Probing the Depths of Increasingly Complicated, Sophisticated Cyber Attacks: Fujitsu Cyber Security Workshop 2016 Autumn

Fujitsu Cyber Security Workshop 2016 Autumn was held on October 12, 2016 for Fujitsu Group employees in order to discover people skilled in security and raise awareness to combat recent increasingly complicated, sophisticated cyber attacks. The Fujitsu Journal team reports on the Workshop, which is now in its fourth year.

Fujitsu Developed 1,346 Security Meisters, Greatly Exceeding Its Initial Goal

Cyber attackers persistently attempt to steal sensitive information from the companies and organizations they target. Today, any delay in taking security measures may incur fatal management risks that pose a threat to a business's existence.

As part of its efforts to protect customers from the threat of cyber attacks, since 2013 Fujitsu has committed itself to the "Security Meister Certification System" in order to develop and certify security specialists who have the skills to thoroughly implement security measures.

The Security Meister Certification System is based on security technologies required in the fields of development and operation with a focus on field activities. Fujitsu discovers and develops specialists within the Fujitsu Group by defining specialist models in the following three areas: (1) "specialists in the field" to ensure quality and make appropriate initial responses in the field, (2) "specialists who are experts" to provide services by harnessing their advanced security capabilities, and (3) "specialists who are high-level meisters" to combat sophisticated threats by performing analysis on a global basis.

Fujitsu has already developed 1,346 security meisters (as of October 12, 2016), far exceeding its initial goal of 700. This system is designed to uncover people with advanced skills and expand the scope of certified specialists' activities. Fujitsu set a new goal of 2,000 security meisters to develop still more security professionals.

Develop security meisters targeting 2,000 meisters by FY2017

Probing the Depths of Cyber Attacks by Solving Self-created Problems

This workshop, now in its fourth year, is designed to discover able human resources who can combat increasingly complicated, sophisticated cyber attacks. In the first and second workshops, which were conducted under the theme of "Technologies," contests were held in which participants were tested on their knowledge and technical skills with respect to networks, the Web, and binaries required for security. In the third workshop last year, a contest was held in which participants competed in terms of practical operation skills under the theme of "Teamwork" by setting scenes and scenarios that assumed real companies. In this year's workshop held under the theme of "Co-creation," the contest-style event was changed into a hackathon in which participants "created" cyber-attack-related problems on their own, not just "solved" them, in order to identify trends and probe the depths of cyber attacks as well as to clarify hackers' intentions.

Problem statements were solicited during a very short period of one month before the workshop. As a result, 12 teams submitted problem statements on IoT, mobility, and so forth. All of these were high-level statements that fit the trends of the times, which demonstrates the high security awareness of Fujitsu Group employees.

Judges mainly consisted of security meisters (wearing red jumpers) and previous participants.

[Prize winners]
First prize: Shunsuke Fujimaki and Kazushige Yamanashi (Team name: FUJIYAMA), Fujitsu Tokki Systems Business Unit
Second prize: Yuji Oshima (Team name: yuz), Fujitsu Security Management Service Business Unit
Third prize: Ken Sugio (Team name: sugio3), Fujitsu Network Solutions

FUJIYAMA, the winning team, submitted a problem statement about finding keywords using a binary editor. The judges highly evaluated team FUJIYAMA's problem statement because it was structured in such a way that even beginners could solve it in a step-wise manner and because it required ideas and inspiration from various approaches, including knowledge of encryption and image files.

Past Participants Transmitted High-level Know-how through Past Problem Statements

In the workshop, in addition to presentations by participants, past participants explained their past problem statements in detail in order to transmit know-how about advanced skills.

- Automobile hacking

Mr. Takeuchi from Fujitsu Learning Media explaining his problem statement (hacking a radio control car by operating a PC), which was the most popular at a previous event.

In an environment where a radio control car equipped with an automobile's Controller Area Network (CAN) is controlled by Wi-Fi or Bluetooth, the hacker attempts to find a vulnerable point. The scenario's goal is to find the maintenance port and remotely control the vehicle. While giving detailed explanations, Mr. Takeuchi actually hacked the radio control car and stopped it at the target point.

Lastly

In the workshop space set up in the conference hall, participants answered problems and listened to explanations about past problem statements using actual machines.

The conference hall includes a hands-on space where participants could solve problems as well as a booth where they received individual guidance from high-level meisters with the expertise to address sophisticated threats. The atmosphere of the conference hall was bright and cheery, and everyone actively exchanged opinions and enjoyed solving problems. We strongly felt that these individual employees' efforts will help protect customers from cyber attacks.