《東芝（TOSHIBA）：2023網絡安全報告（英文版）（43頁）.pdf》由會員分享，可在線閱讀，更多相關《東芝（TOSHIBA）：2023網絡安全報告（英文版）（43頁）.pdf（51頁珍藏版）》請在三個皮匠報告上搜索。

1、As typified by automobiles and TV,our lives and social infrastructure are becoming more and more convenient with digitization and network connection.The wave of digitization has also reached industrial fields such as factory operations,construction,and agriculture,and we are seeing the results of pr

2、oductivity improvement and labor saving.Toshiba Groups vision is to promote the digitization of society,industry,and conditions in peoples lives,create new services,and contribute to building a sustainable society.To realize this vision,it is important to implement cyber security initiatives to prop

3、erly protect and manage collected data.We must strengthen security in cyberspace to protect society,social infrastructure,and industry from cybercrime.However,as cyberattacks become more sophisticated and risks increase,it is becoming hard to completely eliminate attack damage,no matter how prepared

4、 one may be.Hence,the growing importance of“resilience,”that is,the ability to respond promptly and appropriately when an incident occurs to minimize damage and recover quickly.Based on Toshiba Groups management philosophy“Committed to People,Committed to the Future”we want to provide peace of mind

5、not only in the physical world,but also in digital space,using the knowledge and experience we have gained through 148 years of continuous manufacturing since our founding in 1875.The purpose of this report is to provide our customers,shareholders,business partners,and all other stakeholders with an

6、 understanding of the efforts implemented by Toshiba Group in strengthening cyber security.We sincerely hope that this report will inspire your trust in our products.Message from the Chief Information Security Officer(CISO)Improving the resilience of social infrastructure as a wholeExecutive Officer

7、,Corporate Senior Vice President and CISOToshiba CorporationYutaka SataAs of March 31,2023Toshiba Groups Cyber Security Report 20231With rapid digitization of everyday life,cyber-crimes have become common nowadays.All of a sudden,anyone could be deprived of their valuable assets or involved in an ou

8、trageous crime.As an enterprise that supports peoples lives,Toshiba Group has endeavored to afford safety and security to society and its customers.Leveraging extensive experience and expertise cultivated through more than 145 years of history,we offer electricity supply,public transportation,and ot

9、her infrastructure services as well as data services using cutting-edge digital technologies.We would like to contribute to the betterment of peoples lives and culture in both physical and cyber realms.As these services can be a target of cyberattacks,security enhancement is one of the most crucial

10、issues.To protect society from invisible threats,Toshiba Group works with one accord to establish a robust cyber security system,comply with the related laws and regulations,and develop cyber security specialists while being committed to active and honest information disclosure to customers.We accor

11、d the highest priority to the protection of customers privacy.Therefore,we consider it crucial to properly manage personal data acquired through our business activities in order to prevent its leakage and unauthorized use.In the event of a security incident,we will do our utmost to minimize damage,i

12、dentify its cause,and expedite the recovery of the affected system.With firm resolve,we commit ourselves to protecting society from invisible threats.With unwavering determination to protect society from invisible threatsToshiba Groups Manifesto on Cyber SecurityCommitted to People,Committed to the

13、Future.At Toshiba,we commit to raisingthe quality of life for people aroundthe world,ensuring progress that isin harmony with our planet.Our ValuesBasic Commitment of the Toshiba GroupOur PurposeDo the right thingWe act with integrity,honesty andopenness,doing whats rightnot whats easy.Look for a be

14、tter wayWe continually strive to find new andbetter ways,embracing changeas a means for progress.Always consider the impactWe think about how what we dowill change the world for the better,both today and for generations to come.Create togetherWe collaborate with each other andour customers,so that w

15、e can growtogether.The Essence of ToshibaThe Essence of Toshiba comprises threeelements:Basic Commitment of the ToshibaGroup,Our Purpose,and Our Values.With Toshibas Basic Commitment kept close toheart,we clarified our purpose the diferencethat Toshiba Group makes in society togetherwith our values,

16、the shared beliefs that guideour actions.The Essence of Toshiba is the basis for the sustainable growth of the Toshiba Group andthe foundation of all corporate activities.We are Toshiba.We have an unwavering driveto make and do things that lead to a better world.to A planet thats safer and cleaner.A

17、 society thats both sustainable and dynamic.A life as comfortable as it is exciting.Thats the future we believe in.We see its possibilities,and work every day todeliver answers that will bring on a brilliant new day.By combining the power of invention withour expertise and desire for a better world,

18、we imagine things that have never been and make them a reality.That is our potential.Working together,we inspire a belief in each other andour customers that no challenge is too great,andtheres no promise we cant fulfill.We turn on the promise of a new day.Toshiba Groups Cyber Security Report 202332

19、023 21Enhancing Prediction and Detection 21Enhancing the Security of Endpoints Using EDR Tools 22Security Measures for Internet Connection Points 23Security Incident Response 25Advanced Attack and Penetration Assessment from Hackers Perspective 26Self-Audit and Security Assessment 27Utilization of C

20、yber Threat Intelligence 28 29Initiatives for Enhancing Product Security 29Prompt and Reliable Response to Security Vulnerabilities 31 5 6 7 8Governance 10Security Operations 14Human Resources Development 17 19Personal Data Protection 19Compliance with Overseas Laws and Regulations 20Message from th

21、e Chief Information Security Officer(CISO)1Toshiba Groups Manifesto on Cyber Security 2The Essence of Toshiba 3Offering of Secure Products,Systems,and Services 33R&D 41External Activities 44Third-Party Assessment and Certification 45Pursuit of the Sustainable Development Goals(SDGs)48Business Overvi

22、ew of Toshiba Group 49Visions and StrategiesCyber Security InitiativesContentsDigitization strategies for the realization of a carbon-neutral circular economyResponse to supply chain risksEfforts toward realization of cyber resilience Toshiba Groups cyber security vision Privacy Governance Initiativ

23、esSecurity Measures for Internal IT InfrastructureSecurity Measures for Products,Systems,and ServicesChapter1Chapter2Cyber SecurityReportToshiba Groups Cyber Security Report 20234Chapter1Digitization strategies for the realization of a carbon-neutral circular economyVisions and StrategiesFor many de

24、cades,Toshiba Group has been engaged in major national infrastructure projects,including those related to electric power,railways,water supply,and sewage treatment.Toshiba Group has formulated three strategies for digital evolution(DE),digital transformation(DX),and quantum transformation(QX)to adap

25、t to profound changes that will occur as digitization accelerates toward the realization of a circular,carbon-neutral economy.DE,the first step of digitization,focuses on the decoupling of the hardware and software of infrastructure to make it possible to network diverse infrastructure systems and a

26、dd various software applications to create new services.The next stage is DX,which requires the standardization of software layers so that all software can communicate with any hardware and software applications from third parties,thereby facilitating the development of platforms.Toshiba Group aims

27、to develop a data business in order to create new services using personal and industrial data derived from platforms.As we aim to become an enterprise capable of contributing to the realization of a circular,carbon-neutral economy,the final stage beyond DX is to lead the way to QX,or quantum-inspire

28、d approaches to interconnecting platforms across industries to find the optimum solution for complex problems in the carbon neutrality assumption,etc.Source:FY2022 Toshiba Group Management PolicyBased on Toshiba Groups management philosophy of“Committed to People,Committed to the Future,”our goal is

29、 to create a sustainable future,which we aim to achieve by building infrastructure that enables everyone to enjoy safe and secure lives,establishing a connected data society that achieves social and environmental stability,and realizing a carbon-neutral circular economy,digitalization of infrastruct

30、ure,and quantization.An important key to fulfilling this vision is the adoption of digital technology,and we believe that with the development of the digital economy,new social value will be created by connecting various businesses and transcending the boundaries between different industries.Cyber r

31、esilience is essential for the development of the digital economy.As the digitization of various infrastructure advances,there is an increasing risk of cyberattacks having a physical impact on social infrastructure.It is essential to ensure security in order to connect various businesses across indu

32、stries,and ensuring the reliability of data that is distributed and used is also an important issue.Furthermore,it is desirable to achieve safe network environments with security capable of withstanding even quantum computers.Exercising our responsibility as an enterprise that promotes digitization,

33、we are engaged in cybersecurity-strengthening initiatives that contribute to the realization of a sustainable,carbon-neutral circular economy by providing safe and secure infrastructure and building a securely connected data society.In these efforts,we combine our extensive knowledge of infrastructu

34、re rooted in a wide range of business areas and cultivated over Toshiba Groups history of more than 145 years with the know-how of security operations for information systems supporting approximately 110,000 employees.Toshiba Groups Cyber Security Report 20235Response to supply chain risksSOAR：Secur

35、ity Orchestration,Automation and ResponseIn order to realize a carbon-neutral circular economy,digitization of infrastructure,and quantization,we need to work even more closely with our customers and business partners than ever before.Moreover,there is a greater need than ever to strengthen measures

36、 against supply chain risks,so as not to increase security risks to each others business.The supply chain means the process that covers the entire product lifecycle,from procurement of the products raw materials and parts,to manufacturing,sales,use,and disposal.This process involves multiple compani

37、es,and cyberattacks that exploit this system are called“supply chain attacks.”According to the“10 Major Threats to Information Security for 2023(Organization Edition)”selected by the Information-technology Promotion Agency(IPA)based on conditions of information security incidents and threats,“attack

38、s that exploit weaknesses in the supply chain”have now been moved up in rank from 3rd place in 2022 to 2nd place,and the social impact of supply chain risks is increasing.Specific examples of supply chain risks include tampering and embedding of unauthorized programs and firmware in the manufacturin

39、g and distribution processes of ICT products and services,and the exploitation of companies with contractual relationships such as business partners and subcontractors that have insufficient cyber security measures,which are then used as stepping stones to deliver ransomware,etc.and cause damage.As

40、a manufacturer that provides products to customers and as a procurer that commissions suppliers,Toshiba Group is engaged in the following efforts for supply chain security:1)vulnerability management of shipped products,2)utilization of attack surface survey,and 3)human resource development and enlig

