JP2022175060A - Mobile body control system and attack notification method - Google Patents

Abstract

To provide a mobile body control system and attack notification method capable of realizing an effective notification against a cyber attack.SOLUTION: A mobile body control system for controlling an unmanned vehicle 13 controls a video projection device 121, a lamp 133, and a speaker 134 as notification devices for respectively issuing a notification to a manager 122 and pedestrian 14 being a notification object person, and a passenger of a manned vehicle 15. The unmanned vehicle 13 has a firewall 131 for detecting a cyber attack. When the firewall 131 detects a cyber attack, the respective notification devices being the video projection device 121, the lamp 133, and the speaker 134 are allowed to issue a notification to notify the notification object persons of the existence of the cyber attack by a method by which the manager 122, the pedestrian 14, and the passenger of the manned vehicle 15 can recognize the existence of the cyber attack on a real space.SELECTED DRAWING: Figure 1

Description

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a mobile control system for controlling unmanned mobiles and an attack notification method for notifying the presence of a cyberattack on the system.

In recent years, the threat of cyberattacks has increased not only in the IT (Information Technology) field, but also in the OT (Operational Technology) field, which is used to control the operation of various devices, and has become an urgent issue. ing. This also applies to mobile control systems that manage operations of various mobile bodies. In particular, in a mobile control system that operates in an environment where unmanned vehicles, manned vehicles, and pedestrians coexist, there is a risk of harm to surrounding people if, for example, an unmanned vehicle goes out of control due to a cyberattack. , countermeasures against cyber attacks are important. As an initial stage of this countermeasure, when a system is attacked by a cyber attack, it is preferable to first detect its existence and notify relevant parties such as administrators of the fact.

As a technique for notifying the existence of a cyberattack in this way, Patent Document 1 discloses a technique for detecting an attack with a firewall and notifying an administrator of information on an attack event and past similar events from a display unit. It is

Japanese Patent No. 6786959

Mobile control systems that control unmanned vehicles have the potential for cyber-attacks to directly harm humans as described above. Appropriate measures should be taken. However, in the technology disclosed in Patent Document 1, there is a problem that the administrator must always watch the display section in order to immediately recognize the occurrence of a cyber attack when it occurs.

In addition, in a mobile control system that controls unmanned vehicles, it is preferable to effectively warn people who may be harmed if an unmanned vehicle that has been subjected to a cyber attack goes out of control. In particular, mobile control systems that control unmanned vehicles, such as unmanned vehicles and manned vehicles, workers and ordinary people, are operated in environments where vehicles and humans coexist. Appropriate alerting is important. However, although the technology disclosed in Patent Document 1 considers notification to administrators, it does not particularly consider alerting people who may be harmed by cyberattacks.

The present invention has been made in view of the above problems, and its main purpose is to provide a movement control system and an attack notification method capable of realizing effective notification of cyberattacks.

A mobile body control system according to the present invention is for controlling at least one unmanned mobile body that is unmanned and capable of moving, and controls a reporting device installed at a predetermined location for reporting to a person to be notified. a report control unit, wherein the unmanned mobile body has a firewall that detects a cyberattack; and the report control unit enables the person to be notified to be recognized in real space when the firewall detects the cyberattack. The method causes the reporting device to issue a report to notify the person to be notified of the presence of the cyberattack.
An attack notification method according to the present invention notifies a person to be notified of the presence of a cyberattack on a mobile control system that controls at least one unmanned and movable unmanned mobile body by a reporting device installed at a predetermined location. wherein the firewall of the unmanned mobile body detects the cyberattack, and when the firewall detects the cyberattack, the cyberattack is detected by a method that the notification target person can perceive in real space. causing the notification device to transmit a notification for notifying the notification target person of the existence of the

ADVANTAGE OF THE INVENTION According to this invention, the mobile control system and attack notification method which can implement|achieve effective notification of a cyber attack can be provided.

1 is a schematic diagram showing an overview of a mobile control system according to a first embodiment of the present invention; FIG. It is a block diagram which shows the functional structure of a control server. 1 is a block diagram showing a functional configuration of an unmanned vehicle; FIG. It is a figure explaining the example of the projection method of an image|video. 4 is a flow chart showing the operation of the firewall; It is a flow chart which shows operation of a control server in a 1st embodiment of the present invention. It is a schematic diagram which shows the outline|summary of the mobile control system which concerns on the 2nd Embodiment of this invention. It is a flowchart which shows operation|movement of the control server in the 2nd Embodiment of this invention.

Embodiments of the present invention will be described below with reference to the drawings. The following description and drawings are examples for explaining the present invention, and are appropriately omitted and simplified for clarity of explanation. The present invention can also be implemented in various other forms. Unless otherwise specified, each component may be singular or plural.

[First Embodiment]
First, a mobile control system according to a first embodiment of the present invention will be described with reference to FIGS. 1 to 6. FIG. FIG. 1 is a schematic diagram showing an overview of a mobile control system according to a first embodiment of the present invention.

The mobile control system of this embodiment controls an unmanned vehicle 13 within a predetermined management range 12 and includes a control server 10 and a network 11 . The unmanned vehicle 13 is an unmanned mobile body that can automatically move along a planned route 120 within the management range 12 according to instructions from the control server 10 . Although only one unmanned vehicle 13 is shown in FIG. 1, the number of unmanned vehicles 13 controlled by the mobile control system may be one or may be plural.

