Example: dental hygienist

The Cyber/Physical Security Framework (Draft) - …

The Cyber/Physical Security Framework (Draft). Cyber Security Division Commerce and Information policy Bureau Ministry of Economy, Trade and Industry Table of contents Preface Settling on the Cyber/Physical Security Framework 1. Introduction - Changes of Scenery over Cyber Security .. 1. Society realized by and Connected Industries .. 1. Increase of threats from cyber attacks .. 4. 2. Concept of the Cyber/Physical Security 6. Purpose of developing the Framework .. 6. Concept of the Framework structure .. 7. Structure of the Framework .. 11. 3. The Cyber/Physical Security Measures ..12. [The First Layer] Security measures for connections between companies (conventional supply chains) .. 12. [The Second Layer] Security measures for connections between physical and cyber spaces .. 33. [The Third Layer] Security measures for connections in cyber space.

The Cyber/Physical Security Framework (Draft) Cyber Security Division Commerce and Information Policy Bureau Ministry of Economy, Trade and Industry

Tags:

  Policy

Information

Domain:

Source:

Link to this page:

Please notify us if you found a problem with this document:

Other abuse

Transcription of The Cyber/Physical Security Framework (Draft) - …

1 The Cyber/Physical Security Framework (Draft). Cyber Security Division Commerce and Information policy Bureau Ministry of Economy, Trade and Industry Table of contents Preface Settling on the Cyber/Physical Security Framework 1. Introduction - Changes of Scenery over Cyber Security .. 1. Society realized by and Connected Industries .. 1. Increase of threats from cyber attacks .. 4. 2. Concept of the Cyber/Physical Security 6. Purpose of developing the Framework .. 6. Concept of the Framework structure .. 7. Structure of the Framework .. 11. 3. The Cyber/Physical Security Measures ..12. [The First Layer] Security measures for connections between companies (conventional supply chains) .. 12. [The Second Layer] Security measures for connections between physical and cyber spaces .. 33. [The Third Layer] Security measures for connections in cyber space.

2 61. 4. Toward Establishing Trust ..92. Concepts of securing the trust in Framework .. 92. Appendix A: Reference Document Appendix B: Comparison with Major International Standards ..97. Appendix C: Glossary ..105. Preface Settling on the Cyber/Physical Security Framework The Government of Japan proposes the realization of a super smart society named " " which provides products and services that closely meet various needs and which provides both of economical development and solutions for social challenges, by highly fusing cyber space and physical space. Furthermore, we, Ministry of Economy, Trade and Industry (METI) proposes a concept named "Connected Industries" which creates new added values toward " " based on "connections" between various data, and now we are promoting various actions to realize this concept.

3 In " ", cyber attacks will have more impact on physical space than before because cyber space is more closely involved with physical space. The progress of the networking such as "Connected Industries" will increase the opportunity to create new added value by enabling a more flexible and dynamic supply chain configuration different from the conventional one. However, from the perspective of cyber Security , it widens the scope of protection from the view of the defending side, while it increases the point of attack from the view of the attackers. Based on the characteristics of cyber attack that a cyber attacker can intrude into a network just by finding only one point of weak Security , network intrusion is becoming easier than before. In these circumstances, the effectiveness of Security measures to ensure cyber Security by only one company is limited.

4 Therefore, in addition to considering cyber Security measures from the planning/designing phase based on a point of view of the Security by design in each product and service, etc., as for the whole supply chain including the affiliates and the business partners, it is necessary for each company to tackle cyber Security measures taking into consideration the resilience of business activities and Security of data circulation which it is difficult for individual entities to strictly control. In this Framework we organize common Security measures for all industries in " " by classifying them into three categories as "connections between companies (conventional supply chain)", "connections between physical space and cyber space", and "connections in the cyber space", and we describe what should be protected, what are our Security risks, and what are the specific measures for them in each category.