41、htenment.1)Vulnerability management of shipped productsCurrently,the number of software-vulnerability-related new registrations put out by the IPA is about 4,000 every quarter.Unless we understand which of our products contain vulnerable software components and which do not,we cannot implement appro

42、priate countermeasures.For this reason,whenever necessary,Toshiba Group matches the configuration information of product software components with the vulnerability information published by IPA and other organizations.If software with vulnerabilities is detected,we notify the product department of th

43、e results.Additionally,we have commenced building a system based on SOAR*to manage the response status of each department.Furthermore,by visualizing the number of new vulnerability notifications,the response status of each product,the vulnerabilities whose response deadlines are approaching,and so f

44、orth,we are able to share the information on circumstances not only with development divisions,but also with upper management,administrative divisions,and other departments throughout the entire company,and we are promoting the use of this shared information as an indicator for cyber security manage

45、ment.2)Utilization of attack surface surveyWe had been distributing Toshiba Group product security quality guidelines to subcontractors to whom we outsource software development,and conducting inspections of new business partners,regular voluntary inspections,and on-site inspections.However,in addit

46、ion to the high cost of inspections,it was difficult to actually find security holes through voluntary inspections alone,making it difficult to achieve thorough management.Therefore,we have now focused attention on the attack surface survey,which objectively evaluates a companys security level,and w

47、e are currently carrying out partial utilization of this.The attack surface survey automatically investigates the status of security measures for externally accessible networks,applications,endpoints,etc.,as well as the application status of patches.It observes vulnerabilities hidden in information

48、assets available to the public(such as whether vulnerable services are open to the Internet,whether old operating systems and browsers are being used,etc.),calculates the probability of a breach occurring in the organization/business,and visualizes the security level.Based on this information,we can

49、 request subcontractors to make corrections,and can thereby expect to reduce security holes.3)Human resource development and enlightenmentSupply chain security needs to be understood not only by designers and operational engineers,but also by upper management,sales personnel,and staff,so we are cond

50、ucting e-Learning for“Supply Chain Security Education”throughout Toshiba Group.Additionally,some business units are conducting cyber security training and taking steps to strengthen their incident response capabilities in order to ensure that the procedures to be followed by each responsible person

51、in the event of a cyber incident can be reliably carried out according to the manual.Chapter1Toshiba Groups Cyber Security Report 20236Toshiba Group has adopted a high-level security philosophy called“cyber resilience”in order to achieve comprehensive solutions for information,product,control,and da

52、ta security.The word“resilience”means the ability to withstand or recover quickly from difficult conditions.The purpose of cyber resilience is to be prepared for cyberattacks and other security incidents so as to minimize their impact and facilitate prompt recovery from any incidents.Toshiba Group h

53、as defined parameters that must be met to increase cyber resilience and thereby minimize the impact of security incidents on infrastructure systems.There are three parameters represented by PMR:P for“prepare,”M for“mitigate,”and R for“respond&recover.”P denotes preparations for cyber security incide

54、nts;M signifies mitigation of a loss caused by an incident;and R indicates the time required to deal with and recover from an incident.To become cyber-resilient,it is necessary to promote P and M and reduce R.Toshiba Group is strengthening its cyber security preparedness with the aim of achieving cy

55、ber resilience.Here,“cyber security preparedness”means a state fully prepared for extensive security risks.Specifically,it encompasses three elements:1)governance to clarify decision-making processes and a chain of command in order to promote P and M,2)security operations,including prediction&detect

56、ion,response&recovery,and protection,in order to promote M and reduce R,and 3)personnel responsible for the implementation and enhancement of these operations.These three elements should be enhanced and regularly maintained so that they are implemented in an orchestrated manner.With the evolution of

57、 CPS systems,not only information systems but also development environments,production apparatus,and operation systems for social infrastructure and industrial systems as well as some of their control systems will migrate to the cloud.Physical systems will be controlled from cloud platforms in cyber

58、space.Then,the conventional software-defined perimeter(SDP)security model will become inappropriate and unreliable since it is designed on the assumption that all devices within a notional corporate perimeter can be trusted.Therefore,a zero-trust architecture,a security model that always verifies in

59、dividual resources(e.g.,people and devices)without respect to location is becoming essential.Under zero trust,each of the devices connected to a network is authenticated and monitored in real time.Therefore,a zero-trust policy requires an automated and sophisticated security operation.In response to

60、 these circumstances,Toshiba Group is taking proactive action to support the evolution of CPS systems through the“Energy Digital”and“Infrastructure Digital”strategies.Efforts toward realization of cyber resilienceSystem performanceTimeBefore an incidentDuring the incidentAfer the incidentPrepareMiti

61、gateRespond&RecoverIdentifyProtectDetectRespondRecoverCyber resiliencePreparationDamage minimizationPrompt recovery Secure development and proper vulnerability handling to improve system health Threat hunting to remove potential risks Periodic training to prepare for incidents Using real-time threat

62、 intelligence and information about assets to detect malware promptly Using log information for initial action to minimize damage Using threat intelligence and log information to facilitate forensic investigations Automating the SIRT process to check for oversights and achieve prompt recoveryChapter

63、1Toshiba Groups Cyber Security Report 20237With the recent progress of digitization in many areas of industry and society,the targets of cyberattacks are expanding to include control systems and devices for social infrastructure,exposing them to the increasing risk of cyber-induced physical continge

64、ncies such as cyber hijacking and forced shutdown.Under these circumstances,the mission of Toshiba Group is to provide greater support than ever before for its customers business and society and help realize a safe and secure sustainable society.To fulfill this mission,it is essential to accurately

65、assess the convenience of digital technologies and the risk of cyber threats and accordingly shift the focus from conventional protection-oriented security measures to sustainable security solutions encompassing both information and control systems.To keep up with the evolution of digitization,Toshi

66、ba Group is endeavoring to step up cyber security not only for internal information systems and production systems at its factories and other facilities but also for its products,systems,and services offered to customers.Its initiatives are aimed not only to enhance security via security by design a

67、t the design and development stages but also to predict and be prepared for security risks at the operational stage by constantly monitoring internal and external security threats.Toshiba Group quickly responds to security incidents to minimize damage and expedite business recovery in the event of a

68、n incident.We also emphasize“security lifetime protection,”a concept stressing the importance of sustainable security that incorporates the evaluation and verification of up-to-the-minute security threats and their countermeasures as well as feedback to the design and development processes of produc

69、ts and services.To realize this,Toshiba Group defines cyber security management as a series of organically connected processes from six perspectives:1)Governance,2)DesignProtection,3)PredictionDetection,4)ResponseRecovery,5)Evaluation Verification,and 6)Personnel.Toshiba Group has set its goals as“T

70、oshiba Cyber Security Visions”from these perspectives.To attain these goals,we endeavor to enhance our cyber security initiatives so as to remain a trusted partner for our customers through the provision of our products and services.Security-by-design:A product development approach that focuses on s

71、ecurity at the planning and design stagesToshiba Groups cyber security visionPrediction&DetectionSOC(Security Operation Center)SIRT(Security IncidentResponse Team)Response&RecoveryDesign methodologiesCountermeasure solutionsSecurity by designAssessmentAttack and penetration simulationEvaluation&Veri

72、ficationCyber-PhysicalSystemSecurity Lifetime ProtectionPrediction&DetectionResponse&RecoverySecuritybyDesignEvaluation&VerificationGovernanceContinuously increasing the maturity level of cyber security management through PDCA cyclesDesign&ProtectionProper implementation of product and system develo

73、pment processes to prevent vulnerabilitiesReal-time detection of internal and external security threats that could afect Toshiba Group or its productsPrompt minimization of damage and swif business recovery in the event of security incidentsEvaluation&VerificationEvaluating and verifying products an

74、d systems so as to be prepared to respond to new vulnerabilitiesTraining and enhancement of necessary security personnelPrediction&DetectionResponse&RecoveryPersonnelToshiba Groups cyber security visionChapter1Toshiba Groups Cyber Security Report 20238In order to put these goals into practice,starti

75、ng with consideration of security governance,we began by establishing Toshiba Groups Chief Information Security Officer(CISO)in November 2017.CISO assumes full responsibility for the management of cyber security risks and facilitates decision-making for grave security incidents that could affect bus

76、iness management.A chain of command was defined so that CISO can promptly provide precise directions for group companies.At the same time,Toshiba Group established the Cyber Security Center,which consolidates the CSIRT1 responsible for addressing security risks concerning information assets and pers

77、onal data stored in in-house information systems and the PSIRT2 responsible for managing security risks concerning products,systems,and services provided by Toshiba Group.The CSIRT and PSIRT cooperate to ensure that all systems at Toshibas factories and other facilities are properly secured.The Cybe

78、r Security Center strives to enhance the cyber security governance of Toshiba Group,incorporating security rules into in-house regulations,establishing security management systems at group companies,addressing cyber security vulnerabilities at the product development and post-shipment stages,and sta

79、ndardizing the risk evaluation policy.In addition,the Cyber Security Center provides a single channel of contact for security-related organizations in Japan and abroad while group companies have a point of contact for liaison with the Cyber Security Center,promoting the sharing of internal and exter

80、nal information.To strengthen security operations such as prediction&detection,response&recovery,and protection,the Cyber Security Center is currently developing a security management platform called the Cyber Defense Management Platform(CDMP)3.The purpose of CDMP is to increase the accuracy and exp

81、ediency of security risk detection and response and thereby enhance cyber resilience.The CDMP is designed to automate the“prediction and detection”and“response and recovery”processes and actively use threat intelligence4 in order to minimize the impact of security risks on corporate activities.In Ap

82、ril 2019,Toshiba Group established the Cyber Security Technology Center at the Corporate Research&Development Center,where in-house security experts are gathered to enhance security technologies.The roles of the Cyber Security Technology Center encompass R&D,technical support,and implementation assi

83、stance regarding cyber security technology.In order to develop security personnel across Toshiba Group,Toshiba Group provides education on information security,personal data protection,and product security for all employees with the aim of enhancing security consciousness.In addition,Toshiba Group e

84、ndeavors to improve security quality at the product development stage while offering education and qualification programs designed to develop security personnel responsible for dealing with security incidents.The following sections describe the specific measures that we are currently implementing in

