Start of demonstration experiment assuming cyber attack on office building

SoftBank Technology Corp. (Headquarters: Shinjuku-ku, Tokyo, President: Shinichi Ata, hereinafter referred to as "SBT") and Cybertrust Japan Co., Ltd. (Headquarters: Shinjuku-ku, Tokyo, President: Shinichi Ata, hereinafter referred to as "Cybertrust Japan") are jointly working with Takenaka Corporation (Headquarters: Chuo-ku, Osaka, President: Masahiro Miyashita, hereinafter referred to as "Takenaka Corporation") to develop a building automation system * We are pleased to announce that we will conduct a demonstration experiment of security vulnerability diagnosis of IoT devices in 1 (hereinafter referred to as "building automation").
In this demonstration experiment, we will attempt to intrude into building automation from building automation system-related equipment and in-house systems owned by Takenaka Corporation, and conduct vulnerability assessments assuming unauthorized access and information leakage.

Background of the demonstration experiment
Nowadays, various devices are connected to the Internet and are used as IoT devices in many situations such as home appliances and social infrastructure. It is expected that social needs for IoT will continue to grow, and the Ministry of Internal Affairs and Communications has announced that the number of IoT devices will increase to 30 billion by 2020. *2 doing.
In buildings, various devices such as air conditioning equipment, electrical equipment, and various sensors are connected to networks, and buildings are becoming increasingly IoT-enabled. As building automation, these devices contribute to the energy saving of the entire building, and it is predicted that the demand for energy saving and the market size for buildings will continue to increase due to compliance with the revised Energy Saving Act and the spread of IoT devices. *3.
However, as devices connect to the Internet, devices that were previously not targets of cyberattacks have become targets of cyberattacks, and there have been reports of damage such as hijacking and suspension of use of IoT devices by exploiting their vulnerabilities. In response, the Ministry of Internal Affairs and Communications conducted vulnerability diagnosis for important IoT devices in September 2017. * 4, and in October 2017, comprehensive measures for IoT security were announced*5, and security measures for IoT devices are gaining momentum.
Under these circumstances, the three companies will conduct IoT vulnerability security diagnosis of building automation, identify security issues with IoT devices in building automation, and consider countermeasures.

Role of each company
■ SBT
After formulating vulnerability hypotheses and diagnosing vulnerabilities for building automation in general, we provide countermeasures and solutions from the device level to the network level and remote monitoring.

■ Cybertrust Japan
Conducting IoT vulnerability diagnosis, reporting results and considering countermeasures.
Providing technical support for cyber exercise procedures and evaluations, as well as high security measures for important equipment.

■Takenaka Corporation
Research and consideration of security focus points in building automation and conduct vulnerability diagnosis in real environments.
Consider countermeasures after vulnerability diagnosis and consider implementing security measures for future new buildings.

Diagnosis overview
■ SBT
Detects vulnerabilities and latent factors hidden in devices, controllers, and networks to prevent unauthorized access and information leaks. The demonstration experiment is scheduled to run from November 2017 to December 2017.

■Main diagnosis items (planned)

About the future
■ SBT
Based on the results of this demonstration experiment, SBT, Cybertrust Japan, and Takenaka Corporation will jointly strengthen security measures for building automation and strive to improve security awareness in the EMS (energy management system) market, including building automation. I'll go.

*1 Building automation system: An information system that comprehensively monitors, manages, and controls a wide variety of equipment in buildings (electrical equipment, air conditioning equipment, disaster prevention and security equipment, mechanical equipment such as elevators). By monitoring the operational status of equipment and recording and managing operational information in an integrated manner, it is possible to ensure safety within buildings, promote energy conservation, strengthen crime prevention, and save labor in administrative tasks.
*2 Ministry of Internal Affairs and Communications “2017 Information and Communications White Paper”: http://www.soumu.go.jp/johotsusintokei/whitepaper/ja/h29/html/nc133100.html
*3 Fuji Keizai: “Investigating the domestic market for BEMS, BAS, ESP, and FEMS energy solutions”: https://www.fuji-keizai.co.jp/market/16081.html
*4 Announced by the Ministry of Internal Affairs and Communications, “Implementation of vulnerability surveys, etc. related to IoT devices”: http://www.soumu.go.jp/menu_news/s-news/02ryutsu03_04000088.html
*5 Announcement of the Ministry of Internal Affairs and Communications “Announcement of “Comprehensive IoT Security Measures””: http://www.soumu.go.jp/menu_news/s-news/01ryutsu03_02000126.html

• *Company names, product names, and service names mentioned in this release are trademarks or registered trademarks of our company or each company or organization.