5 The Framework shows common Security measures for all industries in , but important assets, human resources, financial resources to be protected, and/or allowable risk level are different between industries and/or companies. Therefore please make good use of the Framework to estimate the threat and the risk scenario, make risk assessment, and implement the specific measures according to each actual situation. 1. Introduction - Changes of Scenery over Cyber Security Society realized by and Connected Industries . While practical uses of networking and IoT (Internet of Things) are advancing now in the world, public and private sectors are beginning cooperating actions to highly utilize IT in the field of manufacturing for leading the revolutionary change of "The Fourth Industrial Revolution" such as the "Industry " in Germany.

6 Also in Japan, in "The 5th Science and Technology Basic Plan" approved in a Cabinet meeting on January 22, 2016, the government of Japan (GOJ) proposes the realization of a super smart society named " " which provides products and services that closely meet various needs and which provides both of economical development and solution for social challenges, by highly fusing cyber space and physical space. Furthermore, we, Ministry of Economy, Trade and Industry (METI) need to develop a new industrial structure to realize the "Connected Industries" which creates new added value toward " " based on various connections. Figure 1 Illustration of the cyber space and the physical space1. 1 This illustration was made based on the report by the Ministry of Economy, Trade and Industry named "The 2015.

7 Infrastructure for computerization and a shift towards the service industry of the economic society in Japan (the research for implementation of CPS (cyber physical system) in the water utilities)". 1. is a new society which follows the hunting society ( ), agricultural society (Society ), industrial society (Society ), and information society (Society ). In the information society (Society ), sharing necessary knowledge and information was not enough and it was difficult to create new value, and it was also difficult and burdensome to find necessary information from the huge data and analyze it. In the society realized in , all people and things are connected by IoT, various knowledge and information are shared and new value is born through analysis of those data. Moreover, releases humans from burdensome work such as analyzing huge amounts of information by Artificial Intelligence (AI).

8 Society is not a society where economic and organizational systems are prioritized, but becomes a human-centered society that AI, robots, etc. will support a work that human have done so far and provide necessary items and services for necessary people, when necessary, as much as necessary. Figure 2 - Illustration of the society realized in 2. In , the supply chain, which is a series of activities to create added value, mainly for companies, will also change its form. The existing supply chain was a stereotyped, linear structure that a series of activities strictly planned and designed, procuring necessary parts and services based on that, assembling and processing, providing final products and services was deployed in a fixed and stable manner. However, in , necessary items and services are provided to necessary people when necessary, and the starting point of a series of activities to create added 2 The illustration is quoted from the introduction of by the Cabinet Office.

9 2. value is not a fixed as planned and designed by suppliers as before. It is also increasing case that consumers will become the starting point of added value creation activities. The existing activities will change into added value creation activities in which the activity contents are changed in the middle of activities in response to changes in the contents of necessity set at the start of a series of activities to create added value, or in which the new activity is incorporated by incorporating the elements when more effective information is obtained. Compared to the conventional stereotyped and linear supply chain, these changed supply chains need to be understood as type supply chain. 3. Increase of threats from cyber attacks In the society of (human-centered society) realized by IoT, AI and so on, the starting points for cyber attacks increase and the range of the cyber risk expands due to supply chains connected complicatedly.

10 Furthermore, the risk of cyber attacks reaching to physical spaces increases dramatically due to highly fused cyber space and physical space. As the conversion process to digitize information obtained from IoT and the delivery of data created massively are becoming obvious as new attack points in cyber, Security measures to support the accuracy, circulation, and cooperation of large quantity of data are also important issue. Figure 3 Illustration of connections between components and data and others in A large quantity of data circulation Importance of data management increases Cyber attacks reach to physical space Assume attacks on cyber space invading Fusion of physical and cyber from physical space Intervention in information conversion between physical and cyber Supply chains connected complicatedly Attacking points expands In fact, there reported a case example in which data of European company was infected with a ransomware, it infiltrated a domestic company in Japan via the supply chain, expanded the infection, and some operations stopped as a result.


Related search queries