85、 relation to governance,security operations,and human resource development.1 Computer Security Incident Response Team2 Product Security Incident Response Team3 CDMP:Cyber Defense Management Platform4 Threat intelligence:A collection of information about cyber threat trends and cyberattacks by hacker

86、s that supports decision-making concerning cyber securityCoordination with external organizations:Information gathering,dispatch,and reportingEstablishment of a team andpromotion of security measuresPersonnelSecurityoperationsGovernanceHuman resource development,trainingCyber security management fra

87、meworkPrediction&DetectionResponse&RecoverySecurity by designEvaluation&VerificationCyber-PhysicalSystemPrediction&DetectionResponse&RecoverySecuritybyDesignEvaluation&VerificationChapter1Toshiba Groups Cyber Security Report 20239To promote consistent Group-wide measures against risks related to Tos

88、hiba Groups information systems,our products,systems,and services(hereinafter collectively referred to as“products”),and privacy and personal information protection,we have established the Basic Regulation for Cyber Security,under which we have established rules for information security,product secu

89、rity,privacy,and personal information protection.GovernanceToshiba Group properly manages cyber security risks that could have a severe impact on corporate management and have a management system in place that is designed to cope with various types of cyberattacks.In addition,Toshiba Group endeavors

90、 to maintain social trust and establish supply chains that enable a stable supply of high-quality products by cultivating a corporate culture that prioritizes safety and security and providing thorough protection of information about customers,suppliers,and individuals.Basic policyToshiba Group rega

91、rds all information,such as personal data,customer information,management information,technical and production information handled during business activities,as its important assets and adopts a policy to manage all corporate information as confidential information and ensure that the information is

92、 not inappropriately disclosed,leaked,or used.Given this,Toshiba has a fundamental policy to manage and protect such information assets properly,with top priority on compliance.The policy is stipulated in the chapter Corporate Information and Company Assets of the Standards of Conduct for Toshiba Gr

93、oup,and managerial and employee awareness on the same is encouraged.Basic policy on information security managementIn keeping with the Standards of Conduct for Toshiba Group on Product Safety and Product Security,Toshiba Group endeavors to comply with relevant laws and regulations,to ensure product

94、safety and product security,and to proactively disclose reliable safety information to our customers.Furthermore,we continually research safety-related standards and technical standards(UL Standards1,CE Marking2,etc.)required by the countries and regions where we distribute products and display the

95、safety compliance of our products by the relevant standards and specifications.Basic policy on product safety and product security1 UL standards:Safety standards established by UL LLC(Underwriters Laboratories Inc.)that develops standards for materials,products,and equipment and provides product tes

96、ting and certification2 CE marking:A certification mark that indicates conformity with the safety standards of the European Union(EU).The CE marking is required for products sold within the European Economic Area(EEA).Toshiba Group protects personal data obtained from its stakeholders during busines

97、s activities appropriately in accordance with the Personal Information Protection Act,the related laws and regulations,national guidelines,and other rules,recognizing that personal data is an important asset for each stakeholder and an important asset for Toshiba,leading to the creation of new value

98、.In addition,Toshiba Group endeavors to implement,maintain,and continually improve its personal data protection management system as per in-house regulations.Privacy policyToshibas privacy policy:https:/www.global.toshiba/ww/privacy/corporate.htmlBasic Regulation for Cyber SecurityInformationsecurit

99、yPolicyGeneral regulationsSpecificregulationsManualsGuidelinesProductsecurityPrivacy/Personalinformation protectionInformationSecurity GuidelinesProduct SecurityGuidelinesPersonal informationprotection guidelines,etc.Standards of Conduct for Toshiba GroupToshiba Groups regulations related to cyber s

100、ecurityChapter1Toshiba Groups Cyber Security Report 202310To promote cyber security measures,Toshiba Group has established a cyber security management system under the direction of the CISO.The TOSHIBA-SIRT1 assists the CISO in reviewing the following matters to be discussed by the Cyber Security Co

101、mmittee:the basic policy,project team,and action plans for the cyber security management of the entire Toshiba Group and how to respond to cyber security incidents that could develop into a major crisis.The TOSHIBA-SIRT,which has the functions of both CSIRT and PSIRT,supervises the cyber security me

102、asures of the entire Toshiba Group and provides support for all group companies in Japan and abroad.Each key group company overseeing other subsidiaries also has a CISO,who is responsible for the implementation of security measures consistent with those of Toshiba Group and the establishment of a cy

103、ber security management system for the company.The CISO of each key group company assumes the responsibility for its own cyber security and that of the domestic and overseas subsidiaries operating under its umbrella.The CSIRT of each company is responsible for implementing information security measu

104、res and responding to information security incidents whereas the PSIRT is responsible for implementing product security measures and responding to product vulnerabilities.The Cyber Security Committee2 discusses matters necessary for the implementation of cyber security measures at key group companie

105、s and how to respond to cyber security incidents that could develop into a crisis.Management systemToshiba Group holds quarterly Toshiba Group CISO meetings where the CISOs of key group companies formulate and review its cyber security policies and measures.Toshiba Group operates in a wide range of

106、industrial sectors,including energy,social infrastructure,electronic devices,and digital solutions,and the cyber security measures required for each of these are not necessarily uniform.Therefore,at the Toshiba Group CISO meeting,we discuss cyber security strategies and policies common to the entire

107、 Toshiba Group while the CISOs of key group companies share the initiatives and issues of each group company to help resolve their respective issues.To combat increasingly sophisticated cyberattacks,key group companies are enhancing cooperation to strengthen the overall cyber security capabilities o

108、f Toshiba Group.Toshiba Group CISO meetings1 SIRT:Security Incident Response Team2:In some cases,other committees perform the same functions.EnhancedcooperationEnergysystems&solutionsInfrastructure systems&solutionsBuilding solutionsRetailing&printingsolutionsElectronic devices&storage solutionsDigi

109、talsolutionsChief Executive Oficer(CEO)Chief Information Security Oficer(CISO)Management Executive:Key group company CISO/head of in-house company,staf divisionCSIRT and PSIRT ofkey group companyCyber SecurityCommitteeInformation SecurityCommitteeCyber SecurityCommitteeKey group companies,in-house c

110、ompanies,staf functions,and branch oficesManagement Executive:Toshiba Group company CISO/PresidentCSIRTPSIRTToshiba Group companies in Japan and abroadTOSHIBA-SIRTSecretariat:Cyber Security CenterCyber Security Management StructureChapter1Toshiba Groups Cyber Security Report 202311A worldwide securi

111、ty assurance framework for the entire Toshiba Group is becoming increasingly important in promoting business globally.In reality,Toshiba Group experienced a security incident in which an attack against one of its overseas subsidiaries affected a subsidiary in another country.Toshiba Group has a cybe

112、r security management system to facilitate the implementation of cyber security measures(page 10).Toshiba Corporation communicates security instructions to all its subsidiaries via key group companies to ensure that they are properly implemented.Each key group company is responsible for the cyber se

113、curity of itself and all the subsidiaries operating under its umbrella.As opposed to the hierarchical cyber security management system,the Security Operation Center(SOC)and Toshiba PSIRT provide centralized monitoring of and response to cyber threats against internal IT infrastructure for all group

114、companies in Japan and abroad.They perform correlational analysis of all the incidents affecting internal IT infrastructure while collecting all the information concerning security incidents,thereby facilitating early detection of and response to security incidents.In addition,some regions and count

115、ries are tightening laws and regulations concerning information security and personal information protection,sometimes making it necessary to employ different measures tailored to their specific requirements.Therefore,Toshiba Group keeps track of the related laws and regulations around the globe so

116、as to be able to adapt to any legal and regulatory changes promptly.Global security governance systemTo enhance the cyber security management level,Toshiba Group sets maturity goals and performs self-assessment designed to elevate the level of goal management.Maturity assessment is intended to visua

117、lize the gaps between current conditions and goals so that each group company can implement countermeasures to steadily improve its cyber security management maturity.We assess both the information security level of the CSIRT and the product security level of the PSIRT.The basis of this assessment i

118、ncludes the SIM31 maturity model that is widely used worldwide,the Cybersecurity Management Guidelines of the Ministry of Economy,Trade,and Industry(METI)of Japan,and the Cybersecurity Framework of the U.S.National Institute of Standards and Technology(NIST2).Maturity levels are graded on the scale

119、of 1-5 in respect to1)governance,2)external collaboration,3)secure development and evaluation,4)risk management,5)SOC,6)incident response,and 7)educational program.Since 2020,we have expanded the Self-Assessment of Cyber Security Management Maturity to include Toshiba Group companies outside Japan,a

120、nd have been pressing forward with the strengthening of cyber security management systems overseas.Self-assessment of cyber security management maturity1 SIM3:Security Incident Management Maturity Model2 NIST:National Institute of Standards and TechnologyGoalFY2021FY2020Results of cyber security man

121、agement maturity self-assessment1.Governance2.Externalcollaboration7.Educationalprogram4.Riskmanagement5.SOC6.Incidentresponse3.Securedevelopmentand evaluation5 54 43 32 21 10 0Chapter1Toshiba Groups Cyber Security Report 202312Donation of“The Poop Cyber Security Workbook,”in collaboration with Bunk

122、yosha,to public elementary schools throughout JapanAs part of our activities for raising awareness of the threat of cyber risks lurking around us and the importance of cyber security to prevent them,Toshiba Group has collaborated with the publishing company Bunkyosha Co.,Ltd.to create“The Poop Cyber

123、 Security Workbook,supported by TOSHIBA”1 that allows children to learn about cyber security in a fun way,which we have made available on our website.2 We also made this workbook into a booklet and donated approximately 83,000 copies to public elementary schools around Japan to raise childrens aware

124、ness of security issues.In recent years,with cyberattacks increasing at an alarming pace,the need for people to protect themselves with cyber security is being emphasized like never before.In this workbook,we have adopted themes that are familiar to children to help them recognize the significance o

125、f cyberattacks that endanger them and understand the cyber security that can protect them against such attacks.In the workbook,the character Unko Sensei presents special lessons to help children understand the necessity of cyber security.In addition,the workbook introduces“hackers for justice(white

