Introducing Advanced security technology for "protecting" and "creating" a smart world.
“DX (Digital Transformation)” has been a buzzword in recent years. Today, the use of digital data in various social situations has become essential, as it is bringing rapid change to our lives, lifestyles, and livelihoods. We believe that DX is no longer just the goal of innovation in the digital world but has become a “social issue”.
NTT considers a “smart world” to be one optimized so that society can operate smoothly, a world in which vast amounts of digital data are obtained from various devices in the physical spaces that compose society, then this data is processed in cyber space and returned as feedback to real space, so that all people can live their lives safely and in their own ways.
We at NTT believe that creating a “smart world” will enrich society as a whole. This includes realizing “personalized optimization” that realizes residential environments where people can live safely and in good health, and a living environment that can be customized to individual preferences. It also includes “social optimization”, such as realizing an industrial system in which total optimization can be achieved based on predictions of the future, and realizing a working environment that can flexibly respond to the needs of workers. We are also working to create the security technology necessary for safe and secure distribution of digital data essential to realizing these changes.
We verify what kind of threats are posed to the ICT field based on the “10 Major Security Threats 2020”, a compilation of trends in threats to individuals and organizations for that year (Fig. 1) compiled by the IPA (Information-Technology Promotion Agency, Japan).
Among threats to individuals, the top ranks are still occupied by those related to financial damage such as unauthorized use of smartphone payment, unauthorized use of leaked credit card information, and phishing fraud for personal information, which have rapidly become widespread. Methods of intimidation and fraud using email and social media have become more sophisticated, and there are more attacks targeting psychological weaknesses in people.
Organizations have also seen more attacks that exploit weaknesses in the supply chain, as well as damage caused by targeted attacks and business email fraud. This means that instead of directly attacking large companies that have adequate security in place, criminals are using malware on small companies that have inadequate security, then attack the systems of large companies through those small companies.
Crimes have also changed in nature, from crimes committed for the fun of it to crimes committed for purposes of organizations, such as APT (Advanced Persistent Threats). Along with this change, methods of attack have become more sophisticated and the scope of targets has also expanded.
OT (Operation Technology) is now being introduced in the fields of operation and control, and IoT (Internet of Things) is spreading rapidly in a number of industries. One trait common to all of these trends is the rapid integration of physical systems with cyber systems, so it has become important and in fact essential to implement cyber security measures with a comprehensive grasp of security and safety.
Our basic way of thinking about security technology is based on two perspectives: security to protect a smart world and security to create a smart world. With these two approaches, we are conducting various types of research and development, ranging from basic to applied levels.
With the first approach, security to protect a smart world, we see new attacks being created on a daily basis, and their contents becoming more sophisticated and widespread, as described above. And with the advent of IoT, every terminal is being connected to the network, so the number of assets that must be protected from cyber attacks has increased dramatically.
Security risks in companies and other organizations depend on the scale of “threats”, “vulnerabilities”, and “assets to protect”. The increasing sophistication and widespread use of cyber attacks, and the growing number of assets to protect are expected to lead to a significant increase in security risks for companies and other organizations (Fig. 2).
Here it is necessary to consider that there is a limit to the budget of security measures that an individual company or organization can bear, and in the future it will be more difficult to deal with ever-increasing risks. That is to say, bridging the gap between the growing risk of cyber attacks and the limitations of countermeasure budgets will be an important issue, and so we must research and develop technologies that drastically improve the capacity of companies and other organizations for defense and countermeasures against cyber attacks.
In the era of IoT, all manner of devices that support society will be connected to the network. This means that there will be a drastic increase in the risk of cyber attacks directly impacting human lives and social activities. As cloud-based and mobile-based business continues to evolve, it will be necessary to take measures assuming a zero trust system environment, unlike the conventional on-premises environment within a company.
It will be necessary to respond to the increasing sophistication and widespread use of cyber attacks, growing complexity of system environments, and rising operational cost of countermeasures. In order to respond, we will use security intelligence and AI to further research and develop technologies that contribute to the automation and sophistication of countermeasure operations, including the advancement of malware detection technology and response to attacks that exploit the psychological weaknesses of users (Fig. 3).
Our second approach, security to create a smart world, is based on the premise that a “smart world” will require the distribution and utilization of data across various industries and fields. Here, the main issue is that owners of data completely sequester their own data due to concerns such as privacy violations and unauthorized use.
We believe that in order to dispel concerns that data owners have and promote the distribution and utilization of data, it is essential to have systems for securely executing every value creation process, including data generation, distribution, analysis, and destruction, as well as flexibly and safely using data across different fields (Fig. 4).
Only when we have realized these systems will it be possible to use data securely across different industries and fields, and to create new value the likes of which has never existed before. In other words, only by making the entire process of value creation secure and feasible will it be possible to realize a smart world. We consider that to be the essence of security to create a smart world.
We are conducting research and development of security technologies capable of solving fundamental problems, in order to realize new value creation. For example, this includes “secure computation technology”, which computes some data while it is still encrypted, so there is no need to decrypt it first. We have applied this to standard learning and prediction with deep learning using AI, which is rapidly being implemented throughout society, thereby realizing the first technology in the world that can process data while it is still encrypted. We are also conducting research and development of “anonymization technology” that makes it possible to safely use personal data. Furthermore, we are focused on security issues between the digital world and its users (people), and are concentrating our efforts on “usable security” technology to protect against attacks that exploit psychological weaknesses of humans.
These examples illustrate how NTT Group is conducting research and development of cutting-edge cyber attack countermeasure technology, secure data distribution and utilization technology, and other advanced technologies that will support these technologies and be a source of competitive strength for us looking forward 10 or 20 years into the future.
In the next article, we will introduce the latest trends in each cutting-edge technology.