September 3, 2018
The Ministry of Economy, Trade and Industry (METI) launched a Sub-working Group for Buildings under Working Group 1 (Systems, Technologies and Standardization) of the Study Group for Industrial Cybersecurity. In response, since its first meeting held on February 28, 2018, the sub-working group has been holding discussions on cybersecurity measures for building systems. METI hereby announces that the sub-working group formulated the “Guidelines for Cyber-Physical Security Measures for Building Systems (β Version).
As part of the efforts for securing cybersecurity by industry, METI launched a Sub-working Group for Buildings, bringing together stakeholders in the field of buildings with a number of control devices, e.g., elevators and air conditioners, and since its first meeting held in February 2018, the sub-working group has been holding discussions on the development of guidelines for cybersecurity measures for building systems.
METI hereby announces that the sub-working group formulated the “Guidelines for Cyber-Physical Security Measures for Building Systems (β Version)” as its interim outcome.
2. Outline of the guidelinesThe Guidelines for Cyber-Physical Security Measures for Building Systems (β Version) released here provide a compilation of threats, risks factors, and policy measures, which are expected to be important for building systems. Although the guidelines are a beta version, METI believes that the guidelines will help companies to assess the current security levels of buildings, and it expects many companies to utilize the guidelines broadly. Meanwhile, METI also considers it necessary to formulate new guidelines or directions for specific measures for conducting and implementing security, aiming to encourage companies to advance the implementation of security measures in their systems. The sub-working group will continue to discuss these new guidelines, including approaches to organizing them.
Contents of the guidelines
1.1. Purpose and coverage
1.3. Relationships with the framework for cyber-physical security measures
1.4. Structures of the guidelines
2. Changes in situations surrounding building systems
2.1. Characteristics of control systems in general, including building systems, and an increase in threats to them
2.2. Case examples of attacks on building systems
3. Approaches to cybersecurity measures for building systems
3.1. Overview of structures of building systems
3.2. Characteristics of building systems
3.3. Policies for organizing cybersecurity measures for building systems
4. Risks that building systems face and policies for addressing them
4.1. Overall management
- Configuration information / management information
- Backed-up data / business continuity
- Companies / staff management
- Establishment of systems, etc.
4.2. Device-based management measures
- Networks (cloud computing, information networks, BACnet)
- Monitoring centers (central control rooms)
- Machine rooms / control board boxes
- Wiring routes (MDF rooms, EPSs, racks in the ceiling)
- Sites at which terminal devices should be installed
5. How to use the guidelines
5.1. In a new large owner building
5.2. In shifting the existing system to a cloud computing system in an existing middle-scale tenant building
5.3. In assessing risks of an existing building and drafting measures therefor
Division in Charge
Cybersecurity Division, Commerce and Information Policy Bureau