126、hat hackers)”who protect society from cyberattacks,and promotes the role and importance of the security industry.Through this workbook,Toshiba Group is helping to raise childrens security awareness,protecting them from the threat of cyberattacks,and working to realize a safe and secure Internet soci

127、ety.1 The Poop Workbook Series:A series of childrens workbooks published by Bunkyosha Co.,Ltd.since March 2017.These workbooks are designed to lower the hurdles of learning with the keyword“poop,”a magic word that makes children happy just by saying it,so that they can learn while having fun.Since 2

128、020,the publishers have been developing educational workbooks,booklets,Internet apps,and videos on a variety of topics in collaboration with various companies,administrative agencies,local governments,and other organizations.https:/ The Poop Cyber Security Workbook:Scheduled to be released by Februa

129、ry 14,2024 https:/www.global.toshiba/jp/cybersecurity/corporate/unkodrill.htmlMessage for Cybersecurity Month from CISO(Excerpt)Endorsing Cybersecurity Month observed by the National Center of Incident Readiness and Strategy for Cybersecurity(NISC)of Japan,Toshiba Group observes February as Cybersec

130、urity Month.The CISO of Toshiba Group delivers a message for Cybersecurity Month,focusing on cyber security trends of the year,including considerations for information security and the security measures for the products that Toshiba Group ships.To raise the security awareness of employees,we also po

131、st this information on the in-house web portal.To ensure cyber security,it is crucial to keep track of the latest trends and share information among all parties concerned.Therefore,we have formed a community to disseminate and share information,including domestic and international news on cyber secu

132、rity,vendor reports,news releases from industry associations,media reports about national policies,and press releases.Activities for raising cyber security awarenessChapter1Toshiba Groups Cyber Security Report 202313We believe that the purpose of the CDMP is to protect not only internal IT infrastru

133、cture,but also production facilities such as factories and the products provided to customers,and in the future this will be extended to include customer and business partner systems that share connections with these.Specifically,the CDMP provides the functions shown below,some of which commenced op

134、eration in January 2019.CDMP overviewThis section describes the initiatives undertaken by Toshiba Group to enhance its security operations.At present,Toshiba Group is developing a security management platform called the CDMP1 with the aim of increasing the accuracy and expediency of security risk de

135、tection and response in order to enhance its cyber resilience.The CDMP is designed to automate the“prediction and detection”and“response and recovery”processes and actively use cyber threat intelligence2 in order to minimize the impact of security risk on corporate activities.Security Operations1 CD

136、MP:Cyber Defense Management Platform2 Cyber threat intelligence:A collection of information about cyber threat trends and cyberattacks that supports decision-making concerning cyber securityThe CDMP consists of the following functions:The threats in cyberspace are constantly growing.Since resources

137、for responding to these threats are limited,Toshiba Group is endeavoring to automate the response to and the recovery from security incidents while accumulating knowledge and using AI to achieve high-accuracy security operations with limited resources.In regard to automation,we are promoting the int

138、roduction of an automation platform called SOAR,1 on which we are utilizing threat intelligence,and we are progressing with automation of incident investigation and response.In addition,we are promoting new initiatives such as developing a dashboard to enable the CISO,CSIRT,and PSIRT personnel of ea

139、ch group company to grasp the security incidents and response status within their companies and help them respond promptly,and utilizing ASM2 solutions to identify those IT assets open to the public that are at risk of cyberattacks.Prediction and detection of security threats(SOC)Detecting security

140、incidents by monitoring system states(see page 18)Incident response and recovery(C/F/PSIRT)Responding to security incidents and recovering the affected systems(see pages 14,20,26)Threat analysis function Preventing cyber threats by using threat intelligence(see page 23)Improving the analysis accurac

141、y by accumulating knowledge and using artificial intelligence Evaluation and verification Evaluating and verifying products and systems from the hackers perspective(see page 21)Protection Protection using state-of-the-art security measures(see page 22)1 SOAR:Security Orchestration,Automation and Res

142、ponse2 ASM:Attack Surface ManagementCyber Defense Management Platform(CDMP)Cyber threat intelligenceInternal IT infrastructureProduction facilities(factories)Products,systems,and servicesCustomers and suppliersThreat analysis functionEvaluation and verification functionProtection(latest security mea

143、sures)Prediction and detection ofsecurity threats（SOC）Incident response and recovery（C/F/PSIRT）SOC：Security Operation Center C/F/PSIRT：Computer/Factory/Product Security Incident Response TeamP14Chapter1Toshiba Groups Cyber Security Report 202314The purpose of information security incident response t

144、raining is to minimize the impact of incidents on business by ensuring the smooth sharing of information and appropriate response flow among relevant departments when an incident actually occurs.As an example of response training,imagining that a PC has become infected with malware,the PC that is as

145、sumed to be infected is actually isolated from the network,its logs are checked,and we verify whether communication between related organizations is properly carried out according to the predetermined response flow for when an incident occurs.We take the findings and issues learned from this trainin

146、g and utilize them in the next training,and we continue to promote initiatives to achieve cyber resilience,such as conducting training that includes overseas group companies and follow-up education.Information security incident response trainingProduct security incident response training is conducte

147、d to confirm whether systems and flows,such as information sharing,communication pathways,decision points,and advance preparations,are in place to appropriately respond to actual incidents.The purpose is to improve those systems and flows through training and to minimize the impact of security incid

148、ents on business.For training,in regard to products that may encounter security incidents and the nature of those incidents within business divisions,we first create response scenarios that include communication methods,flows,and target times in the event of an incident,in accordance with the rules

149、of Toshiba and its key Group companies.After that,we carry out communications and mock meetings according to the scenario,measure the implementation time,and identify points for improvement in the response system and flow.By repeating such training,we can verify that the response system and status o

150、f establishing the response flow are adequate.The EU Cyber Resilience Act,published on 15 September 2022,includes time constraints in its vulnerability response requirements,such as mandated reporting to ENISA*within 24 hours of becoming aware of an actively exploited vulnerability or occurrence of

151、a security incident.It is expected that these requirements will be included in the laws of other countries at some point in the future,and so it is essential to confirm the status of establishing a response system.In light of these circumstances,in the future,we plan to increase the number of traini

152、ng organizations,including overseas subsidiaries,and expand the scope of training to include more departments and relevant parties with related roles.Product security incident response training The European Union Agency for CybersecurityP15Chapter1Toshiba Groups Cyber Security Report 202315Through t

153、he questionnaire of this training,there are many comments shows the effectiveness of the training.Such as“It was an opportunity to experience my own role in an incident response,”and“Although there was a scenario,I still think its important to practice in real”and“I keenly felt the necessity of chan

154、ging the target departments and conducting regular training exercises.”It is not enough for a single Business division to conduct training just once.Rather,it is important to repeatedly conduct training that involves other Business divisions.We will take the findings and issues learned from this tra

155、ining and utilize them in the next training.1 PSIRT:Product Security Incident Response Team2 CISO:Chief Information Security Officer3 CQE:Chief Quality ExecutiveAs an example,this section will describe the details of a training which was held in Toshiba Digital Solutions Corporation,one of our Group

156、 companies.Toshiba Digital Solutions is not only providing digital solutions in the fields of manufacturing,logistics&distribution,finance&insurance,media,power&social infrastructure,but also provides digital solutions to the government and municipal offices.During a response of an incident,there ar

157、e three important things:1.Get the correct information,2.Share these information with the relevant person/departments,3.Prioritize the response activities.If there is something wrong with the product or service which was provided to a customer,a notification will be sent from the business division t

158、o the QA division.If this problem is related to a product security incident,for example,if it was caused by a cyberattack,its necessary to contact PSIRT1 as well.At this time,the training covered the whole Response phases in the following figure.Each of the relevant departmentsthe business division,

159、the QA division,PSIRT,CISO2,CQE3,and Toshiba SIRT(Cyber Security Center)participated in this training.Additionally,we created a scenario of all necessary procedures from past experiences.Each department checked about their roles in this training,and all of the participants executed the procedures fo

160、llowing the scenario.An outline of the departments and the flow of procedures is as below.Incident response training:Implementation exampleOutline of departments participating the product security incident response training and the flow training proceduresResponse Phases Business divisionPSIRTCISOQA

161、 divisionCQEToshiba SIRTDetection&triageInitialresponseInvestigation&analysisCountermeasures&recoveryPost-incidentresponseProblem occurrencenotificationPSIRT notificationReport oninvestigation status&response workWork progress sharing,countermeasure meetings,customer reportsSituation confirmation,ca

162、se study implementationRequest forverification of cause&countermeasuresCountermeasureimplementationprogress reportSecurityCommitteerequestSecurityCommitteecoordinationIncident reporting(intermediate)IncidentmanagementIncident reporting(final report)Incidentreporting(end)Holding of Cybersecurity Comm

163、ittee meetingDeliberation on investigation results and response&recovery policyVerification of problem details&instructionVerification ofproblem detailsIncidentreporting&verificationIncident reporting(initial report)Incidentmanagement(start)Determination of initial response system and initial respon

164、se policyDeclaration of incident response closureIncidentjudgment&instructionP16Chapter1Toshiba Groups Cyber Security Report 202316Personnel typesLevelsSecurityadministrationSpecialistsPlanners and managersGeneral personnelSecurity traineesSecuritymanagementSecurityoperationsSecuredevelopmentRolesQu

165、alities required for security personnelThis section describes Toshiba Groups programs for the development of cyber security personnel.Our initiatives are threefold:1)defining personal qualities required for security personnel,2)provision of security training programs based on this definition,and 3)a

166、 security certification program to qualify the employees who possess the required knowledge,expertise,and practical skills in the field of cyber security.Human Resources DevelopmentFor each combination of security personnel level1 and security personnel type2,the roles that must be fulfilled are def

167、ined in terms of the personal qualities required for security personnel.Toshiba Group also has a security certification program to certify such security personnel.Certification criteria include attendance of designated internal and external security education courses,acquisition of Registered Inform

168、ation Security Specialist certification or other security-related certifications,and suitable job experience for performing the defined role.To date,roughly 2,000 employees have received certification.Personal qualities required for security personnel and security certification program1 Security per

169、sonnel level:Ranges from specialists who possess advanced skills to security trainees,including personnel with added security knowledge(personnel whose main job responsibilities do not explicitly include security measures,but who have sufficient cyber security literacy to engage in the type of work

170、that entails security risk unless sufficiently secured).2 Security personnel type:Classified into business administration,management,development,and operations concerning cyber security (see Skill Standards for IT Professionals ITSS,compiled by the Information-technology Promotion Agency,Japan IPA).

