Performed performance verification of in-building cybersecurity countermeasure system on BA network of actual building

Takenaka Corporation (President: Masato Sasaki), SB Technology (President and CEO: Shinichi Ata, hereinafter referred to as SBT), NEC (President and CEO: Takashi Niino, hereinafter referred to as NEC), Cybertrust Japan (President: Yasutoshi Magara, hereinafter referred to as CTJ) has demonstrated in a building owned by the Takenaka Corporation Group that its latest cyber security system for Building Automation (BA) systems, ``Smart Secure Service,'' exhibits stronger security performance than conventional security measures. .
In the future, the four companies will utilize the "Smart Secure Service," which has extensive security functions, to comply with industry guidelines such as the "Cybersecurity Guidelines for BA Systems" formulated by the Ministry of Economy, Trade and Industry, and will use the Smart Secure Service, which has advanced BA system functions. We will promote the realization and spread of buildings and smart cities.

In recent years, there has been a growing need for BA systems to connect with various systems and IoT devices inside and outside buildings and utilize data in order to improve efficient building management, energy conservation, convenience, and comfort. On the other hand, the risk of cyberattacks targeting BA systems, which are growing in scale as networks are integrated, is also increasing. Conventional BA security measures are mainly limited to firewall protection against threats from outside the building, and measures based on the assumption of unauthorized intrusion and virus infection are not necessarily sufficient (Figure 1 (a)) . "Smart Secure Service" is equipped with IDS *1 /IPS *2 functions and a function to authenticate registered devices, making security even stronger against unauthorized intrusion and virus infection (Figure 1(b)).

■Overview of “Smart Secure Service”
"Smart Secure Service" has two functions.

1. Detection function (IDS) for various types of unauthorized operations (unauthorized communication access, unauthorized device connection, unauthorized application startup, data tampering, etc.) and communication blocking/isolation function (IPS)
2. “Secure IoT Platform (SIOTP)” is a trust service that guarantees the authenticity of IoT devices through secure certificate authority operations and device certificate distribution and management by certificate providers.

■ Overview and results of the demonstration experiment
In this demonstration experiment, we conducted various cyber attacks on a building in operation and verified that the BA security functions described above were ensured. As an example, when verifying unauthorized access, we intentionally perform unauthorized communication from within the BA system, and the IoT-GW *3 We have confirmed that the IDS/IPS function based on the permission list installed in the system can reliably detect and block such communications. We also verified and confirmed the function of the electronic certification authority, which registers devices that are allowed to connect to the BA network in advance, certifies only the registered devices, and allows communication.

■Flow of introducing “Smart Secure Service” into a building
In order to realize a secure smart building, at the ICT planning stage, we will formulate a "security policy" in accordance with the Ministry of Economy, Trade and Industry guidelines based on the overall building concept and implementation details. At the ICT planning stage, we consider things including "Smart Secure Service" to materialize our security policy. At the design stage, security drawings are created, and after the necessary development and testing, the system is introduced into the building and operated and maintained through remote monitoring (Figure 2).

• *1 IDS: Intrusion Detection System
• *2 IPS: Intrusion Prevention System
• *3 IoT-GW: Communication equipment that processes data with low power consumption and high speed, reducing communication volume and cloud processing load.

[Main roles and contact information of each company]

■ Takenaka Corporation
When designing and constructing smart buildings, we formulate security policies based on industry guidelines and past results, embody policies including "Smart Secure Service," and provide security design and implementation.

■ SBT
Providing technical support for proposal, design, and implementation of "Smart Secure Service," design and construction support for in-building networks, and 24-hour, 365-day remote monitoring service (Network Operation Center) and help desk after operation.

■ NEC
Provision of cloud services (NEC IoT System Security Lifecycle Services) and implementation devices (NEC AI Accelerator) that realize the IoT-GW services that make up "Smart Secure Service", and provision of applications associated with IoT-GW and their maintenance services.

■ CTJ
Provision of IoT Linux OS "EMLinux" installed in NEC AI Accelerator and "Secure IoT Platform" (operation of electronic certification authority that identifies pre-registered IoT devices and distribution and management of device certificates)

• *Company names, product names, and service names mentioned in this release are trademarks or registered trademarks of our company or each company or organization.