JP7486193B2 - Notification system and notification method - Google Patents

Description

The present invention relates to a notification system and a notification method.

The trend towards IoT (Internet of Things) for home appliances is growing. Patent Document 1 discloses technology related to a communications adapter for connecting home appliances to a network.

JP 2005-184487 A

As home appliances become more IoT-enabled, the risk of them becoming subject to cyber attacks increases.

The present invention provides a notification system that can notify users that a device has been subjected to a cyber attack.

A notification system according to one aspect of the present invention includes a detection unit that detects cyber attacks on equipment installed in a facility and connected to a communication network, and a notification unit that issues notifications in different ways depending on the detected cyber attacks.

A notification method according to one aspect of the present invention includes a detection step of detecting a cyberattack against equipment installed in a facility and connected to a communication network, and a notification step of issuing a notification in a different manner depending on the detected cyberattack.

A program according to one aspect of the present invention is a program for causing a computer to execute the notification method.

A notification system according to one embodiment of the present invention can notify a user that a device has been subjected to a cyber attack.

FIG. 1 is a block diagram showing a functional configuration of a notification system according to an embodiment. FIG. 2 is a sequence diagram of an example of the operation of the notification system according to the embodiment. FIG. 3 is a diagram illustrating an example of a notification method. FIG. 4 is a diagram showing an example of an image displayed on the display unit of the control device. FIG. 5 is a diagram showing an example of an image displayed on the display unit of the mobile terminal.

Hereinafter, the embodiments will be described in detail with reference to the drawings. Note that the embodiments described below are all comprehensive or specific examples. The numerical values, shapes, materials, components, component arrangement and connection forms, steps, and order of steps shown in the following embodiments are merely examples and are not intended to limit the present invention. In addition, among the components in the following embodiments, components that are not described in the independent claims will be described as optional components.

Note that each figure is a schematic diagram and is not necessarily a precise illustration. In addition, in each figure, the same reference numerals are used for substantially the same configurations, and duplicate explanations may be omitted or simplified.

(Embodiment)
[overview]
First, an overview of a notification system according to an embodiment will be described below. Fig. 1 is a block diagram showing a functional configuration of the notification system according to an embodiment.

The notification system 10 according to the embodiment includes a control device 20, a communication device 30, a plurality of devices 40, a notification device 50, a server device 60, and a mobile terminal 70. The control device 20, the communication device 30, the plurality of devices 40, and the notification device 50 are installed in a facility 80. The plurality of devices 40 include an electric lock 41, a window sensor 42, an alarm device 43, a speaker device 44, a lighting device 45, an air conditioning device 46, a camera 47, a power measuring device 48, a human presence sensor 49, and the like.

The facility 80 to which the notification system 10 is applied is, for example, a detached house. In the facility 80, the control device 20 and the multiple devices 40 can communicate via the communication device 30. In other words, the control device 20 and the multiple devices 40 are connected to a local communication network within the facility 80, and the control device 20 can control the multiple devices 40.

In such a configuration, the issue is what kind of defense measures should be taken against cyber attacks on the multiple devices 40. A cyber attack here means, for example, an attack that causes multiple devices 40, such as home appliances, to operate normally against the intentions of the residents. A cyber attack here is an attack that leads to physical damage to the residents of the facility 80. An attacker (human) may, for example, use a fake control device that masquerades as the control device 20 to unlock the electric lock 41 and enter the facility 80. Alternatively, the attacker may use a fake control device to obtain the open/closed state of the window sensor 42 and enter the facility 80 through an open window.

In the notification system 10, the notification device 50 detects cyber attacks such as those described above, and notifies the residents of the facility 80 and those in the vicinity of the facility 80 in response to the detected cyber attack. For example, the notification device 50 activates the alarm device 43, makes a sound from the speaker device 44, or notifies a security company's security server (not shown). In this way, the notification system 10 can attempt to prevent an attacker from entering the facility 80.

Incidentally, there are some cyber attacks where the attacker is not near the facility 80 (i.e., there is a low possibility of the facility 80 being invaded) and where the damage to residents is considered to be relatively small, such as minor information leaks due to wiretapping. If notifications for such relatively minor cyber attacks are given in the same manner as notifications for the serious cyber attacks described above, this will cause excessive anxiety to residents. For example, if the residents include children, elderly people, or sick people, there is a concern that their health may deteriorate, so excessive notifications should be refrained from being given.