171、P17Chapter1Toshiba Groups Cyber Security Report 202317In order to prevent information leakage,each employee must acquire the knowledge necessary to properly handle the information encountered in daily work and be keenly aware of security threats such as targeted attacks and security considerations f

172、or teleworking.Additionally,to ensure the security of products provided to customers,all employees involved in products,such as sales,procurement,design,development,quality,and maintenance personnel,must understand the seriousness of product security vulnerabilities.Furthermore,personnel must unders

173、tand the importance of preventing the introduction of vulnerabilities at the product development stage and promptly addressing security vulnerabilities found in products that have already been shipped,and must put this understanding into practice.Therefore,to raise the security awareness and literac

174、y of each and every one of our personal,we conduct annual Group-wide compliance education training(information security/personal information protection and product security education)for all executive officers and employees of Toshiba Group.These training programs are available in multiple languages

175、 for overseas employees.We also provide personnel with hierarchical education programs at career milestones,such as when they join the company or when they receive a promotion,according to their various roles.In addition,Toshiba Group also provides education and training corresponding to the various

176、 roles defined according to the personal qualities required for security personnel.Toshiba Group also conducts e-learning courses on the basics of information and product security,the importance of supply chain security,threat analysis,and secure development techniques.Other training programs includ

177、e hands-on training to help personnel acquire practical skills for vulnerability testing,training courses to develop specialists and highly skilled personnel capable of responding to vulnerabilities and security incidents promptly,and product security courses for managers responsible for improving s

178、ecurity quality at the time of product development.We also send personnel to external practical training programs,such as the Core Human Resource Development Program offered by the Industrial Cyber Security Center of Excellence(ICSCoE)of the Information-technology Promotion Agency of Japan(IPA).Furt

179、hermore,we carry out several other initiatives such as training programs designed to promote the use of acquired knowledge and skills in daily work(e.g.,incident response training)and a security contest for Toshiba Group employees that aims to introduce,spread,and strengthen security-related skills.

180、This security contest has been held annually since 2020 and has approximately 70 participants from various departments each year.It is conducted as a quiz-style contest in which participants strive to answer problems prepared by the organizer,and it is becoming established as an opportunity to acqui

181、re and test security skills.Security education programse-learningSecurityadministrationSpecialistsPlanners andmanagersGeneralpersonnelSecuritytraineesSecuritymanagementSecurityoperationsSecuredevelopmentRolesGroup-wide compliance educationGroup-wide hierarchical educationPractical trainingprogramsSe

182、curity contestEducationprogramsby roleP18Chapter1Toshiba Groups Cyber Security Report 202318Toshiba Group provides data services.Public demand for privacy protection is growing as the utilization of personal data expands.Prior to the launching of a business using personal data,Toshiba Group has esta

183、blished a system and rules for the identification and evaluation of privacy risks.Minimizing privacy risks is crucial for using personal data for business purposes.Toshiba Group will also educate its employees on privacy protection in order to raise their awareness about privacy.Privacy Governance I

184、nitiativesPrivacy statementToshiba has an external advisory board on privacy consisting of external,independent specialists in order to receive advice from a neutral and fair perspective.External advisory board on privacyThrough our data service business,Toshiba Group is implementing a strategy to t

185、urn that data into forms that have value and realize our vision of a society in which people can effectively utilize that data in their various activities beyond the framework of business operations,etc.Based on this strategy,Toshiba has established and released the“Toshiba Group Privacy Statement”i

186、n anticipation of our proactive use of data in future Group business operations and in our efforts to strengthen governance of personal data.This statement declares our management stance regarding the use of personal data in our data service business.Publication of privacy statement Privacy governan

187、ce:Establishing and implementing a system for proper management of privacy risks and organizational efforts for privacy issuesToshiba Group protects personal data obtained from its stakeholders in the course of business activities appropriately,recognizing that personal data is an important asset of

188、 each stakeholder and also an important asset for Toshiba,leading to creation of new value.Personal Data ProtectionTo properly manage and handle personal data,Toshiba has established the Toshiba Personal Data Protection Program.Its group companies have also established similar programs.To observe an

189、d implement the rules defined in the regulations,the cyber security management system composed of all divisions of the company is promoting personal data protection(see page 10).Toshiba also educates all officers,regular employees,and temporary staff every year about the handling of personal data an

190、d safety management practices.Establishment of in-house regulations and a management system,and educationTo identify personal data owned by each organization,Toshiba maintains and periodically checks and updates its personal data management database.We assess the risks involved based on the contents

191、 and volume of personal data and manage them accordingly.We also conduct a self-audit concerning personal data protection and take corrective action if any improvements are required.Identification and management of personal dataWhen the handling of personal data is contracted out,the outsourcer will

192、 be held responsible for inadequate supervision of the outsourcee in the event of leakage of any personal data.After cases of data leakage from outsourcees were reported in the press,protection of personal data became a social issue.Since then,outsourcers have been required to supervise outsourcees.

193、Toshiba Group stipulates the rules and guidelines for the selection of outsourcees so that only those capable of properly safeguarding personal data will be selected.Toshiba Group periodically ensures that personal data are properly managed and handled by outsourcees.Selection and supervision of out

194、sourcees entrusted with the handling of personal datahttps:/www.global.toshiba/ww/cybersecurity/corporate/privacystatement.htmlP19Chapter1Toshiba Groups Cyber Security Report 202319In recent years,many countries have enacted or revised legislation on personal data protection.In Toshiba Group,regiona

195、l headquarters in the United States,China,Europe,and Asia are spearheading compliance activities according to the business risks involved.Compliance with Overseas Laws and RegulationsIn order to comply with the EU GDPR,Toshibas regional headquarters in Europe and other Toshiba Group companies implem

196、ent various measures,including employee education,establishment of in-house regulations,and data mapping.Following the withdrawal of the United Kingdom from the EU,the transition period ended at the end of December 2020.Prior to the end of the transition period,European subsidiaries and Japanese gro

197、up companies of Toshiba Group concluded the Toshiba Intra-Group Data Sharing Agreement(IGDSA)in October 2020 in order to establish a contractual basis for the cross-border sharing of personal data.Compliance with the General Data Protection Regulation(GDPR)After the China Cyber Security Law that cam

198、e into effect in June 2017,China enforced the Data Security Law(DSL)in September 2021,followed by the Personal Information Protection Law(PIPL)in November 2021.In response,Toshibas regional representative subsidiary in China is collecting information about the new laws while developing templates for

199、 in-house regulations,contracts,and training materials to be provided for the local subsidiaries.Compliance with Chinas Personal Information Protection Law(PIPL)In Thailand,the Personal Data Protection Act(PDPA)came into effect in June 2022.To ensure that local subsidiaries comply with the PDPA,Tosh

200、ibas regional representative subsidiary for the Asian region has created templates for in-house regulations,contracts,and training materials and provided them for the local subsidiaries.Compliance with Thailands Personal Data Protection Act(PDPA)P20Chapter1Toshiba Groups Cyber Security Report 202320

201、Chapter2In order to enhance cyber security,Toshiba has consolidated information and product security functions that were separately promoted before.This chapter describes Toshiba Groups initiatives for enhancing cyber security,divided into security measures for internal IT infrastructure and securit

202、y measures for products.Here,internal IT infrastructure includes factories and other production facilities in addition to PCs,servers,networks,and other equipment within Toshiba Group.Cyber Security InitiativesAs cyberattacks are becoming increasingly sophisticated and ingenious,Toshiba Group is com

203、mitted to proper management of customers information assets.At Toshiba Group,the SOC is responsible for the prediction and detection of security threats while the CSIRT is dedicated to the response to and recovery from cyber security incidents.In addition,all the organizations of Toshiba Group in Ja

204、pan and abroad perform an annual self-audit and security assessment and receive guidance.Security Measures for Internal IT InfrastructurePrediction&DetectionPreviously,Toshiba Group prioritized the deployment of firewalls,intrusion prevention systems(IPS),and proxies at the Internet gateway to preve

205、nt attackers from breaching an internal network because all information assets to be protected used to be located only in the internal network.However,in view of the increasing reliance on public cloud services as a means of improving work efficiency and promoting work style innovation,the boundary

206、between internal and external networks is becoming obscure.In addition,cyberattacks have shifted from random attacks on mass targets to targeted attacks on one specific organization designed to steal its confidential information or disrupt its business,exposing enterprises to an increased risk of cy

207、berattacks.Under these circumstances,Toshiba Group is strengthening the following measures to detect security risks promptly and accurately and respond to them immediately:Enhancing Prediction and Detection Expanding the scope of monitoring to cover not only IT systems but also factories and custome

208、r services Detecting not only external cyberattacks but also the internal spread of cyber intrusions and suspicious activities Standardizing and automating responses in the event of an alert being detected Risk-based security management using external threat intelligenceToshiba Groups Cyber Security

209、 Report 202321UtilizationScope ofmonitoringAutomaticprotectionLogmonitoringPreventionCyber threatintelligenceInternetInternal networksFirewallInformationsystemsTOSHIBA-SIRTIncidentresponseSOCMonitoring ofsecurity threatsProductionfacilities&factoriesProducts andservices forcustomersProxyEmail gatewa

210、yIPS/WAFFirewallInternetDMZInternal network!Anti-virus sofwarePrevention and removal of malware using anti-virus sofware and EDR,NGAV3 toolsMonitoring ofcommunicationsDetection and blockingof cyberattacksVarious systems prevent malware fromentering the internal networkMalwarequarantineMalwareremoval

211、NetworksegregationCloudSecurity prediction and detection provided by the SOCToshiba Group is installing EDR tools on all PCs and servers in Japan and abroad,which are capable of detecting and blocking unknown malware that cannot be blocked by antivirus software as well as sophisticated cyberattacks

