MUSHIAKGO Verification and Control System Security at the Production Technology Academy's Facilities
We tested MUSHIKAGO at the Institute of Production Engineering this time. (https://www.pref.hiroshima.lg.jp/soshiki/28/)
As shown in Figure 1, we connected MUSHIKAGO to the same network environment as the control system to verify that the control system and peripherals could be correctly detected and their security risks identified.
In this case, we connected MUSHIKAGO to an environment where multiple robotic arms and associated devices were present and verified. Although time was limited, we were able to identify all control systems and associated devices present, identify the manufacturers of the control systems, identify the communications that manipulate the control systems, and determine the vulnerabilities of each device.
The facilities of the Academy of Production Technology have a number of control systems as part of their research environment, and they manage and operate a wide range of new and conventional control systems. This time, we had the opportunity to learn about control systems from conventional to the latest models.
Conventional control systems operate the number of electromagnetic relays required for control (Figure 2 left) by wiring the corresponding signal lines one at a time. (Figure 2, right)
Subsequently, the use of serial communication such as general-purpose RS-232C (Fig. 3 left) and dedicated control protocols (e.g., CC-Link) (Fig. 3 right) instead of one signal line at a time has realized more efficient wiring, space saving, etc., and is still in use at many sites. This method is still in use at many sites today. PLCs (Programmable Logic Controllers) have also been introduced, and by using them, it is now possible to create compact and neat configurations.
Recently, control systems have become increasingly digitalized and connected to higher-level information systems and the Internet. In order to smoothly connect and communicate with these other networks, it has become common for control systems to be equipped with Ethernet communication functions (Figure 4). In addition, Ethernet-based control protocols such as CC-Link IE and Modbus/TCP are gradually being adopted.
Thus, while digitization in control systems is becoming more and more convenient, it is also necessary to be aware of cyber attacks that we have not been aware of before. There is a possibility of damage to control systems as well.
MUSHIKAGO can identify security risks for both information and control systems. In this verification, we used multiple control systems actually created by the manufacturer, and were able to safely verify security risks without any equipment malfunctioning.
We will continue to test MUSHIKAGO for security in various environments and develop it daily as a product that can resist threatening cyber attacks. We also offer a free trial of MUSHIKAGO, so if you are interested, please contact us through the inquiry form.