber security and are referred
to by the acronym “CIA” formed from the first
letters of each. It is important to maintain all three
elements with balance. Cyber
security
• Confidentiality
• The term “confidentiality” refers to the Integrity Availability
ability of authorized persons to properly
access information only by authorized
methods. In other words, confidentiality
ensures that users without access
privileges cannot access information.
• Integrity
Control Security
• The term “integrity” refers to the
Availability > Integrity > Confidentiality
safeguarding of the accuracy and integrity
of assets.
• Availability
• The term “availability” refers to the ability
of authorized persons to access assets in Information Security
a timely fashion when necessary and the Confidentiality > Integrity > Availability
maintenance of assets in a state in which
they can be used without a problem.

7
 Control System Security Center

Security Incidents in Water Sector

A wastewater treatment plant system in Australia was hacked in 2001,
and released raw sewage into local rivers and parks. In the result,
there was significant damage to the ocean system.
That incident was committed by a former employee of a SCADA
software vendor. *He was arrested eventually.
He used the remote access account and route, and illegally operated
the control system.
A resignee hacked into a control
system through remote access route

Internet

Firewall

Chesapeake Bay Program/CC BY 2.0 this is a referencing image

Control System
8
8
 Control System Security Center

Security Incidents in Railway Field

Train signaling systems were shut down by a malware (sobig)
infected the internal computer system, in the United States in
2003.
It took 6 hours to recover, and the train operation was disrupted
all the while.
CSX Train Sobig
The sobig warm is a trojan-type malware. It
appears as an email attachment, and replicates by
itself to spread infection. Sobig searches out
stored email addresses from Windows address
books and files (that extensions are: txt, eml, html,
htm, dbx, wab) on victims’ computers, then mails
out messages containing attached files infected
with copies of the virus.

Flowizm .../CC BY 2.0

9
9
 Control System Security Center

Security Incidents in Petrochemical Field

Turkish oil pipeline was exploded in 2008. The attackers hacked
the operational control system, super-pressurized the crude oil
in the line, and caused the explosion.
Hackers had shut down all the alarm devices (including cameras
and sensors), and cut off communications.

Oil pipeline Oil pipeline (overall view)

Will Russell/CC BY 2.0 this is a referencing image

10
10
 Control System Security Center

Example of Incident with BA System

Hacking into an HVAC system at a hospital by a security officer

Date April – June, 2009

Target of
W.B. Carrell Memorial Clinic in Dallas, Texas (America) W.B. Carrell Memorial Clinic
Attack
Path of
Illegal access to the hospital’s HVAC system, patient information computer, etc.
Entry
Damage System intrusion, online disclosure of system screens. A DDoS attack was also planned, but failed.

Timeline Background and Outline

Background A contracted security officer at the hospital in question (25 years old at the time) also acted as leader of a group of
hackers called “Electronik Tribulation Army” under the pseudonym “Ghost Exodus.”
Attack The security officer in question penetrated the hospital’s HVAC system and customer information computer and
April – June, disclosed screenshots of HMI screens from the HVAC system online. Menus of the various functions of the hospital
2009 including pumps and cooling devices in operating theaters could be checked from the screens disclosed (see the
next page). Moreover, motion images of scenes depicting acts such as installing malware in PCs in the hospital
(apparently, botnetting of PCs in preparation for the DDoS attack detailed later) were also disclosed online.
‒ Meanwhile, although hospital staff thought it strange that the HVAC system alarm was not functioning as
programmed because the alarm settings had been stopped, nothing amiss was discovered in the hospital.
Discovery The attack was discovered when a SCADA security expert examined information he had obtained from a hacker
and Arrest acquaintance and reported it to the FBI and the Texas Attorney General’s Office, leading to the arrest of the security
June, 2009 officer in question on June 26, 2009. (He was sentenced to serve 9 years in a federal penitentiary.)

Attack Plan Although the attack failed with the arrest of the security officer concerned, he had planned to launch a large-scale
(Failed) DDoS attack using the infected hospital system on July 4, 2009 (Independence Day) and was recruiting hackers
July, 2009 who wished to help on the Internet. He had already reported his intent to resign to the security company to which he
belonged on the day before the scheduled attack date.

