Go to the text

A demonstration experiment simulating a cyber attack on an office building discovered vulnerabilities in building equipment systems.

Driving the development of security solutions for building automation systems


SoftBank Technology Corp.
Cybertrust Japan Co., Ltd.

SoftBank Technology Corp. (Headquarters: Shinjuku-ku, Tokyo, President: Shinichi Ata, hereinafter referred to as SBT) and Cybertrust Japan Co., Ltd. (Headquarters: Shinjuku-ku, Tokyo, President: Yasutoshi Magara, hereinafter referred to as Cybertrust Japan) are jointly building automation systems (hereinafter referred to as BA) with Takenaka Corporation (Headquarters: Chuo-ku, Osaka, President: Masahiro Miyashita, hereinafter referred to as Takenaka Corporation). *1 Conducted a demonstration experiment of security vulnerability diagnosis targeting the facility environment *2.

As a result, vulnerabilities were detected in cyber attacks via the internal information (OA) network as well as from the control (BA) network itself, which is assumed to operate on a closed network. This can cause damage such as unauthorized intrusion into servers (e.g., air conditioning subsystems, etc.) and equipment on the control (BA) network, or downing of power systems, air conditioning systems, lighting systems, etc. by infecting them with malware. It turns out it's possible.

Based on the results of this study, SBT and Cybertrust Japan, in collaboration with Takenaka Corporation, are implementing a control system that assumes operation via an internal information (OA) network and a closed network as a security measure for the BA facility environment. BA) We will promote the development of security solutions for BA based on the need to take countermeasures that anticipate physical attacks on devices in addition to intrusions from the network itself.

Image diagram of demonstration experiment results

<Image of demonstration experiment results>

■Demonstration experiment results


The results of the penetration test*3 conducted in this demonstration experiment are as follows.

  1. Possibility of intrusion from the internal information (OA) network to the control (BA) network that is assumed to operate on a closed network:
    In the demonstration experiment, it was not possible to infiltrate the control (BA) network, which is assumed to operate on a closed network, from the internal information (OA) network, but it is possible to infiltrate the control (BA) network, which is assumed to operate on a closed network, but it is possible to do so by carrying out attacks over time. It turned out that there is a sex.
  2. Intrusion and attack on servers/devices on the control (BA) network assuming operation in a closed network:
    It was discovered that if the control (BA) network was accessed, the target system could be compromised.
  3. Evaluation of the controller device itself that controls the equipment:
    Some devices, such as energy-saving monitors (displays), that are not designed to be attacked have poor security functions, and this could be used as a springboard to cause damage to building control equipment. It turns out that.

■Future developments


Based on the results of this demonstration experiment, we will promote the joint development of equipment security solutions for BA/FA (Factory Automation)/PA (Process Automation), and will promote the joint development of equipment security solutions for BA/FA (Factory Automation)/PA (Process Automation). We will strive to improve security awareness in the Smart Factory market based on Industry 4.0 and the Smart Factory market, and promote highly safe and secure automation.

Contact information for inquiries from media regarding this matter

○ SoftBank Technology Corp. Corporate Planning Department Corporate Communication Group
Email: sbt-pr@tech.softbank.co.jp