In the control range 12 of the mobile control system, not only unmanned vehicles 13 but also pedestrians 14 and manned vehicles 15 coexist. Network 11 is connected to unmanned vehicle 13 via radio station 111 . This ensures communication between the control server 10 and the unmanned vehicle 13 .

The control server 10 acquires information from cameras and radars (not shown) installed within the management range 12, and based on this information, unmanned vehicles 13, pedestrians 14, and manned vehicles existing within the management range 12. Each state of the vehicle 15 (position, orientation, speed, etc.) is analyzed. Based on this analysis result, a planned route 120 along which the unmanned vehicle 13 should move is planned in order to ensure that the unmanned vehicle 13 does not collide with obstacles (not shown), pedestrians 14, and manned vehicles 15 while performing necessary work. and give instructions.

Operation management of the mobile control system is performed by the administrator 122 monitoring and operating the control server 10 . The administrator 122 is, for example, a member of an organization (an employee of an operating company, an employee of a public institution, etc.) in charge of operation and management of the mobile control system. Upon detecting that the mobile control system has been subjected to a cyberattack, the control server 10 notifies the administrator 122 of the cyberattack by displaying a predetermined screen or the like. By taking appropriate measures in response to this notification, the administrator 122 can protect the mobile control system from cyberattacks.

However, the administrator 122 is not always in front of the control server 10 and watching the screen of the control server 10 . Therefore, in the mobile control system of the present embodiment, when a cyberattack is detected, the image 124 projected by the image projection device 121 is used to notify the administrator 122 by a method other than the screen display, so that the administrator can 122 to reliably recognize the occurrence of cyberattacks.

A video projection device 121 is connected to the control server 10 . The image projection device 121 projects images 123 and 124 onto the real space according to instructions from the control server 10 . The image 123 is for notifying the surroundings of the unmanned vehicle 13 of the occurrence of the cyber attack, and the image 124 is for notifying the administrator 122 of the occurrence of the cyber attack. A specific method of projecting the images 123 and 124 will be described later.

The unmanned vehicle 13 has a self-propelled function, and is a vehicle that carries luggage/passengers and carries out various tasks according to instructions from the control server 10 . The unmanned vehicle 13 is connected with the radio station 111 by radio communication. The unmanned vehicle 13 has a firewall 131 for detecting cyberattacks, and is configured such that unauthorized communication can be blocked by this firewall 131 . In addition, the unmanned vehicle 13 is equipped with a lamp 133 and a speaker 134, and when a cyber attack occurs, the lamp 133 is lit or blinked according to instructions from the control server 10, or a warning sound is emitted from the speaker 134. do. As a result, pedestrians 14 and manned vehicles 15 existing around the unmanned vehicle 13 can be notified of the presence of a cyberattack.

Pedestrians 14 are parties or members of the public who are within the controlled area 12 . Pedestrians 14 act according to their own intentions and cannot be directly controlled by control server 10 . The pedestrian 14 has a mobile terminal (not shown) connected to the network 11, and by using this mobile terminal, it is possible to obtain information on the scheduled route 120 of the unmanned vehicle 13 and notification information on cyberattacks. You may do so.

A manned vehicle 15 is a vehicle that exists within the management range 12 and is driven by a driver 16 . The manned vehicle 15 is basically driven by the operation of the driver 16, although the control server 10 may receive limited control intervention (emergency stop, etc.). In addition, passengers other than the driver 16 may be on board the manned vehicle 15 .

FIG. 2 is a block diagram showing the functional configuration of the control server 10. As shown in FIG. As shown in FIG. 2 , the control server 10 includes a communication interface 101 , a control section 102 , a screen display section 105 , an operation section 106 and a storage device 107 .

The communication interface 101 is provided between the control unit 102 and the network 11 to perform predetermined communication interface processing, and is composed of, for example, a NIC (Network Interface Card). Through this communication interface processing, transmission data output from the control unit 102 is converted into transmission signals in a predetermined signal format and transmitted to the network 11, and reception signals received from the network 11 are converted into reception data and controlled. It is input to the unit 102 .

The control unit 102 executes predetermined arithmetic processing, and is configured using, for example, a CPU, a ROM, a RAM, and the like. The control unit 102 has an unmanned vehicle control unit 103 and a notification control unit 104 as functions realized by the arithmetic processing described above. The control unit 102 can realize the unmanned vehicle control unit 103 and the notification control unit 104 by executing a predetermined program stored in the storage device 107, for example.

The unmanned vehicle control unit 103 plans a scheduled route 120 along which the unmanned vehicle 13 should travel, and transmits a transmission signal representing the scheduled route 120 to the unmanned vehicle 13 via the communication interface 101, thereby controlling the unmanned vehicle 13. I do.

The report control unit 104 detects a cyber attack when the mobile control system is attacked. Then, the administrator 122, pedestrians 14 existing around the unmanned vehicle 13, passengers including the driver 16 of the manned vehicle 15, and the like are set as notification target persons, and the presence of a cyber attack on these notification target persons is determined. Make a report to notify Note that the specific content of the notification performed by the notification control unit 104 will be described later.

The screen display unit 105 displays a predetermined screen under the control of the control unit 102, and is configured using a display device, for example. The operation unit 106 receives input operations to the control server 10, and is configured using, for example, a mouse and a keyboard. The administrator 122 can operate and manage the mobile control system by operating the control server 10 using the screen display unit 105 and the operation unit 106 .

