On February 5, 2025, JPCERT/CC organized the 17th ICS Security Conference, aiming to educate participants about the current threats to Industrial Control Systems (ICS) both in Japan and internationally, while fostering better security practices. The event saw 50 attendees onsite and 511 people participating via live stream, featuring seven presentations and discussions that underscored the pressing challenges and state of ICS security.
Opening Remarks by Nobutaka Takeo, METI
Nobutaka Takeo from Japan’s Ministry of Economy, Trade and Industry (METI) provided an overview of the escalating cyber security threats facing Japanese businesses, particularly SMEs. He identified ransomware and supply chain attacks as the most severe threats, emphasizing the likelihood of increased sophistication due to advancements in AI technology and geopolitical tensions. Mr. Takeo highlighted METI’s proactive measures, including guidelines on security practices, support services for SMEs, and the development of certification for IoT device security. He underscored the need for collaborative public-private efforts to fortify cybersecurity nationwide.
Review of ICS Security by Toshio Miyachi, JPCERT/CC
Toshio Miyachi discussed the trends in ICS security over the past year, attributing increased sophistication in cyber crimes to geopolitical tensions, notably the Ukraine conflict and the US-China trade war. He emphasized the prominence of ransomware in targeting manufacturing sectors, with a notable rise in incidents reported, predominantly from the US and Europe. Mr. Miyachi referenced emerging malware threats like FrostyGoop and IOcontrol, stressing the necessity for continued analytical advancements. He also pointed to a 10% increase in vulnerabilities reported by CISA in 2024 and cautioned about vulnerabilities stemming from shared libraries.
ICS Security Standards by Yukihiro Ichikawa, Deloitte Tohmatsu Cyber LLC
Yukihiro Ichikawa introduced the IEC 62443 series of standards designed to combat cyber threats, especially ransomware. These standards offer foundational guidelines for various stakeholders involved in ICS, including system integrators and product suppliers. Notably, the IEC 62443-2-1 Edition 2.0 was revised to enhance operational consistency with existing standards. Ichikawa projected future developments that could incorporate conformity assessments for IoT and suggested that standardization is crucial for reinforcing cybersecurity across industries.
Process Safety Management and Cyber Security by Masayuki Tanabe
Masayuki Tanabe presented a framework for integrating Process Safety Management (PSM) with cybersecurity risk assessments. His group’s methodology involved a comprehensive process for evaluating cybersecurity risks, emphasizing the importance of interdisciplinary teams combining expertise in safety and cybersecurity. This integrated approach aims to improve an organization’s resilience to cyber threats, highlighting the necessity for specialized teams focused on the intersection of IT and OT domains.
Continuous Threat Exposure Management (CTEM) by Shunsuke Kato, Claroty Ltd.
Shunsuke Kato spoke about implementing Continuous Threat Exposure Management (CTEM) in ICS settings. He outlined the CTEM process, which emphasizes ongoing evaluation and risk management, tailored for the unique challenges faced by ICS environments. Each phase from scoping to implementation involves collaboration with stakeholders to effectively mitigate potential security threats.
Interactive Session on Incident Response by Kazumasa Araki, JFE Steel Corporation
Kazumasa Araki led a talk on lessons learned from an “Incident Response Exercise” aimed at enhancing ICS incident response capabilities. Sharing insights from their participation in ICS security drills, he emphasized the importance of regular exercises for improving incident response procedures and interdepartmental communication. Challenges such as evidence preservation and business continuity during production downtimes were also discussed.
SBOM Challenges by Takuya Nishino, NTT Communications
Takuya Nishino addressed the importance of Software Bill of Materials (SBOM) for enhancing vulnerability management and ensuring supply chain security. Despite regulatory push for SBOM adoption, he underscored existing implementation challenges, such as inconsistencies in format and difficulties in generating comprehensive SBOMs.
Closing Remarks by Takayoshi Shiigi, JPCERT/CC
Concluding the conference, Takayoshi Shiigi highlighted the evolution of interest in ICS security over the years while stressing the need for collaboration among stakeholders. He thanked participants and emphasized the conference’s aim to foster ongoing dialogue and improvement in ICS cybersecurity practices.
Overall, the conference offered comprehensive insights into the state of ICS security, addressing emerging threats, standards, and collaborative measures necessary for enhancing resilience in the industrial sector.