The notification system 10 therefore issues notifications in different formats depending on the estimated location of the attacker, the type of cyber attack, and the attributes of the resident. Such a notification system 10 can issue appropriate notifications.

[composition]
Next, the configuration of each device included in the notification system 10 will be described with continued reference to Fig. 1. First, the control device 20 will be described.

The control device 20 is, for example, a HEMS (Home Energy Management System) controller having an energy management function. The control device 20 is installed in the facility 80. The control device 20 is, for example, fixedly installed on a wall in the facility 80.

The control device 20 manages the power consumption of the multiple devices 40 installed in the facility 80. The control device 20 also controls the multiple devices 40 by sending control commands to each of the multiple devices 40. The control device 20 also manages the operating states of the multiple devices 40 by acquiring information indicating the operating state of each of the multiple devices 40 from each of the multiple devices 40 and storing the acquired information in a storage unit (not shown). The control device 20 is not limited to a HEMS controller, and may be another home controller that does not have an energy management function, or a gateway device.

The control device 20 specifically includes a display unit 21. The display unit 21 is a display device that functions as an operation receiving unit that receives user operations and as a display unit that displays images. The display unit 21 is realized by, for example, a touch panel and a display panel. The display panel specifically is a liquid crystal panel or an organic EL (Electro Luminescence) panel.

The communication device 30 is a device that performs short-range wireless communication, specifically, a wireless LAN (Local Area Network) router that is installed in the facility 80. The control device 20 can perform wireless communication with multiple devices 40 via the communication device 30. The control device 20 can also perform communication through the wide area communication network 100 via the communication device 30. The communication device 30 may be a device that performs wired communication, or a device that performs both wireless and wired communication. The communication device 30 may be built into the control device 20.

Next, the multiple devices 40 will be described. The multiple devices 40 are installed in the facility 80. Installed in the facility 80 here means installed within the premises of the facility 80, and refers to both installation within the facility 80 and installation outside the facility 80 within the premises of the facility 80. As described above, each of the multiple devices 40 can communicate with the control device 20 via the local communication network (communication device 30).

The multiple devices 40 include an electric lock 41, a window sensor 42, an alarm device 43, a speaker device 44, a lighting device 45, an air conditioning device 46, a camera 47, a power measurement device 48, and a human presence sensor 49. Of these, the electric lock 41, the alarm device 43, the speaker device 44, the lighting device 45, the air conditioning device 46, and the camera 47 are devices to be controlled in the notification system 10, and the controlled devices are controlled by control commands transmitted from the control device 20.

The electric lock 41 is a security device that is attached to a door at the entrance of the facility 80 and locks and unlocks the door. The electric lock 41 also transmits information indicating the locking and unlocking status of the electric lock 41 to the control device 20.

The window sensor 42 detects whether a window installed in the facility 80 is open or closed, and transmits the detection result as information indicating the open or closed state of the window to the control device 20. The window sensor 42 is a magnetic sensor realized by, for example, a magnet attached to one of the window and the window frame, and a magnet sensor attached to the other of the window and the window frame. The window sensor 42 may also be a sensor that detects the lock state of the window.

The alarm device 43 issues an alarm in the event of a fire or gas leak in the facility 80. The alarm device 43 is also used to notify of a cyber attack.

The speaker device 44 outputs a sound to notify the user of a cyber-attack. The speaker device 44 is, for example, a general-purpose network speaker, but may also be a smart speaker.

The lighting equipment 45 illuminates the inside (room) of the facility 80. The lighting equipment 45 is, for example, a ceiling light, but the specific form of the lighting equipment 45 is not particularly limited. The lighting equipment 45 may be a downlight, a pendant light, a spotlight, a bracket light, or the like. The lighting equipment 45 may be equipment that illuminates the outside (outdoors) of the facility 80. The lighting equipment 45 is also used to notify the occurrence of a cyber attack.