The storage device 107 stores and retains various data and programs required for the operation of the control server 10, and is configured using, for example, a HDD (Hard Disk Drive) or an SSD (Solid State Drive).

FIG. 3 is a block diagram showing the functional configuration of the unmanned vehicle 13. As shown in FIG. As shown in FIG. 3 , unmanned vehicle 13 includes firewall 131 , wireless receiver 132 , lamp 133 , speaker 134 , vehicle controller 135 and drive mechanism 136 .

The firewall 131 has the function of detecting cyberattacks on the mobile control system as described above, and is connected between the wireless receiver 132 and the vehicle controller 135 . Firewall 131 analyzes the content of communication data included in the radio signal received from radio station 111 by radio receiving device 132 , and if it is determined to be unauthorized communication data, discards the data and vehicle controller 135 to prevent entry into Also, if unauthorized communication data is found, it is determined that a cyberattack has occurred, and the control server 10 is notified to that effect. This notification may be transmitted to the control server 10 from the wireless receiving device 132 via the wireless station 111 and the network 11 by installing a transmission function in the wireless receiving device 132, or may be installed in the unmanned vehicle 13. may be performed by a wireless transmission device (not shown). Firewall 131 may also be implemented as part of the functionality of radio receiver 132 or vehicle controller 135 .

The vehicle controller 135 controls the operation of the unmanned vehicle 13 based on information received by the wireless receiving device 132 from the control server 10 via the wireless station 111 and the network 11 . For example, the drive mechanism 136 is controlled based on the information of the scheduled route 120 included in the received information, and the unmanned vehicle 13 is caused to travel along the scheduled route 120 . The drive mechanism 136 is configured using, for example, a motor, an internal combustion engine, a transmission, a steering device, and the like. 13 is run. Thereby, the unmanned vehicle 13 can be controlled from the control server 10 .

Further, the vehicle controller 135 controls the operation of the lamp 133 and the speaker 134 based on information received by the radio receiver 132 from the control server 10 via the radio station 111 and the network 11 . When a cyber-attack occurs, the control server 10 executes the process shown in FIG. 6, which will be described later, so that the control server 10 sends the unmanned vehicle 13 a notification command 95 indicated by the dashed arrow in FIG. Upon receiving this notification command 95, the vehicle controller 135 turns on or blinks the lamp 133 or emits a warning sound from the speaker 134, thereby preventing pedestrians 14 and manned vehicles 15 existing around the unmanned vehicle 13. Notify passengers of the presence of a cyberattack.

Next, with reference to FIG. 1 again, the operation of the mobile control system of this embodiment when a cyber attack occurs will be described. Here, as a scenario that is not originally desirable but should be considered, a case of being subjected to a cyber attack by an attacker 90 will be considered.

An attacker 90 illegally connects a terminal 91 to a network 11 and transmits illegal communication content 92 such as malware or wrong commands to an unmanned vehicle 13, thereby making a cyber attack 93 on a mobile control system. I do. It should be noted that methods for illegally connecting the terminal 91 to the network 11 include wired connection and wireless connection via the wireless station 111 .

Unauthorized communication content 92 sent by attacker 90 is detected by firewall 131 in unmanned vehicle 13 . When the firewall 131 detects unauthorized communication contents 92, the firewall 131 blocks the communication. As a result, the cyberattack 93 by the attacker 90 fails and the unmanned vehicle 13 can continue to operate normally.

However, communications associated with the cyber attack 93 cannot always be detected by the firewall 131 . Therefore, if the existence of the cyber attack 93 is left as it is, the attacker 90 is given an opportunity to try a wide variety of attack methods, and depending on the case, the firewall 131 cannot detect and block some of them. , may allow the attack to succeed. In order to avoid this, if the unmanned vehicle 13 receives a cyber-attack 93 from an attacker 90 even once, it is considered that the possibility of the unmanned vehicle 13 going out of control due to future attacks is relatively increased. The system should take necessary measures.

Therefore, in the mobile control system of the present embodiment, when the firewall 131 detects that the unmanned vehicle 13 has been subjected to a cyber attack 93, the firewall 131 notifies the control server 10 of the attack notification 94 indicating the presence of the cyber attack 93. do. Upon receiving the attack notification 94 from the firewall 131 , the control server 10 notifies the administrator 122 of the existence of the cyber attack 93 by causing the video projector 121 to project the video 124 . Upon receiving this notification, the administrator 122 operates the control server 10 to take prescribed measures against the unmanned vehicle 13 that has transmitted the attack notification 94 . For example, considering the case where the unmanned vehicle 13 runs out of control, the unmanned vehicle 13 is not assigned to work with high risk, or if possible, the work performed by the unmanned vehicle 13 is replaced with another vehicle. , stop the operation of the unmanned vehicle 13, and take countermeasures against future cyberattacks. As a result, even if the firewall 131 cannot completely prevent future cyberattacks from the attacker 90 and allows unauthorized communication contents 92 to enter the vehicle controller 135, Measures can be taken in advance to reduce the risk of the unmanned vehicle 13 running out of control.