212、that cannot be detected at the Internet gateway.Introduction of EDR tools Detecting and blocking suspicious behavior of endpoints due to the infection of unknown malware that cannot be detected by existing anti-virus software Ability of the SOC to remotely quarantine the infected computers without d

213、isconnecting them from a network and remove security threats Tracking the causes and scope of damage from the collected operating log Using external threat intelligence to grasp endpoint vulnerabilities and implement countermeasure SIRT(Security Incident Response Team):Has both CSIRT and PSIRT funct

214、ions SOC(Security Operation Center):An organization that monitors networks and devices 24/7/365,detects and analyzes cyberattacks,and provides advice about how to respond to them Firewall:A security barrier that controls communication ports to prevent sofware from performing unintended communication

215、s Gateway:Hardware or sofware that interfaces one network to another Proxy:A computer system that acts as an intermediary for communications between the Internet and an internal network Intrusion prevention system(IPS):A device or sofware that detects and blocks an intrusion into an internal network

216、 Web application firewall(WAF):A form of firewall that detects and blocks cyberattacks attempting to exploit vulnerabilities of Web applicationsIntroduction of EDR tools NGAV（Next Generation Anti-Virus）DMZ(demilitarized zone):A subnetwork added between an organizations secure internal network and an

217、 untrusted external network such as the Internet1 Endpoints:PCs,servers,and information devices connected to a network2 Endpoint detection and response:Detection of and response to security threats at endpointsEnhancing the Security of Endpoints1 Using EDR2 ToolsPrediction&DetectionChapter2Toshiba G

218、roups Cyber Security Report 202322Handling of suspicious emailsPrevention of accessto malicious websitesInternetProxyProxyIPS/WAFRemoteaccessserverDMZInternal networkSecure networkconnections fromoutside locationsSecure informationsharing withexternal partiesSecure use of cloudcomputing servicesMalw

219、are search,spam filtering,and maliciousbehaviordetectionPrevention ofinformationleakageAuthentication/SSL communicationRunning amalware scan on filesMonitoringcommunicationsBlockingunauthorizedcommunicationsDedicatedcloudenvironmentBlockingcommunicationswith other companiesDedicatedconnectionenviron

220、mentWeb serverFile-sharingsystemSending andreceiving dataSending andreceiving dataBlockingriskywebsitesDownloadingsafe filesForwardingsafe emailsUploading anddownloadingSecure access to internal informationURL filtering and malware scan of downloaded filesEmailfilterMultifactorauthentication andcomm

221、unicationencryptionSecurity measures for Internet connection points DMZ(demilitarized zone):A subnetwork added between an organizations secure internal network and an untrusted external network such as the Internet Proxy:A computer system that acts as an intermediary for communications between the I

222、nternet and an internal network Intrusion prevention system(IPS):A device or sofware that detects and blocks an intrusion into an internal network Web application firewall(WAF):A form of firewall that detects and blocks cyberattacks attempting to exploit vulnerabilities of Web applications Spam:Unso

223、licited junk emails sent in bulkToshiba Group uses protective measures for both external cyber threats from virus-infected emails and internal threats of information leakage.To counter the inflow of harmful malware from an external environment,Toshiba Group employs behavior detection,sender domain a

224、uthentication,and spam filtering to execute email attachments and email-embedded links in a safe environment.Consequently,Toshiba Group blocks hundreds of thousands of suspicious emails per day.In order to prevent information leakage from inside,Toshiba Group has implemented a tool to encrypt email

225、attachments and prevent erroneous email transmissions,and has implemented email monitoring for external domains.Handling of suspicious emailsToshiba Group uses proxy servers to reduce the risk of accessing malicious websites on the Internet while employing a malware checker and a URL filter and moni

226、toring logs to prevent access to such websites.In the event of suspicious network activity,the computer concerned is identified from an access log.If access to particular websites is necessary for work purposes,it is permitted via user authentication so that access restrictions do not impede busines

227、s.Preventing access to malicious websitesToshiba Group observes tens of millions of attempted cyberattacks per day.To detect and block cyberattacks,Toshiba Group has security devices such as Web application firewalls(WAFs)and intrusion prevention systems(IPS)at the interface between internal and ext

228、ernal networks.This section describes our countermeasures for various security risks implemented at the Internet connection points.Security Measures for Internet Connection PointsSecuritybydesignChapter2Toshiba Groups Cyber Security Report 202323Toshiba Group makes the most use of websites to share

229、and disseminate information to external parties.Access control and malware scanning allow us to securely exchange files with customers and suppliers.Our websites and servers that allows public access are subjected to periodic security assessment while security measures are promptly implemented to ch

230、eck for vulnerabilities and protect against increasing cyber threats.Secure information sharing with external partiesAs cloud computing services are increasingly employed to improve work efficiency,the risk of information leakage,unauthorized access,and wrong settings increases.To alleviate this ris

231、k,Toshiba Group has established a secure private cloud environment in order to protect sensitive information from various threats.To use public cloud services,users are required to submit an application.We permit the use of public cloud services only when their security policy meets our requirements

232、.Toshiba Group periodically checks whether there are any changes to the service features and methods used.In addition to these common security measures,the operating sites that have their own Internet connection points monitor the settings and logs of security devices.For protection from cyberattack

233、s,Toshiba Group employs not only common measures but also additional measures according to the importance of business and information.At present,these measures are primarily designed for information systems.In the future,we will leverage such expertise to enhance the security of our factories and cu

234、stomer services.Secure use of cloud computing servicesToshiba Group provides salespersons and those on business trips with an environment that allows their PCs and smartphones to securely connect to the internal network via the Internet at hotel rooms and elsewhere.Multifactor authentication is used

235、 to prevent unauthorized access while all user communications are encrypted.In addition,virtual desktops are utilized for telework and working from home(WFH)as a means of promoting work style innovation.Secure network connections from outside locationsChapter2Toshiba Groups Cyber Security Report 202

236、324!ReportingCommunicationand alertsProvision ofinformationCyber threatintelligenceExternalorganizationsTOSHIBA-SIRTIncident handling,etc.SOCMonitoring and analysisof devices,gateways,etc.SecurityfirmNotification and support forsecurity response processes(secondary)Notification and support forsecuri

237、ty response processes(primary)Detectionof an alertEnforcement of security measuresCoope-rationEach division of Toshiba,key group companies,and other group companiesCSIRTEachdivisionSystem/service contactOutline of the security incident response procedureResponse&RecoveryAs per the cyber security man

238、agement system,a CSIRT is organized in each division of Toshiba,key group companies,and all the subsidiaries operating under their controls worldwide so as to be prepared to respond accurately and promptly in the event of a security incident.When an alert is detected,the SOC directly notifies the CS

239、IRT of each division and group company of the alert in order to respond promptly while acting in concert with the TOSHIBA-SIRT.Security Incident ResponseCSIRT:Computer Security Incident Response TeamThe CSIRTs of the division and of the group company supervising a given system are responsible for de

240、aling with the security vulnerabilities and incidents involving that system.They ensure the implementation of various security measures to fix vulnerabilities and other issues and respond to security incidents in cooperation with IT and manufacturing departments.The TOSHIBA-SIRT is responsible for c

241、oordinating with each CSIRT to ensure that various security measures are properly implemented across the entire Toshiba Group and for minimizing damage in the event of a security incident.In particular,the TOSHIBA-SIRT deals with security incidents involving email and other shared systems,provides s

242、upport for each CSIRT,and addresses security incidents that require cooperation of multiple divisions.Roles of the CSIRTSecurity incidents include website tampering,targeted emailing,spam influx,unknown malware infection,and malware spreading.For all types of potential security incidents,the TOSHIBA

243、-SIRT has predefined response procedures,which are continually reviewed and improved through training and actual response to security incidents.After dealing with a security incident,the TOSHIBA-SIRT identifies its root cause and implements an improvement measure to prevent recurrence of similar inc

244、idents.Security Incident ResponseTo respond 24/7/365 to vulnerabilities and incidents promptly and accurately,Toshiba Group is now automating the response to vulnerability information,cyber threat intelligence,and security alerts.We have categorized security information and alerts and developed rout

245、ine response patterns,ensuring that any security incident can be handled by anyone,anytime.Furthermore,our automation initiatives include analyzing the relationships among the detected security alerts and cyber threat intelligence,identifying the root causes of the alerts,and establishing optimum re

246、sponse procedures.Automation initiativesChapter2Toshiba Groups Cyber Security Report 202325Internal networkFirewallEmail gatewayWeb proxyServerTarget serverFirewallFirewallServerServerPCPCRed TeamTarget serverTarget serverOperating siteFirewallManufacturinglineInternetOutline of attack and penetrati

247、on assessmentReview of security measuresAnalysis of attack evaluation resultsSelection of evaluation targets&attack methodsPerformance of attack evaluationVerificationtargetenvironmentChange ofFW settingSite AInternetAttackmanagementplatformVerificationtargetenvironmentOficeSite BAttacklogFWlogAV/ED

248、RlogNo.ofexecutionsNo.ofprotectionsNo.ofdetectionsIDTA0001TA0002TA0003ExecutionSuccessProtectionDetectionNameInitial AccessExecutionPersistenceOverallBreakdown:By MITRE ATT&CK TacticsAV:Antivirus,EDR:Endpoint Detection and Response,FW:FirewallDMZAttacklogFWlogAV/EDRlogAV/EDRExecutionof attackInstruc

249、tionACTPLANCHECKDOIn the use of attack simulation tools,simulated cyberattacks equivalent to those in the real world are carried out between devices in the verification target environment,the examiners check whether security measures such as network security and endpoint security work properly,and w

250、e verify the effectiveness of Toshiba Groups security measures and make improvements.1 Red Team:An independent team that provides real-world attack simulations designed to assess the efectiveness of security systems and measures of an organization2 BAS:Breach and Attack Simulation Targeted attacks f

251、ocused on stealing customer or confidential information from a specific company or organization are increasing.In the face of these increasingly sophisticated cyberattack threats,Toshiba Group regularly undergoes attack and penetration assessment by the Red Team1 of a specialized cyber security firm

252、 and examines security measures using attack(BAS2)tools in order to validate the effectiveness of our security measures.In this attack and penetration assessment,the Red Team attempts to infiltrate Toshiba Groups network using the same advanced tactics and techniques of actual hackers,in order to de

