Toshiba Corporation and Peraton Labs today announced a new jointly-developed vulnerability assessment tool that emulates cyberattacks on industrial control systems. Dubbed Automated Attack Path Planning and Validation (A2P2V), this powerful new tool automatically generates cyberattack scenarios and simulates attacks that combine advanced offensive techniques to test and determine control system security status. It verifies results to identify security threats that need to be prioritized among the increasing number and range of cyberattacks.
A2P2V combines industrial control system configuration data with various publicly available attack techniques, and automatically generates and executes cyberattack scenarios that verify the strength of the system’s security. Toshiba and Peraton Labs have successfully demonstrated automated attacks in a simulated environment that revealed security flaws. By identifying industrial control systems vulnerabilities that can be attacked, A2P2V supports the identification of security threats that must be prioritized among the increasing number of cyberattacks and raises the ability to respond.
“With more and more devices connected to networks, cyber threats have now expanded to include industrial control systems and products, which traditionally operated in a safe and enclosed environment,” said Yutaka Sata, Ph.D., Corporate Officer and Director of Corporate Research & Development Center, Toshiba Corporation. “Toshiba provides various products and solutions for critical infrastructure, and is responsible for keeping them secure even if they are connected to external networks. With A2P2V and other security technologies, Toshiba will ensure their robustness against evolving cyberattacks.”
“With the increasing volume and sophistication of cyberattacks, the ability to create novel attack scenarios and prioritize threats is essential for protecting critical infrastructure and industrial control systems,” said Petros Mouchtaris, Ph.D., president, Peraton Labs. “As a leader in cyber research, Peraton Labs looks forward to the continued development of innovative tools and solutions to defend industrial, military and commercial infrastructure from complex, multi-faceted attacks.”
Toshiba and Peraton Labs will present the tool at Black Hat USA 2021 Arsenal on August 4-5, 2021, and share a sample of the code. By opening the source, Toshiba and Peraton Labs look forward to collaboration with the cybersecurity community and organizations in the creation of value through open innovation.
Toshiba and Peraton Labs will continue to harness cyber-physical systems (CPS) technology, drawing on their leading digital and cyber expertise and Toshiba’s over 140 years of experience in manufacturing, to deliver solutions that strengthen the cyber resilience of control systems, and support the realization of a society free from cybercrime.