Author(s)

YUITAKA OTA, ERIKA MIZUNO, KOKI WATARAI, TOMOMI AOYAMA, TAKASHI HAMAGUCHI, YOSHIHIRO HASHIMOTO, ICHIRO KOSHIJIMA

Abstract

In recent years, COTS (commercial off the shelf, such as Windows OS, Intel PC, and open source applications) have been proposed to reduce the cost of deploying operational technology (OT) systems. Also, DX efforts are being made to shift from physical operation to virtual operation by using virtualization with IoT, AI, and cloud servers. Current ransomwares, therefore, infect without distinguishing between IT systems and OT systems. For example, in May 2021, the Colonial Pipeline Company, a major oil pipeline company in the United States, was infected with ransomware and shut down its pipeline operation. As a countermeasure against cyberattacks, many companies focus on creating a less vulnerable environment. However, attackers exist worldwide, and they are constantly searching for new attack surfaces and developing new attack methods. It is also difficult for defenders to prevent all attacks, no matter what measures they take. Therefore, companies need to educate employees to ensure the safety of their factories in the event of a cyberattack. The authors developed a series of table-top BCP (business continuity plan) exercises to acquire the meta-knowledge necessary to respond to cyberattacks targeting the OT system for the above reasons. However, we found that the learning effect of these exercises depended on how the participants imagined cyberattacks. Therefore, in this paper, we propose a hybrid learning system that combines cyberattack simulations and table-top BCP exercises to increase the cyber resilience of participants.

Keywords

cyber-incident, cyber resilience, business continuity plan, exercise