Source: DOJ Press release (http://www.justice.gov/usao/txn/PressRel09/mcgraw_cyber_compl_arrest_pr.html)

11
 Control System Security Center

Threats to Control Systems in Japan

USB Ports Remote Maintenance Lines

 Viral
infections from USB memories are a A company connects terminals (e.g.
common occurrence. turbines) to a central monitoring room (e.g. of
the US headquarters) via remote maintenance
lines in order to monitor devices in real time.
That causes illegal access and cross-
contamination by malware from the terminals.

Replacement of Operating Terminals Physical Intrusion

 (An Actual
Case) In an automotive No password settled for monitoring
company: A terminal replaced by a terminals
vendor was infected by virus. Using common passwords or IDs, or
An infected posting them on walls
terminal
brought by a
vendor
Other Past Incidents:
• A Japanese infrastructure company was infected by a virus when an operator connected his terminal to
the Internet to play a game.

12
 Control System Security Center

Measures of Security Control of Connection Devices

Disabling unused USB ports Disabling unused LAN cables

Disabling unused ports on a HUB LAN cables with security lock

preventing omission

13
 Control System Security Center

Directionality of Other Measures

No. Threads in Japan Trends and Measures
1 Remote Maintenance ・Authenticate terminals connected to
Lines remote maintenance lines (e.g. issue
certificates)
・Conduct security inspection
2 Terminal Replacement ・Run a standalone malware scan when a
terminal is replaced
3 Others ・Fully enforce physical security measures
(e.g. managing keys and entrance and exit
lists, introducing biometric identification,
installing security cameras, checking
personal belongings and body weight)

14
 Control System Security Center

Activities on Control System Security in Japan

2010 2011 2012 2013 2014 2015 2016
STUXNET APT to Japan
(MHI, Government,etc.） Shamoon Dragonfly BlackEnergy

Cyber Security &

METI Economy Study
Group
（Dec 2010～
Aug 2011）
Task Force on the Study
of Security for Control Cybersecurity Cybersecurity Exercises in CSSC
Systems Exercises (Electricity., Gas, Chemical and Building Systems)
（Oct 2011～Apr 2012）

Tohoku Tagajo Headquarter

Testbedｓ（CSS-Base6)
Est. May 2013
Control System
Security Center
(CSSC) Tokyo Research Center
Est. March 2012
EDSA Certification
EDSA Certification Practical Service
Pilot Project

15
 Control System Security Center

Purpose of CSSC Activities and Activities Scheme

1 Ensuring the security of control systems with the focus on important infrastructures

2 Strengthening export competitiveness concomitant with ensuring control system security

3 Contributions to recovery in disaster-stricken areas

Budget for recovery Contributions

Disaster-
from earthquake disasters to recovery stricken
areas
CSSC
Ministry of
Economy,
Trade and Members (User companies, Important
infrastructure
Industry control vendors, security operators, etc.
vendors, etc.)
Effects
of results
Research and development with highly-secure control systems
Infrastructure
Testing and certification of control systems, control devices, etc.
export
Training human resources to disseminate and promote awareness of
operators, etc.
control system security

16
 Control System Security Center

Organization Chart
Position Name Business Title
Professor, The University of Electro-
President Seiichi Shin
Communications

Executive Officer & General Manager of Solution

Board
Tadayoshi Ito & Service Business Advanced Automation
member
Company, Azbil Corporation

Board Souichi Director

member Watanabe eHills Corporation
Dr. Seiichi Shin, President of CSSC Director General, Department of Information
Professor, The University of Board Satoshi
Technology and Human Factors, National Institute
member Sekiguchi
Electro-Communications of Advanced Industrial Science and Technology
General
Meeting Board Toshiba Corporation Social Infrastructure
Hideaki Ishii
member Systems Company
Board
Board Corporate Officer & Senior General Manager
Jun Abe
Certification Laboratory member Control System Platform Division
(CSSC-CL) President
Auditor Senior Vice President
Board Masaya
Head of ICT Solution Headquarters,
member Nakagawa
Audit Mitsubishi Heavy Industries, Ltd.
Laboratory Director Functions Board Executive Officer, Corporate Research and
Equity Kenji Kondo
Committee member Development, Mitsubishi Electric Corporation
Steering
Secretary R&D Task Committee Board Director and Executive Vice President, Mori
Committee Hiroo Mori
member Building Co.,Ltd.
Certification & Standardization
Adjudication Task Committee
Head PA Systems Business CenterIA Platform
R&D Board
Committee Headquarters Naoki Ura Business Headquarters
member
Promotion and Human Resource Yokogawa Electric Corporation
Evaluation Development Committee
Center TTHQ
Makoto Advisor
Tohoku Tagajo Executive
R&D Division Takahashi Professor, Tohoku University
Headquarters Director
Advisor Kenji Watanabe Professor, Nagoya Institute of Technology
Associate Professor, The University of Electro-
Advisor Kenji Sawada
Communications
Kazumasa
Dr. Makoto Takahashi, Advisor President and CEO, Fatware ,Inc.
Kobayashi
TTHQ Executive Director Auditor Ryuichi Inagaki Attorney
Professor, Tohoku University Secretary-
Ichiro Murase Control System Security Center
General