On the other hand, when the unmanned vehicle 13 is subjected to a cyber attack 93, it is preferable to reliably inform the pedestrian 14 and the driver 16 of the manned vehicle 15 of the fact. Therefore, in the mobile control system of this embodiment, the control server 10 that has received the attack notification 94 from the firewall 131 notifies the administrator 122 and also transmits the notification command 95 to the unmanned vehicle 13 . When the unmanned vehicle 13 receives the report command 95, it reports to the pedestrian 14 and the driver 16 of the manned vehicle 15 by optical means or acoustic means as described above. Specifically, the vehicle controller 135 turns on or blinks the lamp 133 mounted on the unmanned vehicle 13, or emits a warning sound from the speaker 134, so that pedestrians around the unmanned vehicle 13 can be detected. To enable a passenger (including a driver 16) of a manned vehicle 14 or a manned vehicle 15 to surely recognize these reports. Either one of the optical notification by the lamp 133 and the acoustic notification by the speaker 134 may be performed, or both may be performed at the same time. As a result, the pedestrian 14 and the passengers of the manned vehicle 15 can be alerted to cyberattacks.

Furthermore, in the mobile control system of the present embodiment, the control server 10 that receives the attack notification 94 from the firewall 131 causes the image projector 121 to project the image 123 . This image 123 is projected toward each road included in the planned route 120 of the unmanned vehicle 13 . As a result, the planned route 120 can be lit up to make it stand out, thereby attracting the attention of the pedestrian 14 and the driver 16 .

A specific example of a method of projecting the images 123 and 124 by the image projection device 121 will be described below with reference to FIG. FIG. 4 shows an example in which pedestrians 14 a and 14 b and manned vehicles 15 a and 15 b are present around the scheduled route 120 of the unmanned vehicle 13 .

If the unmanned vehicle 13 is attacked by a cyber attack, the simplest method is to notify all pedestrians 14 and manned vehicles 15 within the management range 12. It is not preferable from the viewpoint of maintaining the This is because when a pedestrian 14 or a passenger of a manned vehicle 15 who has a low relationship with the unmanned vehicle 13 is notified, the possibility of these notified persons being affected by the cyberattack is low. This is because it draws attention to cyberattacks, resulting in an unnecessary decrease in work efficiency. Further, if unnecessary reports are repeated, the pedestrian 14 and the passenger of the manned vehicle 15 become accustomed to the report, which leads to a problem of reduced attention.

In order to prevent the decrease in work efficiency and the decrease in attention as described above and to effectively report to pedestrians 14 and passengers of manned vehicles 15, unmanned vehicles 13 that have been subjected to cyber attacks The method according to the relationship with the pedestrian 14 and the manned vehicle 15, that is, the method that is relatively easy to recognize for the pedestrian 14 and the passenger of the manned vehicle 15 with a high relationship. is preferred. In the moving body control system of this embodiment, this is achieved by the following method.

In the example of FIG. 4 , an image 123 is projected from the image projection device 121 so as to include not only the surroundings of the unmanned vehicle 13 but also the range along the scheduled route 120 of the unmanned vehicle 13 . By adopting such a projection method, it is easy for the pedestrian 14b and the driver 16b of the manned vehicle 15b who are near the planned route 120 to notice the report of the cyberattack, while at a position away from the planned route 120 For the pedestrian 14a and the driver 16a of the manned vehicle 15a, it is difficult to notice the report of the cyber attack. Especially for the driver 16b, since the unmanned vehicle 13 is hidden behind the obstacle 2 and is a blind spot, it is difficult for the driver 16b to notice the lighting of the lamp 133 mounted on the unmanned vehicle 13 and the alarm sound from the speaker 134, but it is planned to An image 123 projected along the path 120 can be appropriately notified of the occurrence of a cyber attack. In other words, by adopting such a reporting format, the pedestrian 14b and the passengers of the manned vehicle 15b, who are closely related to the unmanned vehicle 13, can make a report that is relatively easy to recognize.

Further, the video projection device 121 projects a video 124 to the administrator 122 of the control server 10 to notify the administrator 122 of the cyberattack. At this time, the image projection device 121 may project the image 124 toward a predetermined position, or detect the position of the administrator 122 and project the image 124 toward that position. As a result, even when the manager 122 is away from the control server 10, the manager 122 can make a report in a manner that is easier for the manager 122 to notice than when the image for reporting is displayed on the screen display unit 105.例文帳に追加can be done.

Next, operation of the firewall 131 mounted on the unmanned vehicle 13 will be described with reference to FIG. FIG. 5 is a flow chart showing the operation of the firewall 131. As shown in FIG. Firewall 131 performs the processing shown in the flowchart of FIG. .

In step S101, the firewall 131 compares the content of the communication data output from the wireless receiving device 132 with the permission conditions defined in advance. The permission condition is, for example, a list of trusted source addresses. If the contents of the communication data match the permission conditions, the process proceeds to step S102; otherwise, the process proceeds to step S104.

In step S102, the firewall 131 compares the content of the communication data output from the wireless receiving device 132 with the predetermined refusal conditions. The refusal condition is, for example, a list of sender addresses not to be used. If the contents of the communication data do not meet the refusal conditions, the process proceeds to step S103, and if they match, the process proceeds to step S104.

In step S<b>103 , firewall 131 passes the communication data output from wireless receiver 132 and outputs the data to vehicle controller 135 . After executing step S103, the process shown in the flowchart of FIG. 5 is terminated.