Air conditioner 46 is an air conditioner for general household use. Air conditioner 46 is an air conditioner that can adjust the temperature of the air sent out from air conditioner 46 by having a heat exchanger (not shown) or the like. In other words, air conditioner 46 has a temperature adjustment function (air blowing function and heating/cooling function). Air conditioner 46 is not limited to air conditioners for general household use, and may be an industrial air conditioner.

Camera 47 captures video within facility 80 or outside facility 80. Camera 47 is, for example, a surveillance camera.

The power meter 48 measures the amount of power consumed in the facility 80 and transmits the measurement results to the control device 20. The power meter 48 is, for example, a distribution board with a function for measuring the amount of power consumed, but may also be a smart meter (a power meter with a communication function).

The human presence sensor 49 is installed within the facility 80, detects the presence or absence of people within the facility 80, and transmits the detection result to the control device 20. The human presence sensor 49 is, for example, a pyroelectric sensor that senses infrared rays emitted from the human body, but may also be an ultrasonic sensor. The human presence sensor 49 may also be installed outside the facility 80 and detect the presence or absence of people outside the facility 80.

Next, the notification device 50 will be described. The notification device 50 is a device that issues notifications regarding cyber attacks. The notification device 50 is described as a device separate from the control device 20 and the communication device 30, but may be built into the control device 20 or the communication device 30. Specifically, the notification device 50 includes an information processing unit 51 and a memory unit 52.

The information processing unit 51 performs information processing to notify about cyber attacks. The information processing unit 51 is realized, for example, by a microcomputer, but may also be realized by a processor. The information processing unit 51 has, as functional components, a detection unit 53, a determination unit 54, an acquisition unit 55, and a notification unit 56. The functions of the detection unit 53, the determination unit 54, the acquisition unit 55, and the notification unit 56 are realized, for example, by a microcomputer or a processor constituting the information processing unit 51 executing a computer program stored in the storage unit 52. The detailed functions of the detection unit 53, the determination unit 54, the acquisition unit 55, and the notification unit 56 will be described later.

The storage unit 52 is a storage device that stores various information necessary for the above information processing, and computer programs executed by the information processing unit 51. The storage unit 52 is realized by, for example, a semiconductor memory.

Next, the server device 60 and the mobile terminal 70 will be described. The server device 60 is a cloud computer that performs information processing so that the notification system 10 can provide notifications regarding cyber attacks via the mobile terminal 70. The mobile terminal 70 is a portable information terminal that is used by residents to receive notifications regarding cyber attacks. Specifically, the mobile terminal 70 is a smartphone or a tablet terminal. Residents can receive notifications regarding cyber attacks by, for example, registering the email address of the mobile terminal 70 in advance with the server device 60. The mobile terminal 70 has a display unit 71 that displays images. The display unit 71 is realized by a display panel such as a liquid crystal panel or an organic EL panel.

[Example of operation]
The following describes a first operational example of the notification system 10. FIG.

First, the detection unit 53 detects a cyber attack on the device 40 (S11). When the control device 20 controls the device 40, a control command is sent from the control device 20 to the target device 40, and the device 40 sends a response signal to the control device 20. When the control device 20 obtains information from the device 40, an information request is sent from the control device 20 to the target device 40, and the device 40 transmits a response signal including the information to the control device 20. The detection unit 53 monitors (obtains) this response signal via the communication device 30 and detects a cyber attack based on the response signal.

For example, if the control device 20 has multiple operation modes, the detection unit 53 detects that the device 40 has been controlled when the control device 20 is in a specific operation mode among the multiple operation modes as a cyber attack against the device 40. The specific mode is, for example, an absent mode (away mode) that is set when the resident is not in the facility 80, and the detection unit 53 considers that control of the device 40 during the absent mode is a cyber attack.

Note that this method of detecting a cyber attack is one example. As another example, the detection unit 53 may determine that a response signal is received through the communication device 30 even though no control command or information request is transmitted from the control device 20, as a cyber attack. Furthermore, the detection unit 53 may use a machine learning model to determine that control of the device 40 that would not normally be performed given the time period and situation is performed as a cyber attack.

