(116y) Research on Human Resource Development Exercises for Resilience to Cyber Incidents in Critical Infrastructure

Current cyber attacks target IT systems and OT (operational technology) systems that are indispensable for the automatic operation of critical infrastructure industries. There have been various reports of cyber incidents targeting the OT System. In 2019, Norsk Hydro was infected with particular ransomware worldwide through a corporate network, forcing manufacturing sites to operate manually. In May 2020, Taiwan's CPC, responsible for Taiwan's oil supply, was targeted by a cyberattack.

COTS (Commercial Off The Shelf, such as Windows OS, Intel PC, and open source applications) devices have been proposed to reduce the deploying OT system budget. Also, DX efforts are being made to shift from physical operation to virtual operation by using virtualization with IoT, AI, and Cloud. Due to this technological trend, the expanded attack surface is forced to manage the OT system as a "zero trust system," that assumes cyber attacks.

In IT system, countermeasures such as whitelisting and firewalls prevent attackers from outside the system. For OT system, zoning described in IEC62443 is recommended to mitigate the effects of cyberattacks.

However, attackers exist all over the world, and they are continually developing new attack methods. For this reason, the authors believe that it is impossible to prevent all attacks, no matter what measures the defenders take. Therefore, when responding to cyberattacks against the OT system, it is essential to consider countermeasures by focusing on plant accidents caused by control system failures, most of which are assumed as safety measures.

In order to ensure the safety of the plant and continue the business operation even if it has a cyberattack on the OT system, it is indispensable to develop human resources to respond to the incident flexibly. For this reason, we had been developing cybersecurity exercises to acquire the meta-knowledge necessary to respond to cyber attacks targeting the OT system.

In this paper, we will present the design framework and implementation methods, along with the results of the exercises for OT experts.