In step S<b>104 , firewall 131 blocks and discards the communication data output from wireless receiving device 132 . In step S<b>105 , the firewall 131 transmits to the control server 10 an attacked notification 94 indicating that it has been subjected to a cyberattack. After executing step S105, the process shown in the flowchart of FIG. 5 is terminated.

By the above processing, the firewall 131 can realize the operation of passing the communication from the control server 10 on the permission list and blocking the communication from the terminal 91 not on the permission list as being unauthorized. Therefore, even if an attacker 90 conducts a cyber attack 93 against the unmanned vehicle 13, this can be prevented.

Next, operations of the control server 10 will be described with reference to FIG. FIG. 6 is a flow chart showing the operation of the control server 10 according to the first embodiment of the present invention. When the control server 10 of the present embodiment receives the attack notification 94 transmitted from the firewall 131 in step S105 of FIG. 5, it performs the process shown in the flowchart of FIG.

In step S<b>111 , the control server 10 causes the image projection device 121 to project the image 124 as a warning image to the administrator 122 . At this time, the control server 10 causes the video projection device 121 to project the video 124 on the real space around the manager 122 with the manager 122 as the person to be notified by the notification control unit 104 . As a result, the image projection device 121 is caused to transmit a report for notifying the existence of the cyber attack to the administrator 122 who is the person to be notified, and the administrator 122 is made aware that the mobile control system is under attack. make it

In step S<b>112 , the control server 10 transmits the notification command 95 to the unmanned vehicle 13 . At this time, the control server 10 outputs a notification command 95 to the network 11 via the communication interface 101 by the notification control unit 104 . The notification command 95 output to the network 11 is transmitted from the wireless station 111 to the unmanned vehicle 13 , received by the wireless receiver 132 in the unmanned vehicle 13 and output to the vehicle controller 135 . The vehicle controller 135 that has received the notification command 95 turns on or blinks the lamp 133 as described above, or causes the speaker 134 to emit a warning sound, thereby controlling the surroundings of the unmanned vehicle 13 in real space. The lamp 133 and the speaker 134 are caused to irradiate light and output a warning sound. As a result, the lamp 133 and the speaker 134 are caused to transmit a report for notifying the pedestrian 14 and the passenger of the manned vehicle 15 who are the target persons of the existence of the cyber attack, and the mobile control system is under attack. to make the pedestrian 14 existing around the unmanned vehicle 13 and the passenger of the manned vehicle 15 notice.

In step S113, the control server 10 acquires the planned route 120 of the unmanned vehicle 13 that transmitted the notification command 95 in step S112. At this time, the control server 10 acquires the information of the scheduled route 120 planned by the unmanned vehicle control unit 103 through the notification control unit 104 .

In step S114, the control server 10 identifies the projection range of the image 123 based on the planned route 120 acquired in step S113. At this time, the control server 10 specifies a predetermined range along the scheduled route 120 as the projection range of the image 123 by the notification control unit 104 .

In step S<b>115 , the control server 10 causes the image projection device 121 to project the image 123 as a warning image for the pedestrians 14 existing around the unmanned vehicle 13 and the passengers of the manned vehicle 15 . At this time, the control server 10 uses the notification control unit 104 to set the pedestrian 14 and the passenger of the manned vehicle 15 existing within a predetermined range along the planned route 120 as the notification target person, and the projection range specified in step S114. , the image projection device 121 is made to project the image 123 on the real space. As a result, the video projection device 121 is caused to transmit a report for notifying the pedestrian 14 and the passenger of the manned vehicle 15 who are the target persons of the existence of the cyberattack, thereby indicating that the mobile control system is under attack. , to make these notify persons aware. After executing step S115, the process shown in the flowchart of FIG. 6 ends.

By the above processing, the administrator 122, the pedestrian 14, the passengers of the manned vehicle 15 including the driver 16, and the like are set as the notification target persons, and the notification for notifying the existence of the cyber attack to these notification target persons is performed. can be used to call attention. Therefore, even if a cyberattack 93 made by an attacker 90 against an unmanned vehicle 13 cannot be prevented and unauthorized communication content 92 cannot be blocked, the expansion of damage can be prevented by taking necessary measures in advance. can be prevented.

Note that the image projection device 121 that projects the image 124 to the administrator 122 in step S111 and the image projection device 121 that projects the image 123 to a predetermined range along the planned route 120 in step S115 are They may be the same or different. Normally, the place where the image 124 should be projected and the place where the image 123 should be projected are physically separated. Moreover, when the planned route 120 is long, the range of the place where the image 123 should be projected becomes large, and it is difficult for one image projection device 121 to cover the projection range of all the images 123 . Therefore, in such a case, it is preferable to project the image 123 using a plurality of image projection devices 121 .

Furthermore, in steps S111 and S115, instead of projecting the images 123 and 124 by the image projection device 121, another method may be used to alert the administrator 122, the pedestrian 14, and the passengers of the manned vehicle 15. . For example, in step S111, the mobile terminal possessed by the manager 122 is caused to output a predetermined warning screen or warning sound, or the warning lamp or buzzer installed in the place where the manager 122 resides is operated. By doing so, it is possible to notify the administrator 122 of the existence of a cyber attack. Further, for example, in step S115, among light-emitting devices such as spotlights and self-luminous cat's-eyes (road studs) placed at various locations within the management range 12, the The presence of a cyberattack is reported by making an object emit light or emitting an alarm sound within a predetermined range along the scheduled route 120 using a directional speaker. A pedestrian 14 or a passenger of a manned vehicle 15 can be notified. In addition to this, as long as the person to be notified such as the administrator 122, the pedestrian 14, the passenger of the manned vehicle 15 can be recognized in the real space, various means can be used for these persons to be notified. A report can be made to notify the existence of a cyberattack.