17
 Control System Security Center

Outline (As of April 1, 2017)

The National Institute of Advanced Industrial Science and Technology*,

Control System ALAXALA Networks Corporation, Azbil Corporation*, Cisco Systems G.K., Fuji
Electric Co., Ltd. , Fujitsu Limited, Hitachi, Ltd.*, Hitachi Systems Power
Security Center
Services, Ltd., IHI Corporation, Information Technology Promotion Agency,
31 Japan Audit and Certification Organization for Environment and Quality, Japan
Name (Abbreviation) CSSC Associa- Quality Assurance Organization, Macnica, Inc. and Fuji Electronics Co., Ltd.,
※A corporation authorized by the tion McAfee Co., Ltd., Meidensha Corporation, Mitsubishi Electric Corporation,
Minister of Economics, Trade and Mitsubishi Heavy Industries Ltd.*, Mitsubishi Research Institute Inc.*, Mori
Industry members
(In
Building Co., Ltd.*, NEC Corporation, NRI Secure Technologies Ltd. , NTT
alphabetical Communications Corporation, OMRON Corporation, Panasonic Corporation,
order) SOHGO SECURITY SERVICES CO.,LTD., The University of Electro-
Communications, Tohoku Information Systems Company, Incorporated,
Establ March 6, 2012 Toshiba Corporation*, Tohoku University, Trend Micro Incorporated , and
-ished (The registration date) Yokogawa Electric Corporation*
(*8 founding members)
Miyagi Prefecture, Tagajo City, Check Point Software Technologies
（Japan） Ltd., Cyber Solutions Inc., Eri, Inc., ICS Co.,Ltd., System Road
Special
Co., Ltd., Fukushima Information Processing Center,Techno mind
[Tohoku Tagajo Supporting
members Corporation, Toho C-tech Corporation, Tosaki Communication Industry Ltd.,
Headquarters (TTHQ)] TripodWorks CO.,LTD., Tsuken Electric Ind Co., Ltd. , East Japan
Locat- Miyagi Reconstruction Park Accounting Center Co.,Ltd.
ion F21 6F,
3-4-1 Sakuragi, Tagajo City, Aiuto, Artiza Networks, Inc., Check Point Software Technologies Ltd.,
Miyagi, Chiyoda-keiso Co., Ltd., Fortinet Japan K.K., Infosec Corporation, Interface
985-0842, Japan Supporting Corporation, Ixia Communications K.K., Japan Nuclear Security System
members Co.,Ltd., JAPAN DIREX CORPORATION, KPMG Consulting Co., Ltd.,
Mitsubishi Space Software Co.,Ltd., NUCLEAR ENGINEERING, Ltd., OTSL
Inc., The Japan Gas Association, TOYO Corporation

18
 Control System Security Center

CSSC Association Members（As of April 1, 2017）

19
 Control System Security Center

Overview of CSSC’s R & D 2

[Products]
1 Checks and measures of current products (controllers, etc.) and research
and development of creating secure products

[Systems]

2 Checks and measures of current systems (mostly IT systems) and

research and development of creating secure systems

[Plants]

3 Checks and measures of current plants and research and development of

creating secure plants

[Testbeds]

4 Research and development of environments where simulation plants can

be used for checks and measures of products, systems, and plants

20
 Control System Security Center
Research and Development in CSSC

1. [Products]
[Products] Checks and measures of current products (controllers, etc.)
1
and research and development of creating secure products

Technology to verify current products

• Verification technology in conformity with ISCI/EDSA
• Establishment of CSSC specific verification items

Technology development for secure products

• White list switch
• White list (for terminals and servers)
• Security barrier device (SBD)

