This time, MUSHIKAGO was verified with the cooperation of Hiroshima Prefectural Technical Junior College (https://h-tc.ac.jp/). This verification is also introduced in this article (https://h-tc.ac.jp/blog/blog-557/).
For this verification, we used the facilities of the college's Control Systems Technology Department (https://h-tc.ac.jp/departments/control_system_technology/). The Department of Control Systems Technology offers courses from the basics to applications of control systems, from assembling control boards to programming PLCs, and more recently, utilizing AI and IoT devices, and is training a succession of control system professionals.
The control systems used in this study were two control systems, one using Mitsubishi Electric's MELSEL-Q series and the other using the MELSEL iQ-R series.
The goal of this verification was to see if MUSHIKAGO could properly detect CC-Link IE (control protocol used in Mitsubishi Electric PLCs) communication and develop it to a penetration testing. As a result of the verification, MUSHIKAGO was able to detect CC-Link IE Field (proprietary IP layer protocol) and CC-Link IE Field Basic (UDP-based protocol) that were being communicated, and was able to analyze the communication content and develop it into a penetration testing.
CC-Link has various types of protocols from the conventional serial communication protocol to various types of protocols using Ethernet. However, in the future, CC-Link protocols using Ethernet (such as CC-Link IE Field Basic) are expected to become the mainstream in order to save space, improve manufacturing efficiency, and promote connection to external networks. Therefore, appropriate security measures must be taken. Therefore, without appropriate security measures, the number of cases of cyber-attacks is expected to increase.
MUSHIKAGO can perform security diagnosis not only for information systems but also for control systems such as this one. We will continue to develop MUSHIKAGO on a daily basis as a product that can combat threatening cyber attacks by conducting security verification in various environments.
If you are interested in MUSHIKAGO, please feel free to contact us using the inquiry form. If you are interested in joint research, please feel free to contact us.