According to the first embodiment of the present invention described above, the following effects are obtained.

(1) The mobile system control system controls at least one unmanned vehicle 13, which is an unmanned and movable unmanned vehicle. A notification control unit 104 is provided to control the devices (video projection device 121, lamp 133 and speaker 134). The unmanned vehicle 13 has a firewall 131 that detects cyberattacks. When the firewall 131 detects a cyberattack, the notification control unit 104 causes the notification device to send a notification for notifying the person to be notified of the existence of the cyberattack by a method that the person to be notified can perceive in real space ( Steps S111, S112, S115). In this manner, effective notification of cyberattacks can be realized.

(2) The notification control unit 104 causes the notification device to transmit a notification by optical and/or acoustic means. Specifically, the notification by optical means includes projection of the images 123 and 124 on the real space by the image projection device 121 or irradiation of light by the lamp 133 . Notification by acoustic means also includes the output of a warning sound by speaker 134 . Since it did in this way, a report object person can be made to recognize existence of a cyber attack reliably.

(3) The notification control unit 104 changes the form of notification according to the attribute of the person to be notified. In other words, the notification control unit 104 is configured to control the case where the person to be notified is the manager 122 who manages the mobile control system, and the person to be notified is the pedestrian 14 existing around the unmanned vehicle 13 or the passenger of the manned vehicle 15. The form of notification is changed depending on the case. Specifically, when the person to be notified is the administrator 122, the notification control unit 104 causes the projection of the image 124 in the real space around the administrator 122 or the irradiation of light to the image of the notification device. By causing the projection device 121, the warning lamp, etc., to transmit a report to these reporting devices (step S111). When the person to be notified is a pedestrian 14 existing around the unmanned vehicle 13 or a passenger of the manned vehicle 15, projection of the image 123 on the real space and light and output of a warning sound to the video projection device 121, the lamp 133, the speaker 134, etc., which are reporting devices, to transmit a report to these reporting devices (steps S112, S115 ). Since this is done, it is possible to make a report for notifying the presence of a cyberattack to persons to be notified of various attributes by using means suitable for each attribute.

(4) The notification control unit 104 acquires the planned route 120 of the unmanned vehicle 13 (step S113), and projects the image 123, emits light, and emits a warning sound in a predetermined range along the planned route 120. By causing at least one of the outputs to be performed by the video projection device 121, which is a notification device, various light emitting devices, directional speakers, etc., a notification is transmitted to these notification devices (step S115). Since this is done, it is possible to prevent a decrease in work efficiency and a decrease in attention due to unnecessary reports, and at the same time, it is possible to detect the existence of a cyber attack in a manner that is relatively easy for a notification target person who has a high relationship with the unmanned vehicle 13 to recognize. You can make a report to notify you.

[Second embodiment]
Next, a mobile control system according to a second embodiment of the present invention will be described with reference to FIGS. 7 and 8. FIG. FIG. 7 is a schematic diagram showing an overview of a mobile control system according to a second embodiment of the present invention.

The mobile body control system of this embodiment shown in FIG. 7 is basically configured based on the mobile body control system of FIG. 1 explained in the first embodiment. The difference from the mobile control system of FIG. , and the communication range 112b of the wireless station 111b. 1 also differs from the mobile control system in FIG.

Here, a plurality of unmanned vehicles 13a and 13b and a plurality of pedestrians 14a and 14b exist within the communication range 112a, and a plurality of unmanned vehicles 13c and 13d and a plurality of pedestrians 14a and 14b exist within the communication range 112b. Let there be persons 14c and 14d. Like the unmanned vehicle 13 in the first embodiment, the unmanned vehicles 13a to 13d are each equipped with a firewall for detecting cyberattacks and lamps and speakers for notifying the surroundings. For simplification, only the firewall 131a mounted on the unmanned vehicle 13a and the lamps 133a and 133b and the speakers 134a and 134b mounted on the unmanned vehicles 13a and 13b are shown in FIG. 13d, and the lamps and speakers mounted on the unmanned vehicles 13c and 13d are not shown.

In the mobile control system of the present embodiment, the unmanned vehicles 13a to 13d are configured by firewalls 113a and 113b installed in the radio stations 111a and 111b respectively and firewalls installed in the unmanned vehicles 13a to 13d respectively. protected by For example, the unmanned vehicle 13a is protected by both the firewall 113a of the radio station 111a and the firewall 131a of the unmanned vehicle 13a. This has the effect of making it a more robust defense against potential attacks, and also has the effect of being able to specify the range that may be attacked.