HMI1
Server
White list switch HMI2
Illegal Proper
access communication

Global network
Electricity PLC Air-conditioning PLC

Air-conditioning
control unit group
Access control based on
automatically created Switchboard Power board

white list Lighting switch Air-conditioning

switch

Control
device (Building simulation
system - Laboratory D)
1

21
 Control System Security Center
Research and Development in CSSC

2. [Systems]
[Systems] Checks and measures of current systems (mostly IT
2
systems) and research and development of creating secure systems

Technology to verify current systems

• Verification technology in conformity with ISCI/SSA
• Establishment of CSSC specific verification items

Technology development for secure systems

• Guide to build secure control systems (IEC 62443)
• Secure log collection technology in control systems
• Cross-sectional log analysis technology in control systems
• Technology to standardize control system asset management (SCAP)
• CSSC specific verification tool

(FA simulation
plant -
(Chemistry simulation plant Simulation
- System evaluation room) plant room)

22
 Control System Security Center
Research and Development in CSSC

3. [Plants]
[Plants] Checks and measures of current plants and research and
3 development of creating secure plants

Online information (1)

Online information (2)

Narrow down abnormality

Offline information hypotheses including
cyber attacks
• Online information (1): Information always monitored at real-time
• Online information (2): Information obtained online as needed
• Offline information: Information obtained at sites and input to systems manually by humans

Technology to verify current plant operations

• Evaluation of the maturity level of system risk management based on the capability model
• CSMS exercise contents
Technology development for secure plants
• Technology to recognize cyber attacks at early stages
• Security technology based on the model-based control
• Measures for human factors

23
 Control System Security Center
Research and Development in CSSC

4. [Testbeds]
[Testbeds] Research and development of environments where

4 simulation plants can be used for checks and measures of products,

systems, and plants

All simulation
plants and
connected devices
are the target

Establishment of testbeds
• Establishment of nine simulation plants
• Establishment of an interconnection environment using OPC
• Establishment of a function reproducing malware behaviors
• Establishment of countermeasures

Establishment of verification environments for testbeds

• Establishment of a remote verification environment
• Establishment of a pseudo attack environment

24
 Control System Security Center

ISA/IEC62443 and ISA/ISCI ISASecure

METI and CSSC promote ISA/IEC62443 as ICS security standard

and also ISA/ISCI ISASecure as ICS security certification standard.

Target of general-purpose
specific purpose(industry) system
Standardization control system Petroleum/ Electric Smart Railroad
Chemical plant power system grid system
IEC62443
-2-1 ISO/IEC
Organization CSMS
NERC NIST 62278
C
CIP IR7628

IEC ISA/ISCI
System 62443
WIB
ISASecure IEC61850
SDLA C
SSA international
legend
component EDSA standard
IEEE1686 industry
C standard
C ：existing certification scheme
ISCI: ISA Security Compliance Institute WIB: International Instrument User’s Association

25
 Control System Security Center

3)-1 Testing & Certification

EDSA Certification
 IEC62443 is a standard that covers all control system security layers and players.
 The antecedent standards issued for testing and certification (e.g. EDSA and WIB certification) are
to be used for IEC62443.
*1) Information
Standardization network
情報ネットワーク
ファイアウォール
Firewall
Operator

IEC62443-1
Production
生産管理
management
Integrator

IEC62443-2 サーバ
server Control information network
制御情報ネットワーク
Management, CSMS
operation, HMI PIMS
processes
Control network
コントロールネットワーク
IEC62443-3 EWS DCS/Master PLC PLC SSA
Technology,
systems
フィールドネットワーク
Field network

DCS/Slave Sensor
センサバス bus
Device vendor

IEC62443-4
Components EDSA
and devices
M
センサ・アクチュエータなど
Sensors, actuators, etc.

*1) IEC/TC65/WG10 oversees the task of standardization of IEC62443 cyber security (JEMIMA handles the Japan office).
*2) EDSA: Embedded Device Security Assurance: Control device (component) certification program  Proposed to
IEC62443-4.
*3) WIB: International Instrument User’s Association program  Proposed to IEC62443-2-4.
DCS: Distributed Control System PLC: Programmable Logic Controller PIMS: Process Information Management
System

26
 Control System Security Center

3)-2 Testing & Certification(Cont’d)

Outcome of R&D: Based on pilot certification service in 2013, CSSC-CL started

operating an impartial and fair certification service from 2014.

