Introduction | Spirit | History | Technology | Human Resource | Formation | ![]() |
Protecting the critical infrastructures of companies and society
ICS security countermeasures
Experts point out that industrial control systems (ICS) generally lag behind information systems in terms of security countermeasures, and security concerns surrounding ICS have been heightening in recent years. To help ensure that industrial plants, power plants, factory production lines, and so on do not come under cyber attacks and grind to a halt, JPCERT/CC collects and disseminates information that can be used to enhance ICS security, as well as responding to incidents and raising awareness.
Threat of cyber attacks is becoming a reality
In the end of 2015, a coordinated cyber attack was carried out against power facilities in Ukraine. In this incident, the attackers first intruded into an information system to find out the access route to an ICS, from which they entered a power transmission system and caused a major power outage affecting tens of thousands of households.
It used to be understood that an ICS is secure if it is cut off from other systems, or if external contact points are kept to a minimum. Recently, however, entry points for cyber attacks have increased due to linkage with ERP systems and other external systems, and more frequent use of temporary external connections with engineering PCs, USB devices, and so forth. In fact, cases of malware infection via such access routes are growing, infecting the universal operating system and other components of ICS.
Today, ICS is as much a target of cyber attacks as information systems, and if a security incident were to occur, the resulting damage can be enormous, including property damage and threats to human life.
Security awareness and countermeasures are especially required for mission critical systems
A wide range of critical infrastructures, including public utilities, railroads, aviation, logistics, and manufacturing, use ICS. At JPCERT/CC, we conduct awareness-raising activities targeting industries that use ICS, including the ICS Security Conference held each year in February, as well as lectures, surveys, research, and presentations. Since this is a relatively new field with limited case examples, learning from incidents abroad and the latest security countermeasures discussed at overseas conferences is essential.
At the Security Conference
Seven services provided by JPCERT/CC for ICS
At JPCERT/CC, we provide various service options tailored for ICS, based on services designed for information systems. The setup can be characterized as a smaller version of JPCERT/CC for ICS.
- ICS incident response support
- Collection, analysis, and dissemination of threat and reference information
- Vulnerability information handling
- Provision of self-assessment tools
- ICS assessment services
- Awareness-raising activities and external coordination
- Surveys and research
Prevention activities are key to nipping critical incidents in the bud. It is important to ensure that no ICS is connected to the Internet without protection. We search for any Internet-reachable ICS. If there is, we contact and alert the company or organization concerned. We also gather and analyze information about ICS security from websites and mailing lists around the world, overseas CSIRTs, and other sources. We then compile this information into security alerts, reference information, newsletters, news clips, and so on, and provide them through our mailing lists and ConPas [Figure 1], a special portal site for ICS security information.
As a first step in implementing security countermeasures, we provide J-CLICS [Figure 2], a simple self-assessment tool that visualizes the status of ICS security countermeasures. For a more in-depth assessment, we provide the Japanese version of SCADA Self-Assessment Tool (SSAT), both available for free.

Figure 1: ConPas screen

Figure 2: J-CLICS simple self-assessment tool

ConPas: Control System Security Partner's Site
This portal site specializes in ICS security information. It provides materials including security alerts and reference information, newsletters, and security information distributed via mailing lists for sharing ICS information, guides to enhancing ICS security (documents related to ICS security, international standards, etc.), and survey and research reports. It can also be used as an archive of newsletters and reference information issued in the past.
(Japanese Only)
Introduction | Spirit | History | Technology | Human Resource | Formation | ![]() |