253、termine whether it is possible to reach a predetermined target server through a simulated attack.This also allows us to verify the effectiveness of the current security measures,identify potential weaknesses to cyberattacks,and consider additional measures.Advanced Attack and Penetration Assessment

254、from Hackers PerspectiveEvaluation&VerificationChapter2Toshiba Groups Cyber Security Report 202326Report onself-audit resultsAssessmentReport onself-audit resultsAssessmentSelf-auditSelf-auditCISO(Secretariat:Cyber Security Center)Toshibas divisions andkey group companiesToshiba Group companiesDoAct

255、ionPlanCheck(Self-audit)Check(Assessment)PDCA cycle based on a self-audit and assessmentSelf-audit and assessment conducted by the entire Toshiba GroupAs Toshiba Group operates in various business sectors,it is important for each division to establish an iterative PDCA cycle on its own in order to e

256、nsure the information security of the entire group.Therefore,each division conducts a self-audit every year to determine whether it conforms to the internal rules and endeavors to correct problems,if any.Self-Audit and Security AssessmentEvaluation&VerificationThe Cyber Security Center(secretariat)a

257、ssesses the results of the self-audit and improvement activities of each division and provides guidance and support if corrective action is necessary.Toshiba Group companies in Japan and abroad conduct a self-audit every year.The Cyber Security Center assesses its results from a third-party perspect

258、ive to evaluate its validity so as to help enhance the information security level of each group company.Chapter2Toshiba Groups Cyber Security Report 202327Prevention ofcyber threatsPrompt detectionof threatsExpediting responsesto threats Grasping attack trends,etc.to formulate subsequent security me

259、asures Using threat intelligence to obtain cyber security budgetsApplication to future strategies Grasping of attack campaigns Prevention of threats using IoCinformation Collection of vulnerability information about Toshibas systems and products Detection of fake domain names and websites Detection

260、of leakage of sensitive information Tracing of evidence using IoC information Obtaining additional information about security incidents Checking intelligence about malware Checking intelligence about suspicious serversEmergenceof threatsUtilization of cyber threat intelligenceIoC：Indicator of Compro

261、miseToshiba Group actively utilizes cyber threat intelligence to enhance the sophistication of its security operations.Threat intelligence collectively refers to all types of intelligence data about attacks by hackers,trends in cyber threats,security vulnerabilities,etc.that can be used for the prev

262、ention and detection of cyber threats.Toshiba Group obtains cyber threat intelligence from various sources,including public organizations and external threat intelligence service providers.We utilize such threat intelligence to analyze possible impact on Toshiba Group and its urgency and employ prox

263、ies,firewalls,EDR tools,etc.as necessary.Threat intelligence helps prevent cyber threats to Toshiba Group and to promptly detect and respond to cyber threats if they materialize.In addition,we use intelligence about cyberattack trends to formulate future security strategies.Utilization of Cyber Thre

264、at IntelligenceSecuritybydesignResponse&RecoveryEvaluation&VerificationPrediction&DetectionChapter2Toshiba Groups Cyber Security Report 202328SecuredevelopmentmanagementHandling ofvulnerabilityinformationSupplychainsecurityHumanresourcedevelopmentQualityProcurementLegal AffairsPublicRelationsGroup-l

265、evelPSIRTCEO and CRO of keygroup companiesKey group companiesCyber Security CommitteeCISO of keygroup companiesStrategies and governanceSecurity proposals and contractsSecure developmentFundamental technology developmentand R&D divisionsCEO and CRO of keygroup companiesCEO/CROProduct security manage

266、ment systemFocus areasPSIRT/supervisorDecision-makingDivisionsDivision-level PSIRT/supervisorDesign&developmentdivisionDepartment-level PSIRT/supervisorDivisionsDivision-level PSIRT/supervisorDesign&developmentdivisionDepartment-level PSIRT/supervisorDivisionsDivision-level PSIRT/supervisorDesign&de

267、velopmentdivisionDepartment-level PSIRT/supervisorDepartment-level PSIRT/supervisorFormulation of rules and regulations;rollout of,and assistance in responding to,vulnerability information;assistance in responding to product security incidents;human resources development,etc.Security proposals,quota

268、tions,contracts,announcements about security vulnerabilities,etc.Secure design,secure implementation,security tests,response to security vulnerabilities,response to product security incidents,etc.Toshiba Group engages in various initiatives to ensure the security quality of the products we provided

269、to our customers.In addition,Toshiba Group has established a product security incident response team(PSIRT)system to promptly respond to vulnerabilities found in its products in cooperation with external organizations.In order to ensure the security of the products we provide to our customers,we hav

270、e established a product security management system as part of our cyber security management system.Under this product security management system,the PSIRT collaborates with quality assurance and procurement departments to ensure the security of product development processes as well as the security o

271、f third-party products used in Toshiba Groups products.Initiatives for Enhancing Product SecurityToshiba Group has redefined four focus areas to strengthen its product security,considering the recent trends in product security and the situation of Toshiba Group,while setting mid-term objectives and

272、visualizing the extent of their achievement.Based on this definition,Toshiba Group has devised plans to enhance its product security preparedness according to risk-based priorities.Toshibas product security management system covers all group companies.This product security management system makes it

273、 possible to effectively communicate group-wide measures to all business units and product design and development divisions of each group company while endeavoring to achieve autonomous operations of each group company promptly.Devising plans to enhance product security preparednessSecurity Measures

274、 for Products,Systems,and ServicesSecuritybydesignChapter2Toshiba Groups Cyber Security Report 202329ProductsecuritychecklistGuidelines Procedures Common guidelines Expertise Know-howStandard tools recommended Evaluation and verification functions Support functionsDisposalUseImplementation&inspectio

275、nManufacturing&testingDesign&developmentDefinition of requirementsInquiry Notification of potential information leakage risk when a product is disposed of or transferred to another party Collection of vulnerability information System mana-gement and agreement with customers Product safety Go/no-go c

276、riteria for shipment Source code vulnerabilities Vulnerability test Static source code analysis tool Network control Known vulnerabilities Analysis of potential cyber threats and consideration of countermeasuresGuidelines for the analysis of security threatsGuidelines for the analysis of security th

277、reats Requirements for procurement Applicability of laws and regulations Risks Guidelines for vulnerability inspection Guidelines for security functional verification Guidelines for secure coding Guidelines for contracts Guidelines for procurementGuidelines for use of product security checklist Tool

278、 for inspection of platform vulnerability Tool for inspection of web application vulnerability Tool for inspection of control system vulnerability Preparation of product security checklist,guidelines,and standard recommended toolsToshiba Product Security Quality Assurance Guidelines for Suppliers(So

279、ftware Edition)Toshiba Group is preparing product security checklists that summarize the security requirements to be checked at each product development stage as well as common guidelines and standard recommended tools for Toshiba Group corresponding to each of the checklists.They serve to remind pr

280、oduct developers not to miss anything that should be considered in terms of security and help ensure consistent security responses regardless of differences in the experience,expertise,and proficiency of individual staff members.As part of the menu of evaluation/verification functions,Toshiba Group

281、will provide the standard recommended tools and related support services that will come in handy when going through the checklists.Preparation of product security checklist,guidelines,and standard recommended toolsIn collaboration with business partners,Toshiba Group develops a wide variety of produ

282、cts,including social infrastructure products,and provides them to customers.Once an incident occurs in a product,it can have a major impact not only on customers,but also on society as a whole.In order to ensure product security,we believe it is important to implement risk-based operations and carry

283、 out security measures across the entire supply chain,including our business partners.In order to objectively judge the security risks of products,we have defined the“Criteria for Security-Critical Products”for determining whether they have potential to develop into major crisis risks that will grea

284、tly impact society,such as products for critical infrastructure as defined in the“Cybersecurity Policy for Critical Infrastructure Protection”established by the National center of Incident readiness and Strategy for Cybersecurity(NISC)and products that handle personal information,and we have made it

285、 a rule to assess products according to these criteria at the time of procurement.We are also preparing security guidelines to help suppliers understand Toshiba Groups approach to product security and to solicit their cooperation in ensuring the provision of secure products.These guidelines define s

286、pecific security requirements for suppliers in three areas:1)suppliers security management system,2)software product development deliverables,and 3)outsourced operation services.By providing these guidelines to suppliers from the moment of entering into business relations with them,we make clear the

287、 security requirements of Toshiba Group.Through these efforts,Toshiba Group is working to strengthen product security throughout the entire supply chain.Initiatives to strengthen product security in the supply chainChapter2Toshiba Groups Cyber Security Report 202330TOSHIBA-SIRTGroup companiesToshiba

288、Key group companiesEach divisionPSIRT ofkey group companiesSources of vulnerabilityinformationToshiba GroupDevelopment&maintenancepersonnelExternalorganizations2UsersExternalthird partiesWebsites,press reports,etc.Announcement ofvulnerabilitiesCustomersToshibaswebsitesExternalannouncementwebsiteTosh

289、iba Group has a product vulnerability response system in place to provide a prompt and consistent response to vulnerability information,contributing to reducing the business risk of customers using its products,systems,and services.As a member of the Information Security Early Warning Partnership es

290、tablished as per the Standards for Handling Software Vulnerability Information and Others,a directive of the Ministry of Economy,Trade and Industry(METI)of Japan,Toshiba Group actively collects vulnerability information in cooperation with external organizations.In June 2021,Toshiba Group joined the

291、 Common Vulnerabilities and Exposure(CVE)1 program as a CVE Numbering Authority(CNA)so as to be able to respond to vulnerabilities found in its products more promptly.In addition,Toshiba Group has established the Product Security Risk Handling Manual,in-house regulations that describe specific proce

292、dures for handling vulnerability information so that vulnerability information is dealt with in a consistent manner across Toshiba Group.We also provide all employees with an e-learning program to raise their awareness of security throughout the product life cycle.Prompt and Reliable Response to Sec

293、urity Vulnerabilities Toshiba Groups vulnerability handling systemThe TOSHIBA-SIRT is responsible for handling information about the vulnerabilities of the products,systems,and services offered by Toshiba Group.The TOSHIBA-SIRT serves as a sole channel of contact for internal and external parties re