27
 Control System Security Center

4) Development of Human Resources Training Program:

Cyber Security Practice
Purpose Persons such as site supervisors, engineers, and related vendors in the fields of electric power, gas, buildings,
and chemicals use a mock CSS-Base6 plant to develop awareness of security threats to control systems and
practice cyber security with the purpose of verifying the validity of elements such as procedures for detecting the
occurrence of security incidents and coping with resulting damage to promote the acquisition of knowledge with
the focus on control system security measures in their respective fields.
Dates and Venues 4 sessions implemented in four fields using CSS-Base6 from December 2014 through February 2015

Participants Cumulative total 216 people (including observers) participated in the exercises in FY 2014.
Participation by entities and persons including industrial groups, operators, well-informed persons, and
competent authorities.

Electric power Gas Chemicals Buildings

Outcome of R&D: Growing awareness of the existence of security threats in each

field and the need for countermeasures.

28
 Control System Security Center

OVERVIEWS OF CONTROL SYSTEM

SECURITY CENTER（CSSC）

Tohoku Tagajo Headquarters (TTHQ)

Tagajyo

http://www.css-center.or.jp/en/index.html
 Control System Security Center

Tohoku Tagajo Headquarters （Testbed：CSS-Base6）

Exercise
System Room A
Assessment Miyagi Recovery Park 6th Floor
Exercise F21 Building
Room
Room B
(Seminar) Total area 2,048㎡
Exercise
Room C

Exercise
Room D
Entrance
Red
Central Monitor Table
（3 multi displays）
Team
Room
Plant Simulation Room

30
 Control System Security Center

Testbeds：Entrance and simulated central monitor room

31
 Control System Security Center

Plant simulations

 Extracted characteristic functions of ICS

 Developed plant simulations for demonstration and
cyber exercises
 Implemented 9 kinds of plant simulations

（１）Sewerage and drainage process automation system

（２）Building automation system
（３）Factory automation plant
（４）Thermal electrical generating plant
（５）Gas plant
（６）Electrical substation for broad area (smart city)
（７）Chemical process automation system
（8）Factory automation plant 2
（9）Building automation system 2
32
 Control System Security Center

Plant simulation：（１）Sewerage and drainage process

automation system

thickener
controller
safety instrumented
system

emergency
servers
stop button

33
 Control System Security Center

Plant simulation：（２） Building automation system

controller

servers simulated air

conditioning system

monitoring
console
(as in a “disaster
control center”)

34
 Control System Security Center

Plant simulation:(3) Factory automation plant

robot arm

PLC

35
 Control System Security Center

Plant simulation：（４） Thermal electrical generating plant

servers

HMI

36
 Control System Security Center

Plant simulation：（５） Gas plant

gas buffer tank

pressure adjustment
valve

37
 Control System Security Center

Plant simulation：（６）Electrical substation for broad area

(smart city)

station servers
common panel

38
 Control System Security Center

Plant simulation：（７）Chemical process automation system

tank 1
controller (disturbance)
（DCS)

servers
tank 2
(water level control)

controller
(PLC)

adjusting valve

39
 Control System Security Center

Plant simulation：（8）Factory automation plant 2

robot arm

robot arm

laser marker
controller
(PLC)

HMI

40
 Control System Security Center

Plant simulation：（9）Building automation system 2

controller
(PLC)

41
 Control System Security Center

Testbeds: other main features

 Tools for cyber attacks and fuzzing tools for testing and
verifying ICS mainly of CSSC members
 Virtual network for R&D and verification environment in
testbeds
 Rooms for verification activities
 System Assessment Room (full sitting numbers about
40) for seminars and awareness raising
 Blue team and red team cyber exercise
 JGN-X (research gigabit network provided by NICT)
between Tohoku Tagajo Headquarters and Tokyo
Research Center

42
 Control System Security Center

Events and guests(1)

