Toshiba Corporation and Peraton Labs have announced a new jointly developed vulnerability assessment tool that emulates cyberattacks on industrial control systems.
Dubbed Automated Attack Path Planning and Validation (A2P2V), this new tool automatically generates cyberattack scenarios and simulates attacks that combine techniques to test and determine control system security status. It verifies results to identify security threats that need to be prioritised among the increasing number and range of cyberattacks.
A2P2V combines industrial control system configuration data with various publicly available attack techniques, and automatically generates and executes cyberattack scenarios that verify the strength of the system’s security.
Toshiba and Peraton Labs have demonstrated automated attacks in a simulated environment that revealed security flaws. By identifying industrial control systems vulnerabilities that can be attacked, A2P2V supports the identification of security threats that must be prioritised among the increasing number of cyberattacks and raises the ability to respond.
“With more and more devices connected to networks, cyber threats have now expanded to include industrial control systems and products, which traditionally operated in a safe and enclosed environment,” said Yutaka Sata, Ph.D., Corporate Officer and Director of Corporate Research & Development Centre, Toshiba Corporation.
“Toshiba provides various products and solutions for critical infrastructure and is responsible for keeping them secure even if they are connected to external networks. With A2P2V and other security technologies, Toshiba will ensure their robustness against evolving cyberattacks.”
“With the increasing volume and sophistication of cyberattacks, the ability to create novel attack scenarios and prioritise threats is essential for protecting critical infrastructure and industrial control systems,” said Petros Mouchtaris, Ph.D., president, Peraton Labs. “As a leader in cyber research, Peraton Labs looks forward to the continued development of innovative tools and solutions to defend industrial, military and commercial infrastructure from complex, multi-faceted attacks.”