Next, the determination unit 54 determines the estimated location of the attacker (S12). For example, the determination unit 54 checks the devices 40 that have been connected to the communication device 30 during a predetermined period including the timing at which the cyberattack was detected, and determines that the location of the attacker is close to the facility 80 if there is an unregistered device (a device 40 that has never been connected before). In other words, the determination unit 54 determines that an attacker located near the facility 80 has connected to the local communication network instead of the wide area communication network 100 and performed a cyberattack. In addition, if there is no unregistered device among the devices 40 connected to the communication device 30 when the cyberattack is detected, the determination unit 54 determines that the location of the attacker is far away. In other words, the determination unit 54 determines that an attacker located near the facility 80 has connected to the wide area communication network 100 and performed a cyberattack. The above-mentioned predetermined period is a period including at least one of a certain period immediately before the timing at which the cyberattack was detected and a certain period immediately after the timing, and is used in the same sense in the following embodiments.

Note that this method of determining the estimated position of the attacker is one example. The determination unit 54 may obtain the detection result of the human presence sensor 49, which detects the presence or absence of a person outside the facility 80, during the above-mentioned predetermined period via the control device 20, and determine the estimated position of the attacker based on the obtained detection result. In this case, the determination unit 54 determines that the attacker is close when the obtained detection result indicates that a person is present, and determines that the attacker is far away when the obtained detection result indicates that no person is present. The determination unit 54 may also obtain an image of the outside of the facility 80 taken by the camera 47 during the above-mentioned predetermined period via the control device 20, and determine the estimated position of the attacker based on the obtained image. In this case, the determination unit 54 determines that the attacker is close when a person is captured in the obtained image, and determines that the attacker is far away when the obtained image indicates that no person is captured in the obtained image.

Next, the determination unit 54 determines the extent of the damage caused by the cyber-attack (S13). The extent of the damage caused by the cyber-attack can be rephrased as the threat level of the cyber-attack or the type of the cyber-attack. The extent of the damage caused by the cyber-attack is determined, for example, based on at least one of the type of device 40 that has been subjected to the cyber-attack and the operation of the device based on the cyber-attack (what operation the device 40 that has been subjected to the cyber-attack performed). The type of device 40 that has been subjected to the cyber-attack and the operation of the device based on the cyber-attack are identified, for example, by analyzing the response signal.

For example, the type of device 40 that has been subjected to a cyber attack and the judgment criteria determined based on the operation of the device based on the cyber attack are stored in advance in the memory unit 52, and the judgment unit 54 can judge the extent of the damage caused by the cyber attack by referring to the judgment criteria stored in the memory unit 52.

In the judgment criteria, for example, a cyberattack on equipment 40 related to the security of the facility 80, such as an electric lock 41 and a window sensor 42, is determined to cause large damage, and a cyberattack on equipment 40 with low relevance to the security of the facility 80, such as a power metering device 48, is determined to cause small damage. Similarly, in the judgment criteria, if the operation content of the equipment 40 based on the cyberattack is related to the security of the facility 80, the cyberattack is determined to cause large damage, and if the operation content of the equipment 40 based on the cyberattack is low relevance to the security of the facility 80, the cyberattack is determined to cause small damage.

Based on such criteria, for example, if the electric lock 41 is unlocked by a cyber-attack, the determination unit 54 determines that the damage is large. Also, if the power metering device 48 outputs data indicating the amount of power consumed as a result of a cyber-attack, the determination unit 54 determines that the damage is small.

When the device 40 outputs data due to a cyber attack, the extent of the damage may be determined according to the content of the data. For example, the more personal information or the closer the data is to personal information, the greater the damage is determined to be. The extent of the damage may also be determined taking into consideration the season and the attributes of the resident located within the facility 80. For example, if an elderly person is located within the facility 80 in summer and the air conditioner 46 starts heating due to a cyber attack, the elderly person's life is considered to be in danger, and the damage is determined to be great.

Next, the acquisition unit 55 acquires attributes of the residents located in the facility 80 (i.e., residents who are at home) (S14). The attributes of all the residents are input to the control device 20 by at least one resident operating the display unit 21, for example, and stored in the memory unit 52. The attributes include at least one of the resident's age and the resident's health condition (presence or absence of a chronic illness).

For example, if a resident located within facility 80 self-declares that he or she is located within facility 80 by operating display unit 21 of control device 20, acquisition unit 55 can acquire attributes of the resident located within facility 80 by referring to memory unit 52 based on the result of the self-declaration. Note that acquisition unit 55 may acquire an image of the inside of facility 80 captured by camera 47 via control device 20, and identify which resident is located within facility 80 by processing the acquired image.

