December 27, 2021

The Electrical Science and Engineering Promotion Award is an honor presented by The Promotion Foundation for Electrical Science and Engineering. Since 1952, the foundation has continued to commend persons of merit who have contributed to Japanese electrical science and engineering. In the 69th Electrical Science and Engineering Promotion Award, all three of the entries from NEC won awards, and one was specially selected to win the Minister of Education, Culture, Sports, Science and Technology Award. In this article, we interview the researchers who won the Promotion Award about this special honor.

Award-winning technology

Development and practical application of Technology for Automatic Cyber Attack Risk Assessment

The researchers developed and practically applied a technology that simulates the risk analysis work performed manually by security experts in a virtual system model. Since there is no need to use an actual system to perform the analysis, there is no effect on operations.

Reaction from the award recipient

Tomohiko Yagyu

Yagyu joined NEC in 1995. After transferring to the research laboratories from a business unit through an internal job posting, he has been conducting research and development on a broad range of network control topics. Yagyu is an expert in his field who has also been involved in next-generation network research and other national projects.

Q1: What did you find challenging in this recent technology development?
What was difficult about the risk assessment technology was that there is no correct answer for the derived results. Because new cyber attack methods and vulnerabilities are being created one after another, it is essentially impossible to answer whether the risk judgment is being covered or to what percentage a system is safe. However, customers naturally will not be pleased with that result, so we improved the effectiveness through a demonstration experiment using the knowledge of NEC security assessment experts and customer data to satisfy our customers. This process may have been our greatest challenge.

Q2: What do you typically keep in mind when performing research?
I try to always keep in mind the question "what would I think if I were the one using it?" As researchers pursue their research, they inevitably become captive to thoughts such as "I want to increase the accuracy further" or "I want to do this in a more detailed manner." However, it is often the case that such issues are trivial matters for the people who use that system. Rather than focusing on minute differences in accuracy, it is more important to make it easy for the user to understand and use. I try to approach my research at all times with that intention.

Q3: What are your goals going forward?
This time around, we created a technology that uses a virtual model to identify cyber attack risks, but I would like to extend this further going forward. Because the systems that are in operation in society are becoming more complex, it will likely become more difficult to perform tests using the actual equipment. For that very reason, I would like to utilize virtual models for firewall filtering and apply it to the behavior of systems that are under attack, etc. to expand the range of practical use of this technology and develop it into something that can verify the safety of an entire system.

Masaki Inokuchi

Inokuchi joined NEC in 2013 and has been involved in the development of network technology. He later participated in security research with the launch of the Security Research Laboratories (currently the Secure System Research Laboratories) within NEC. Inokuchi has been involved in the development of this award-winning technology from the start of the project.

Q1: So how do you feel about winning this award?
I have never received an award from such a public institution before, so I am very grateful. Security risk identification is a technology that is broadly needed throughout the world today. We not only created the core technology through research but we were also able to implement it as a solution that customers can actually use, so I feel that the value of this technology has been recognized by society. I am extremely happy.

Q2: What did you find challenging in this recent technology development?
When advancing research, you inevitably encounter situations in which you are unable to balance precision and ease-of-use, and if you prop up one end then the other starts to sag. With this most recent technology, we performed many unpolished experiments through a repeated process of trial and error to try and adjust that balance. My junior colleague who was in charge of the output implementation made repeated corrections and improvements. His name was not put forth for this recent award due to the requirement of having "a work history of five years or more," but his achievements were significant. I am truly thankful for his efforts.

Q3: Are you currently undertaking any new objectives?
In order to sustain this technology as a service going forward for a long time, I would like to implement improvements that make it easy to handle for internal BU members and staffers who are in charge of operation. To scale out the service, it is important that we polish it so that the service can be provided without any problems even if we are not involved. Therefore, we are currently accelerating improvements.

Shunichi Kinoshita

After joining NEC in 2009, Kinoshita has been engaged in researching network communication control. He was later involved in a broad range of research in the network field including wireless LANs. Kinoshita is currently applying that know-how to security research.

Q1: What do you think led to winning this year's award?
I believe that a significant reason was that we were able to properly reflect the opinions of frontline workers and our customers in the technology. As part of the technology development, we listened to the opinions of various people who actually perform network security assessments, and we thoroughly implemented the policy of making something that was needed in the front line. I think that steadily continuing to follow that policy was a significant factor. However, I never dreamed that I would receive such an award, so while I am ecstatic, I am also a little bit surprised.

Q2: What did you find challenging in this recent technology development?
When I joined this project part way through, truthfully I did not understand what you could do with this technology. I think that the biggest reason is that the content which is output by the assessment was difficult to understand. The risk analysis combines detailed conditions to create the rules, but if you directly output those results, you end up with a massive amount of information that is impossible for a human being to decipher. It was very challenging to reduce the results to the simplest pattern as possible and drill down to only the important items while listening to the opinions of those working in the front line.

Q3: Are you currently undertaking any new objectives?
As a matter of fact, we also belong to the Cyber Security Strategy Division, so we are also promoting service improvements for this technology through that division. Thanks to various citations of this research, we have been able to obtain further requests and feedback from many customers. We would first like to apply such feedback to the technology while improving the service further.