Year/Month Events
2012.03 Established CSSC
2013.05 TTHQ opening ceremony
2013.09 Welcomed the senior vice minister for reconstruction
2013.09 Signed MOC with DHS in coordination with METI, AIST,IPA, JPCERT/CC
2013.12 Signed MOU with ENCS in Netherland
2014.01 Conducted Training Programs to Support Enhancement of Information Security in the ASEAN Region
2014.01 Welcomed the vice ministers of Defense and the vice minister
of Education, Culture, Sports, Science and Technology
2014.01～03 Conducted Cyber security exercise FY2013
2014.02 Welcomed Cyber security researchers from England
2014.03 Welcomed the 1st Tagajo city Disaster risk reduction technology tour
2014.04 Started EDSA certification service and joined ISCI
2014.04 Signed MOU with CCI in Spain
2014.04 Welcomed ELECTRONIC TRANSACTIONS DEVELOPMENT AGENCY from Thailand
2014.04 Welcomed DENSEK(Distributed ENergy SEcurity Knowledge)
2014.04 Welcomed 12 mayors around CSS-Base6
2014.06 Welcomed senior vice minister of the cabinet office
2014.07 Welcomed the president of Japan Business Federation
2014.10 Signed a letter of intent (LoI) with ENCS
2014.11 Welcomed Meridian conference（security conference from 40 countries）

2014.11 Welcomed Deputy Secretary-General of Thai Industrial Standards Institute(TISI) and participants of "The
Training Program on the Standards for Industrial-Process Measurement, Control and Automation[ENTS]"

43
 Control System Security Center

Events and guests(2)

Year/Month Events
2014.12～ Conducted Cyber security exercise FY2014
2015.02
2015.01 Welcomed Chair of Special Mission Committee
on IT Strategy, Liberal Democratic Party of Japan
2015.01 Conducted debrief session for CSSC special supporting member
2015.01 Welcomed the 2nd Tagajo city Disaster risk reduction technology tour
2015.03 Welcomed State Minister of Economy, Trade and Industry
2015.03 Welcomed the 3rd Tagajo city Disaster risk reduction technology tour
2015.04 Welcomed new employees of Tagajo city
2015.04 Welcomed ENCS
2015.05 Welcomed President of the Sendai Chamber of Commerce and Industry
2015.05 Conducted TTHQ site tour and annual debrief session for CSSC members
2015.06 Welcomed observation team of “Royal College of Defence Studies”
2015.07 Welcomed Professional Staff Member,
Senate Armed Services Committee (SASC)
2015.07 Welcomed TOMODACHI - Mitsui & Co. Leadership Program observation team
2015.07 Welcomed the 4th Tagajo city Disaster risk reduction technology tour
2015.07 Welcomed United States Forces Japan
2015.08 Conducted CSSC tour for CSSC special supporting member
2015.09 Welcomed the House Administration Committee
2015.10 The organization for restructuring businesses after
the Great East Japan Earthquake
2015.10 Welcomed National Conference of State Legislatures, The Council of State Governments

44
 Control System Security Center

Events and guests(3)

年月日 イベント等の内容
2015.10 Welcomed Qatar Science Campus Factory tour
2015.11 Welcomed Dutch Cyber Security Delegation
2015.11 Welcomed Italy‐Japan Business Group
2015.12 Welcomed IECEE PSC•
WG3 Cyber Security TF
2015.12 Welcomed Estonian delegation
2015.12 Welcomed the 5th Tagajo city Disaster risk
reduction technology tour
2016.02 Welcomed trainees from ASEAN countries
2016.05 Welcomed the House of Representatives' Committee on the Cabinet
2016.07 Welcomed the 7th Tagajo city Disaster risk reduction technology tour
2016.09 Welcomed U.S. Ambassador to Japan Caroline Kennedy

Our guests since the opening

Over 6,100 people / 1,200 times of plant demo
more than 400 oversea guests
(as of April 1, 2017)

45
 Control System Security Center

Appendix: Overview of Stuxnet

 In September 2010, a cyber attack was launched targeting

uranium-enriching centrifugal separators at a nuclear fuel
facility in Iran.
 The attack exploited four unknown vulnerabilities in Windows
so that infection would occur when PC users displayed USB
memory content using Windows Explorer.
 It was reported that the centrifugal separators were overloaded, Country-specific infection counts
resulting in destruction of 20%. confirmed by Symantec
 It is also rumored that Stuxnet has caused a major setback
(approximately three years) in Iran’s nuclear development
program.
USB memory Malware
infection
Malware

Control PC S7 Series PLC

SIMATIC WinCC

Source: http://ebiquity.umbc.edu/blogger/2010/09/23/is-
stuxnet-a-cyber-weapon-aimed-at-an-iranian-
nuclear-site/
Centrifugal separators
46