When the firewall 131a mounted on the unmanned vehicle 13a detects the cyberattack 93, it suggests that the firewall 113a installed in the wireless station 111a has been breached by the attacker 90. In this case, not only the unmanned vehicle 13a but also other unmanned vehicles 13b within the communication range 112a of the wireless station 111a are likely to be exposed to the threat of cyber attacks. Therefore, it is necessary to notify the fact that the cyberattack 93 has been detected to the pedestrian 14b or the like near the unmanned vehicle 13b or in the vicinity of its route. However, on the other hand, it is considered that the firewall 113b installed in the wireless station 111b is alive and well. Therefore, it is not necessary to notify the pedestrians 14c and 14d in the vicinity of the unmanned vehicles 13c and 13d within the communication range 112b of the radio station 111b and in the vicinity of their paths.

In the mobile control system of the present embodiment, in order to realize the above notification, when the control server 10 receives the attack notification 94 from the firewall 131a that has detected the cyber attack 93 on the unmanned vehicle 13a, the unmanned vehicle 13a and the unmanned vehicle 13a Notification commands 95a and 95b are respectively transmitted to the unmanned vehicle 13b within the communication range 112a of the wireless station 111a to which the vehicle 13a belongs. In the unmanned vehicles 13a and 13b that have received the notification commands 95a and 95b, similarly to the first embodiment, the lamps 133a and 133b are lit or blinked, and the warning sounds are transmitted from the speakers 134a and 134b. , to the surrounding pedestrians 14a and 14b to notify them of the occurrence of a cyber attack. On the other hand, no notification command is transmitted to the unmanned vehicles 13c and 13d within the communication range 112b of the other radio station 111b.

The operation of the control server 10 at this time will be described with reference to FIG. FIG. 8 is a flow chart showing the operation of the control server 10 according to the second embodiment of the present invention. When the control server 10 of the present embodiment receives the attacked notification 94 transmitted from the firewall 131a, it performs the process shown in the flowchart of FIG.

In step S111, the control server 10 causes the video projector 121 to project the video 124 as a warning video for the administrator 122, as in the flowchart of FIG. 6 described in the first embodiment. Note that illustration of the image projection device 121, the administrator 122, and the image 124 is omitted in FIG. At this time, the image 124 may include information indicating in which of the communication range 112a or the communication range 112b the cyberattack 93 was detected.

In step S<b>120 , the control server 10 analyzes the attack route based on the received attack notification 94 by the notification control unit 104 . Here, among the wireless stations 111a and 111b in FIG. 7, the wireless station 111a that includes the unmanned vehicle 13a that has transmitted the attack notification 94 against the cyber attack 93 within the communication range 112a is analyzed as the attack route.

In step S121, the control server 10 selects a device to be processed in subsequent steps S122 and S123. Here, one of the unmanned vehicles 13a to 13d in FIG. 7 is sequentially selected as the target device.

In step S122, the control server 10 causes the report control unit 104 to determine whether the target device selected in step S121 is the attacked device that transmitted the attacked notification 94 (here, the unmanned vehicle 13a) is within the range of the same radio station. If the target device and the attacked device are within the range of the same wireless station, the process proceeds to step S123; otherwise, the process proceeds to step S124. In the situation of FIG. 7, when unmanned vehicles 13a and 13b are selected as target devices, these target devices exist within the communication range 112a of the wireless station 111a where the unmanned vehicle 13a, which is the target device, exists. Therefore, an affirmative determination is made in step S122 and the process proceeds to step S123. On the other hand, when the unmanned vehicles 13c and 13d are selected as the target devices, these target devices exist within the communication range 112b of the wireless station 111b, and the unmanned vehicle 13a, which is the target device, exists. Since it does not exist within the communication range 112a of the station 111a, a negative determination is made in step S122, and the process proceeds to step S124.

When proceeding from step S122 to step S123, in step S123, the control server 10 issues an alarm to the target device selected in step S121. At this time, the control server 10 causes the notification control unit 104 to perform the same processing as steps S112 to S115 in the flowchart of FIG. 6 described in the first embodiment for the target device. As a result, notification commands 95a and 95b are transmitted to the unmanned vehicles 13a and 13b, respectively, and the surrounding pedestrians 14a and 14b are notified using the lamps 133a and 133b and the speakers 134a and 134b. Also, the scheduled routes of the unmanned vehicles 13a and 13b are obtained, and a notification is made by projecting an image or the like to a predetermined range along each scheduled route. After performing the process of step S123, the process proceeds to step S124.

On the other hand, when proceeding from step S122 to step S124, the control server 10 does not perform the process of step S123 on the target device selected in step S121. As a result, the unmanned vehicles 13c and 13d are prevented from notifying the surrounding pedestrians 14c and 14d without transmitting the notification command.

In step S124, the control server 10 determines whether all unmanned vehicles belonging to the mobile control system have been selected as target devices in step S121, and whether steps S122 and S123 have been executed for each target device. determine whether If unmanned vehicles 13a to 13d remain unselected, the process returns to step S121, and after selecting one of them in step S121, the above process is repeated. On the other hand, if all the unmanned vehicles 13a to 13d have been selected, the process shown in the flowchart of FIG. 8 ends.

By performing the above processing, the control server 10 analyzes the route of the cyber attack 93 in step S120 when the firewall 113a detects the cyber attack 93 in the unmanned vehicle 13a. Then, based on the obtained analysis results, the processing of steps S122 and S123 is executed for each of the unmanned vehicles 13a to 13d, thereby changing the reporting range. Specifically, the communication range 112a of the wireless station 111a included in the path of the cyber attack 93 is set as the reporting range, and the reporting commands 95a and 95b are transmitted to the unmanned vehicles 13a and 13b in the reporting range, respectively. Pedestrians 14a and 14b existing within 112a are notified. As a result, it is possible to report to an appropriate range according to the attack route.

