Breadcrumb navigation

Message for students 2019: Hirofumi Ueda

April 1, 2019

Accelerating security through active co-creation

Hirofumi Ueda

Secure System Research Laboratories
Hirofumi Ueda

Hirofumi Ueda entered NEC in 2008, after researching networks as a university student and earning a master's degree. Following his success in efforts such as the development of wireless network technology that can be used even during earthquake disasters, Ueda was assigned to the business division to conduct research in the new business area of vehicle security. Since then, Ueda has been active on the front lines of security research.

Developing NEC's proprietary technology for automatic risk assessment

I am conducting research and development of security systems in the Secure System Research Laboratories. NEC has long been involved in security, and has a particularly strong presence in encryption technology, even on a global scale. In addition, NEC takes part in a wide array of businesses, ranging from undersea cables to satellites, and is engaged in systems for applications such as defense. NEC has an abundance of experience in business domains that require high levels of accuracy and confidentiality, which serves as a great strength to our security technology.
In November 2018, I developed NEC's "Technology for Automatic Cyber Attack Risk Assessment". When this technology is implemented in an existing system, it automatically assesses the risks by acquiring data from the system, constructing a virtual environment, and using a proprietary analysis database to conduct attack simulations. Unlike conventional systems that simply manage the vulnerabilities of a system, this technology can visualize a variety of intrusion and attack scenarios that might occur even in the part devoid of security vulnerabilities. I think it can be said that NEC is unique in this approach. This technology also makes it possible to assess OT (operational/control technology) systems, which were not assumed to be subject to attacks in the past. The technology is also able to handle attacks on control systems such as power plants and industrial plants, which have been on the rise in recent years.
Thanks to the support of everyone involved, NEC received many inquiries for this technology after the press release was published, and a variety of discussions with customers are currently underway. I get a sense of a tremendous surge of awareness about security in society. However, despite good intentions to ensure security, I often hear about issues such as insufficient human resources to handle security, or the difficulty of getting an overall understanding of the risks in large-scale systems. I believe the automated system that we developed can help solve these types of issues.

From network research to security research

Hirofumi Ueda

I conducted research on networks as a university student, and my first assignment at NEC was to pursue network technology research. Initially, I worked on a BU project funded by the Ministry of Internal Affairs and Communications. In response to lessons from the Great East Japan Earthquake in 2011, there was a request to introduce network technology that can be used in spite of disasters, so I worked on developing temporary access points, as well as systems that can establish communications only with mobile devices based on delay tolerant networking (DTN). In 2013, the two technologies were completed and put to use in actual systems.
I had been doing network research like this for eight years, but in 2015, just when I thought my research theme had reached a certain degree of development, the business division approached the laboratories with an offer to go in for vehicle security. They indicated the intention of recruiting someone from the laboratories, and I volunteered. I spent two years in the business division working on research and development in the field of vehicle security.
At the time, I was involved in a project to create new business, so I attended to a wide array of activities ranging from business planning to technology development. For example, the first theme I worked on was an assessment of vehicle security. In the past, vehicle security was based on a policy of maintaining safety against "failure." But questions arose about how things would change when vehicles were connected to the Internet. In addition to "failure," it became necessary to consider the possibility that vehicles could be "exploited" through cyber attacks. My work involved evaluating whether vehicles were safe, quantifying the evaluations, and performing diagnosis.
After completing these two years, I returned to the laboratories from the business division. At that time, a new research theme on performing security assessment of control systems used in industry was getting started. This research eventually led to the "Technology for Automatic Cyber Attack Risk Assessment" that I mentioned before, even though at the time I did not have a clear understanding of what "control systems" meant.
Then, I got some information about a water treatment control system owned by a university in Singapore, and went on to become a visiting researcher at the university for about six months. During that time, I traveled back and forth between Singapore and Japan many times. I would spend as long as three weeks in Singapore studying the system, then bring the results back to Japan and share them with the team, and discuss what steps to take next. I repeated this process again and again.
In this way, my research has extended beyond the laboratories, and you might say that I have been jumping into the business division and overseas research institutions (laughter).

Jumping out of the laboratories to accelerate research

However, I think the approach of jumping out of the laboratories to carry on research is really important. If you attempt to do some new type of research, it seems insufficient to stay inside the laboratories. I feel that this approach is necessary especially for security research, and it is increasingly essential to jump into an environment where the research can be accelerated. For the research on vehicle security, I went to the business division because of its having a close relationship with actual customers, and to the university in Singapore as well because of its having an actual system that I should study. I think that this approach of actively jumping into the appropriate location is necessary in present research.
In our current era, I do not think it is possible for a researcher to continue one research theme through their entire career, from their entrance into the workforce until retirement. This is because trends in technology come in and go out of style. Progress in the IT field is particularly rapid, and 10 years ago, it was not anticipated that the present AI boom would be as big as it is now. Nobody knows how long this boom will last.
For this reason, I think it is important for researchers to focus on creating something new. Of course, it is likewise important to improve existing technology, but there needs to be some sense or spirit of jumping at something new. Otherwise, researchers become entrenched in their way of thinking about the research themes in their own area of specialization. I intend to continue taking in new things every day to foster flexible thinking and action. Since entering NEC, I have challenged research with the view that researchers should learn all the time.
The emergence of AI and autonomous driving technology is leading to major changes in the way we interact with IT and ICT around the world. As more and more things become connected to networks, the need for security will increase. Moving forward, I hope to continue new research so that my technology can contribute to the creation of a safe and secure society.