294、garding the handling of vulnerability information.The TOSHIBA-SIRT provides prompt and consistent responses to vulnerability information in cooperation with the PSIRT of key group companies of the Group.If any vulnerability could have a severe impact on customers businesses,Toshiba Group announces a

295、nd deals with the vulnerability in an appropriate manner,taking social impact into consideration.Vulnerability handling systemResponse&Recovery1 CNA:An organization that assigns CVE IDs to the vulnerabilities found in a predefined range of products and publishes CVE Records on these vulnerabilities

296、http:/www.cve.org/About/Overview2 External organizations:JPCERT/CC,JVN,ICS-CERT,etc.Chapter2Toshiba Groups Cyber Security Report 202331Vulnerabilityinformationdatabase(external)IncidentmanagementfunctionMatching&impact estimationRequestResponseManagement&follow-upTransmission ofvulnerabilityinformat

297、ionProgressupdatesRegistrationConfigurationinformationmanagementfunctionConfigurationinformationVulnerabilityinformationmanagementfunctionVulnerabilityinformationCollectionSIRT Assistance SystemPSIRT of a key group companyTOSHIBA-SIRTProduct divisionsSummary of the SIRT support systemWhen vulnerabil

298、ity information is received from an external source,the key group company concerned needs to identify the affected products,determine the level of impact,and accordingly take necessary action.To cope with ever-increasing product vulnerabilities,Toshiba Group has developed the SIRT Assistance System,

299、leveraging its expertise in vulnerability handling.Product divisions utilize this system with the aim of providing prompt and reliable handling of vulnerability information.Vulnerability handling processChapter2Toshiba Groups Cyber Security Report 202332(Figure 2)Example of an operators organization

300、al structure(in the case of power transmission and distribution)(Figure 1)Security training system(Figure 3)Trainees action in the trainingCompetent Authorities,NISC IPA,JPCERT/CC,etc.CISO(Management)SIRT(Risk Management Department)SOC(Information Systems Department)MaintenanceDepartmentOperationsDe

301、partmentReporting/InstructionReporting/InstructionReporting/InstructionOperatorsTarget for training(example)Contact&cooperation requestReporting/InstructionAnomalydetection&cooperationrequestFacility management/maintenance personnelReportingReportingPerson responsibleManagerOrganization of the power

302、 transmission and distribution company assumed in the training.Contractors Toshiba,etc.P32To meet the security requirements in the fields of energy,social infrastructure,electronic devices,etc.,Toshiba Group provides various products,systems,and services for cybersecurity.Offering of Secure Products

303、,Systems,and Services1 Large-scale blackouts caused by cyberattacks on electric power companies2 Gas pipeline shutdowns due to ransomware attacksPreviously,control systems for critical infrastructure such as electricity,gas,and water supply were designed and operated as closed networks that were phy

304、sically separated from office networks,and since customized communication protocols are often adopted,cybersecurity is something that has been considered unrelated to these systems.In recent years,however,with the expansion of the networking on these control systems,the adoption of standard protocol

305、s,and the rapid advances in information and communication technology,the scope of cyberattacks1,2 has expanded to include such control systems.For control systems,integrity and availability are vital to ensure stable and reliable operation of system;and so,in addition to responses and countermeasure

306、s to prevent cyberattacks,it is necessary to minimize the impact in the event of a cyberattack and to recover as soon as possible.To this end,we have developed a security training system for infrastructure operators to help them respond to cyberattacks on control systems(Figure 1).This training syst

307、em uses a control system simulator to allow operators and supervisors in the operation department to experience what a cyberattack on the control system looks like.Assuming the organization shown in Figure 2,through inter-organizational communication between the operations department,the risk manage

308、ment department(Security Incident Response Team SIRT),the information systems department(Security Operation Center SOC),and the maintenance department,we monitor and analyze threats to the system,and provide training on how to respond to cyberattacks,identify and eliminate the causes,and recover fro

309、m cyberattacks.By using a simulator,our training system can implement various scenarios such as DoS attacks and ransomware with the possibility of accidents and failures,without the actual control system(Figure 3).Trainees can actually experience what it is like to deal with various types of cyberat

310、tacks that havent been realized without a simulator before,and can learn how to respond to incidents in a precise and organized manner.We will continue to promote the provision of services using this training system to operators in the energy sector,expand the incident scenarios that strengthen SIRT

311、 and SOC response training,and strive to provide wide-ranging contributions to human resource development such as improving security knowledge and incident response capabilities.Cybersecurity training service for energy businessesToshiba Energy Systems&Solutions CorporationToshiba Groups Cyber Secur

312、ity Report 202333In addition to the IoT networking of factories,the use of the IoT has been increasing recently in R&D fields,as typified by materials informatics,a field of study in which cloud computing is used to accelerate and improve the efficiency of the R&D of materials as the IoT helps enhan

313、ce the analysis capability and facilitate the shared use of measurement data and research systems.Since the COVID-19 pandemic has made teleworking the new norm for all employees,it has become essential to connect research systems to a network.However,unlike typical PCs,many of the PCs that control t

314、he research systems are customized,making it difficult to add new security measures to them or update their operating system.In this case,it is necessary to simply forgo the networking option or use a USB memory or other device to move data between two research systems,thereby degrading the efficien

315、cy of R&D work.In response to these circumstances,Toshiba Infrastructure Systems&Solutions Corporation has developed CYTHEMIS,a solution that enables secure networking of such research systems and thus facilitates the use of the IoT.CYTHEMIS is a packaged solution that consists of small external dev

316、ices connected to a network and a centralized management system.These small devices act as a firewall for each research system to ensure secure communication.They filter network communications between research systems,provide two-way authentication,encrypt the transmitted data,and let through only t

317、he authorized network traffic to the permitted destinations.Since these devices block unauthorized network traffic,they prevent the lateral movement of malware within the enterprise network even in the event of intrusion and thus protect research systems with potential vulnerabilities.Research syste

318、ms could also be infected with malware during maintenance work.Even in that case,the centralized management system and external devices cooperate to prevent the malware from spreading from the infected system.In this respect,CYTHEMIS plays the role of an external endpoint detection and response(EDR)

319、tool.From the perspective of a network administrator,CYTHEMIS can be regarded as a solution that enables previously unnetworkable systems to be networked without modifying the existing network environment while minimizing the workload required for security management.At first,CYTHEMIS can be used si

320、mply to transfer data within a closed environment and use research systems remotely.The use of CYTHEMIS can subsequently be expanded to use the cloud or collaborate with external parties just by modifying the settings of the management system.When IoT and CPS systems become the norm,it will become e

321、ssential to ensure exact mirroring of data between cyber and physical spaces and identify the entity at the other end of a communication.Instead of protecting the boundary of a network,CYTHEMIS authenticates all the entities involved to secure each communication,thereby contributing to the realizati

322、on of a society where IoT and CPS systems are widely used.IoT security solution:CYTHEMISToshiba Infrastructure Systems&Solutions CorporationCYTHEMISToshiba Groups Cyber Security Report 202334Data encryption(illustration)Access controlCryptographic data erasure(illustration)Key changeEncryptionToshib

323、aStorage ProductsToshibaStorage ProductsLock/UnlockOS areaUser area38801ead5c37e9Abb838801ead5c37e9Abb89797e7597ec77fc536dig4aImage of security features in storage products1 AES:Advanced Encryption Standard2 ATA:Advanced Technology Attachment3 TCG:Trusted Computing Group4 SSC:Security Subsystem Clas

324、s5 CAVP:Cryptographic Algorithm Validation Program6 MG09*CP18/16TA:MG09SCP18TA,MG09ACP18TA,MG09SCP16TA,MG09ACP16TA7 CMVP:Cryptographic Module Validation ProgramIn recent years,with the growing demand for personal data protection,the importance of information security of storage products is increasin

325、g.Toshibas hard disk drive(HDD)product lineup includes not only products for personal mobile devices,but also products designed for various fields,such as products for digital multifunction printers(MFPs)and enterprise products for data centers and other operations.We provide HDDs with appropriate i

326、nformation security technology to meet the needs of each field.Security requirements for storage products include protection and deterrence functions to prevent data leakage due to theft or loss of HDDs.A function for completely erasing all data is also required to prevent data leakage after disposa

327、l.To meet these customer requirements,we develop and provide self-encrypting drives(SEDs).Our high-capacity,high-performance nearline HDDs for cloud data centers automatically encrypt and store data when they are input.For data encryption,we use AES1,a standard encryption algorithm established by th

328、e US National Institute of Standards and Technology(NIST).Our HDDs also support access control functions using the ATA2 Security Feature Set(for ATA devices),TCG3 Opal SSC4,and TCG Enterprise SSC to prevent acquisition of protected data without password authentication.These functions achieve data pr

329、otection and leakage prevention.Furthermore,in regard to the complete erasure of data at the time of disposal,our MDDs are equipped with a technology called Cryptographic Erase that can instantly invalidate data cryptographically by changing the encryption key of the data,thereby achieving the inval

330、idation of all data without the need to overwrite it at cost.The cryptographic algorithm implemented in our HDDs has been certified by the cryptographic algorithm test CAVP5(A1637,A1638,A1645)based on the US governments FIPS PUB 140-3,guaranteeing high reliability.Moreover,for our MG09*CP18/16TA6 pr

331、oducts,we are progressing with the acquisition of CMVP7 certification based on FIPS PUB 140-3,the US governments cryptographic module certification that started in 2020,and a third-party organization carries out multi-faceted evaluation of the entire HDD unit as a cryptographic module in terms of it

332、s design,implementation,and operation.Implementation of security features in storage productsToshiba Electronic Devices&Storage CorporationToshiba Groups Cyber Security Report 202335Concept ProductDevelopment Decommissioning/end of cybersecurity support Threat Analysis&Risk Assessment Organizational

333、 cybersecurity management Semiconductor product development process Management of cybersecurity risks throughout the product life cycleCybersecurity management by projectProductionOperationsMaintenance1 CASE=Connected,Autonomous,Shared,Electric A medium-term strategy used by automakers to transform into mobility service providers.2 MaaS=Mobility as a Service;a next-generation mobility service that