According to the second embodiment of the present invention described above, the report control unit 104 analyzes the path of the cyberattack 93 (step S120), and changes the report range based on the analysis results (steps S122, S123). Since it did in this way, the report for notifying existence of a cyber-attack can be performed targeting the suitable range according to an attack route.

Further, the mobile control system of this embodiment is connected to radio stations 111a and 111b which are installed at predetermined locations and perform radio communication with the unmanned vehicles 13a to 13d, respectively. In the process of step S120, when the firewall 131a detects a cyber attack 93 in the unmanned vehicle 13a existing within the communication range of one of the radio stations 111a and 111b, for example, the communication range 112a of the radio station 111a, , the report control unit 104 determines that the wireless station 111a is the path of the cyber attack 93 . By doing so, it is possible to analyze attack paths easily and accurately.

With the configurations according to the two embodiments described above, when a certain unmanned vehicle is attacked, the fact of the attack is appropriately notified to a person who has a high relationship with the unmanned vehicle to alert them. , so that necessary precautions can be taken. On the other hand, work efficiency can be maintained without calling attention to humans who have a low relationship with the unmanned vehicle that has been attacked.

It should be noted that the present invention is not limited to the above-described embodiments, and various modifications can be made without departing from the gist of the present invention.

10: control server, 11: network, 12: management range, 13: unmanned vehicle, 14: pedestrian, 15: manned vehicle, 16: driver, 90: attacker, 91: terminal, 92: unauthorized communication content, 93: cyber attack, 94: attacked notification, 95: report command, 101: communication interface, 102: control unit, 103: unmanned vehicle control unit, 104: report control unit, 105: screen display unit, 106: operation unit, 107: storage device, 111: wireless station, 112a, 112b: communication range, 113: firewall, 120: scheduled route, 121: video projection device, 122: administrator, 123, 124: video, 131: firewall, 132: radio Receiver, 133: Lamp, 134: Speaker, 135: Vehicle Controller, 136: Driving Mechanism

Claims (13)

A mobile body control system for controlling at least one unmanned mobile body capable of moving unmanned,
Equipped with a notification control unit that controls a notification device that is installed at a predetermined location and performs notification to a notification target person,
The unmanned mobile body has a firewall that detects cyberattacks,
When the firewall detects the cyberattack, the notification control unit transmits a notification for notifying the person to be notified of the existence of the cyberattack by a method that the person to be notified can perceive in real space. A mobile control system that transmits to the device. The mobile control system according to claim 1,
The notification control unit is a mobile control system that causes the notification device to transmit a notification by optical and/or acoustic means. The mobile control system according to claim 2,
The notification by optical means includes projection of an image in real space or irradiation of light,
The mobile control system wherein the notification by acoustic means includes outputting an alarm sound. The mobile control system according to claim 1,
The mobile control system, wherein the report control unit changes the form of the report according to the attribute of the person to be notified. The mobile control system according to claim 4,
The notification control unit controls the case where the notification target person is an administrator who manages the mobile control system, and when the notification target person is a pedestrian or a passenger of a manned mobile object existing around the unmanned mobile object. A mobile control system that changes the form of the report depending on whether it is A mobile control system according to claim 5,
The notification control unit is
When the person to be notified is the administrator, the notification is transmitted to the notification device by causing the notification device to project an image or irradiate light in the real space around the administrator. let
When the person to be notified is a pedestrian or a passenger of a manned mobile object existing around the unmanned mobile object, projection of an image in real space and lighting of the surroundings of the unmanned mobile object are performed. A mobile control system that causes the notification device to transmit the notification by causing the notification device to perform at least one of irradiation and output of a warning sound. A mobile control system according to claim 6,
The notification control unit acquires a scheduled route of the unmanned mobile body, and at least one of projecting the image, emitting the light, and outputting the warning sound to a predetermined range along the scheduled route. A mobile control system that causes the notification device to transmit the notification by causing the notification device to perform one. The mobile control system according to claim 1,
The mobile control system, wherein the report control unit analyzes the path of the cyberattack and changes the range of the report based on the analysis result. The mobile control system according to claim 8,
The mobile control system is connected to a plurality of radio stations that are installed at predetermined locations and perform wireless communication with the unmanned mobiles,
When the firewall detects the cyberattack on the unmanned mobile object existing within the communication range of one of the plurality of wireless stations, the notification control unit determines whether the wireless station is the path of the cyberattack. A mobile control system that determines that A method of notifying a person to be notified of the existence of a cyberattack on a mobile control system that controls at least one unmanned and movable unmanned mobile body by a reporting device installed at a predetermined location,
A firewall of the unmanned mobile body detects the cyberattack;
When the firewall detects the cyber attack, the attack notification causes the reporting device to transmit a report for notifying the person to be notified of the existence of the cyber attack by a method that the person to be notified can perceive in real space. Method. The attack notification method according to claim 10,
An attack notification method for causing the notification device to transmit a notification by optical and/or acoustic means. The attack notification method according to claim 10,
An attack notification method for changing the form of the notification according to the attribute of the person to be notified. The attack notification method according to claim 10,
An attack notification method that analyzes the path of the cyber attack and changes the range of the notification based on the analysis result.

Images