Fujitsu Cyber Security Workshop 2016 Autumn was held on October 12, 2016 for Fujitsu Group employees in order to discover people skilled in security and raise awareness to combat recent increasingly complicated, sophisticated cyber attacks. The Fujitsu Journal team reports on the Workshop, which is now in its fourth year.
Fujitsu Developed 1,346 Security Meisters, Greatly Exceeding Its Initial Goal
Cyber attackers persistently attempt to steal sensitive information from the companies and organizations they target. Today, any delay in taking security measures may incur fatal management risks that pose a threat to a business's existence.
As part of its efforts to protect customers from the threat of cyber attacks, since 2013 Fujitsu has committed itself to the "Security Meister Certification System" in order to develop and certify security specialists who have the skills to thoroughly implement security measures.
The Security Meister Certification System is based on security technologies required in the fields of development and operation with a focus on field activities. Fujitsu discovers and develops specialists within the Fujitsu Group by defining specialist models in the following three areas: (1) "specialists in the field" to ensure quality and make appropriate initial responses in the field, (2) "specialists who are experts" to provide services by harnessing their advanced security capabilities, and (3) "specialists who are high-level meisters" to combat sophisticated threats by performing analysis on a global basis.
Fujitsu has already developed 1,346 security meisters (as of October 12, 2016), far exceeding its initial goal of 700. This system is designed to uncover people with advanced skills and expand the scope of certified specialists' activities. Fujitsu set a new goal of 2,000 security meisters to develop still more security professionals.
Probing the Depths of Cyber Attacks by Solving Self-created Problems
This workshop, now in its fourth year, is designed to discover able human resources who can combat increasingly complicated, sophisticated cyber attacks. In the first and second workshops, which were conducted under the theme of "Technologies," contests were held in which participants were tested on their knowledge and technical skills with respect to networks, the Web, and binaries required for security. In the third workshop last year, a contest was held in which participants competed in terms of practical operation skills under the theme of "Teamwork" by setting scenes and scenarios that assumed real companies. In this year's workshop held under the theme of "Co-creation," the contest-style event was changed into a hackathon in which participants "created" cyber-attack-related problems on their own, not just "solved" them, in order to identify trends and probe the depths of cyber attacks as well as to clarify hackers' intentions.
Problem statements were solicited during a very short period of one month before the workshop. As a result, 12 teams submitted problem statements on IoT, mobility, and so forth. All of these were high-level statements that fit the trends of the times, which demonstrates the high security awareness of Fujitsu Group employees.
First prize: Shunsuke Fujimaki and Kazushige Yamanashi (Team name: FUJIYAMA), Fujitsu Tokki Systems Business Unit
Second prize: Yuji Oshima (Team name: yuz), Fujitsu Security Management Service Business Unit
Third prize: Ken Sugio (Team name: sugio3), Fujitsu Network Solutions
FUJIYAMA, the winning team, submitted a problem statement about finding keywords using a binary editor. The judges highly evaluated team FUJIYAMA's problem statement because it was structured in such a way that even beginners could solve it in a step-wise manner and because it required ideas and inspiration from various approaches, including knowledge of encryption and image files.
Past Participants Transmitted High-level Know-how through Past Problem Statements
In the workshop, in addition to presentations by participants, past participants explained their past problem statements in detail in order to transmit know-how about advanced skills.
- Automobile hacking
In an environment where a radio control car equipped with an automobile's Controller Area Network (CAN) is controlled by Wi-Fi or Bluetooth, the hacker attempts to find a vulnerable point. The scenario's goal is to find the maintenance port and remotely control the vehicle. While giving detailed explanations, Mr. Takeuchi actually hacked the radio control car and stopped it at the target point.
The conference hall includes a hands-on space where participants could solve problems as well as a booth where they received individual guidance from high-level meisters with the expertise to address sophisticated threats. The atmosphere of the conference hall was bright and cheery, and everyone actively exchanged opinions and enjoyed solving problems. We strongly felt that these individual employees' efforts will help protect customers from cyber attacks.