Despite the infinite convenience brought by digitalization in today's era, it also comes with increasingly complex geopolitical challenges. In the era of ongoing cyber warfare, the prevalence of advanced network environments poses unprecedented challenges to information security. In this context, national cybersecurity strategy serves as an indispensable cornerstone to ensure the stable operation of society, particularly for Taiwan.

This session will start by examining national cybersecurity strategies around the world, analyzing the cybersecurity strategies of the United States and Europe, offering personal insights, and exploring the relationship between national cybersecurity strategy and the international cybersecurity standard ISA/IEC 62443. ISA/IEC 62443 is a standard specifically designed for Industrial Automation and Control Systems (IACS), aiming to provide comprehensive guidelines to ensure the cybersecurity of industrial automation and control systems.

Through practical examples, the session will delve into how to extend national cybersecurity strategy into actionable plans and incorporate the essence of the ISA/IEC 62443 international standard.

Looking ahead to ICS (Industrial Control System) security, it is crucial to consider the evolving technology and threat landscape. In this regard, the framework proposed by NIST, known as CSF 2.0, and the interaction with other emerging technologies are of paramount importance. CSF 2.0 is a widely used framework in the ICS security domain, providing a set of standards and guidelines to help enterprises assess, improve, and manage their ICS security.

The highlights of the CSF 2.0 framework lie in its flexibility and comprehensiveness, making it applicable to various types of organizations and different industries' ICS environments. However, with the advancement of technology, the emergence of emerging technologies brings new challenges and opportunities for ICS security.

For example, the applications of technologies such as the Internet of Things (IoT), Artificial Intelligence (AI), edge computing, supply chain, blockchain, etc., are becoming increasingly widespread. These technologies bring greater intelligence, connectivity, and efficiency to ICS systems, but at the same time, they also increase security risks. Therefore, the ICS security field needs to continuously interact with these emerging technologies to address new threats and strengthen system security.

The integration of CSF 2.0 with emerging technologies presents both challenges and opportunities for enhancing ICS security. Organizations need to adapt their security strategies to embrace the benefits of these technologies while effectively managing associated risks. Collaboration between industry stakeholders, researchers, and policymakers is essential to develop robust security measures and frameworks that can effectively mitigate evolving threats to ICS environments.

This session delves into cybersecurity challenges and strategies between Operational Technology (OT) and enterprise networks. We will dissect vulnerabilities at their intersection, including threats like ransomware and remote intrusions. Through case studies and expert insights, attendees will gain deeper understanding of OT security issues and learn to establish robust protection strategies for production networks, ensuring stability and safety. The aim is to raise awareness of OT security threats and provide practical response solutions, empowering attendees to effectively address growing cybersecurity challenges and safeguard business assets and operations.

In this talk, we will introduce one of Mitsubishi's PLC network protocols, Melsoft. Melsoft is usually the default protocol of Mitsubishi PLCs. In September 2023, TMRTEK's products took a test in ACW SOUTH, and got the score of 100% detection cover rate. We achieve this by inspecting deeply into OT protocols.

By delving into the command level, we could carry out the most detailed of behavior analysis in OT protocols. We will share our experience of OT network behavior analysis by using LSTM (Long Short-Term Memory). By learning from past data, LSTM could predict the data value of the next time slot. Therefore, it is a suitable tool to find out the network traffic which is different from the normal pattern. LSTM could be used as a tool of discovering anomaly of connection number, anomaly of transmission amount, and abnormal OT protocol commands.

After a major reform, OT component suppliers introduced SDLC and finally obtained 62443-4-2 product certificate, which also represents the determination of component suppliers in the security of their products. However, OT systems in various fields are gradually coming out with various security standards. Therefore, system owners and integrators will expect to find component that provides sufficient capabilities to build systems that comply with related security regulations. In this regard, how should component suppliers plan to develop 62443-4-2 products, meet the requirement from customers and avoid unnecessary development costs. I will share this part of my R&D views and experience.

In the context of the digital era, the ISA/IEC 62443 standards play a pivotal role in safeguarding the cybersecurity of critical infrastructures such as rail transport, electricity, oil industry, semiconductors, and healthcare. With the introduction of new European regulations, such as the Radio Equipment Directive and the Cybersecurity Resilience Act, the importance of enhancing product cybersecurity measures is increasingly emphasized. This presentation will focus on establishing secure product development processes using the ISA/IEC 62443-4-1 standard and address common misconceptions when implementing product security functions as per ISA/IEC 62443-4-2. Through the analysis of real-world case studies, we will explore common misunderstandings and best practices in security design, including continuous threat modeling, security testing, and lifecycle integration. This session aims to empower product manufacturers to more effectively implement these standards, thereby improving product security performance.