August 6, 2021
Dubbed Automated Attack Path Planning and Validation (A2P2V), this new tool automatically generates cyberattack scenarios and simulates attacks that combine advanced offensive techniques to test and determine control system security status. It verifies results to identify security threats that need to be prioritized among the increasing number and range of cyberattacks.
A2P2V combines industrial control system configuration data with various publicly available attack techniques, and automatically generates and executes cyberattack scenarios that verify the strength of the system’s security. Toshiba and Peraton Labs have successfully demonstrated automated attacks in a simulated environment that revealed security flaws. By identifying industrial control systems vulnerabilities that can be attacked, A2P2V supports the identification of security threats that must be prioritised among the increasing number of cyberattacks and raises the ability to respond.
“With more and more devices connected to networks, cyber threats have now expanded to include industrial control systems and products, which traditionally operated in a safe and enclosed environment,” said Yutaka Sata, Ph.D., Corporate Officer and Director of Corporate Research & Development Centre, Toshiba Corporation. “Toshiba provides various products and solutions for critical infrastructure, and is responsible for keeping them secure even if they are connected to external networks. With A2P2V and other security technologies, Toshiba will ensure their robustness against evolving cyberattacks.”
“With the increasing volume and sophistication of cyberattacks, the ability to create novel attack scenarios and prioritize threats is essential for protecting critical infrastructure and industrial control systems,” said Petros Mouchtaris, Ph.D., president, Peraton Labs. “As a leader in cyber research, Peraton Labs looks forward to the continued development of innovative tools and solutions to defend industrial, military and commercial infrastructure from complex, multi-faceted attacks.”
Toshiba and Peraton Labs presented the tool at Black Hat USA 2021 Arsenal and shared a sample of the code. By opening the source, Toshiba and Peraton Labs look forward to collaboration with the cybersecurity community and organizations in the creation of value through open innovation.
Categories : Products and Technology