The health status of the resident's attributes may be obtained using a non-contact biosensor (not shown) installed in the facility 80 or a wearable sensor (not shown) worn by the resident.

Next, the notification unit 56 issues a notification based on the result of the determination of the attacker's estimated location, the result of the determination of the extent of damage caused by the cyber attack, and the attributes of the residents located within the facility 80 (i.e., the residents who are at home) (S15). Figure 3 is a diagram showing an example of a notification method. The notification method is, in other words, a notification mode.

If the attacker's estimated location is close to the facility 80 and the damage caused by the cyber attack is large, it is necessary to immediately notify the residents in the facility 80 regardless of the attributes of the residents. Therefore, the notification unit 56 notifies the residents in the facility 80 by at least one of outputting a sound (such as a warning sound) from the alarm device 43 or the speaker device 44 and outputting a light (such as a flashing light) from the lighting device 45. Specifically, the notification unit 56 can notify the residents by controlling the alarm device 43, the speaker device 44, or the lighting device 45 via the control device 20. Note that this notification is made in a relatively intense manner, as it is intended to inform people in the vicinity of the facility 80 of an abnormality and to make the attacker leave.

In addition to outputting sound and light, the notification unit 56 also notifies by displaying an image on the display unit 21 of the control device 20 and sending an e-mail to the mobile terminal 70 (i.e., displaying an image on the display unit 71 of the mobile terminal 70). FIG. 4 is a diagram showing an example of an image displayed on the display unit 21 of the control device 20, and FIG. 5 is a diagram showing an example of an image displayed on the display unit 71 of the mobile terminal 70. Note that the display of an image on the display unit 21 of the control device 20 is performed, for example, by the notification unit 56 sending a notification command to the control device 20. The sending of an e-mail to the mobile terminal 70 is performed, for example, by the notification unit 56 sending a notification command to the server device 60.

When the attacker's estimated location is close to facility 80 and the damage caused by the cyber attack is small, the need for notification is lower than when the damage is large. Therefore, the notification unit 56 changes the mode of notification depending on the attributes of the resident located within facility 80.

For example, if the residents in the facility 80 are only sick people, children, and elderly people, the above-mentioned intense notification would be excessive and may even damage the residents' health. Therefore, the notification unit 56 notifies the residents by displaying an image on the display unit 21 of the control device 20 and by sending an email to the mobile terminal 70.

On the other hand, if the only resident within the facility 80 is a child, there is little need to notify the child. Therefore, the notification unit 56 notifies the child by sending an email to the mobile device 70 of a resident (adult) located outside the facility 80.

In cases other than the above, that is, when a healthy adult is present within the facility 80, it is considered that the adult can handle an accident caused by the notification. Therefore, the notification unit 56 notifies the resident within the facility 80 by at least one of outputting a sound (such as a warning sound) from the alarm device 43 or the speaker device 44 and outputting a light (such as a blinking light) from the lighting device 45. In addition to outputting a sound and outputting a light, the notification unit 56 also notifies by displaying an image on the display unit 21 of the control device 20 and sending an e-mail to the mobile terminal 70.

When the attacker's estimated location is far from the facility 80 and the damage caused by the cyber attack is great, it is necessary to immediately notify the residents in the facility 80 regardless of the attributes of the residents located in the facility 80. Therefore, the notification unit 56 notifies the residents in the facility 80 by at least one of outputting sound (such as a warning sound) from the alarm device 43 or the speaker device 44 and outputting light (such as blinking) from the lighting device 45. In addition to outputting sound and light, the notification unit 56 also notifies the residents by displaying an image on the display unit 21 of the control device 20 and sending an email to the mobile terminal 70.

When the attacker's estimated location is far from the facility 80 and the damage caused by the cyber attack is small, there is less need for notification than when the damage is large. Therefore, the notification unit 56 notifies the user by displaying an image on the display unit 21 of the control device 20 and by sending an email to the mobile terminal 70.

The display mode of the image (e.g., the message in the image) on the display unit 21 of the control device 20 differs depending on, for example, at least one of the estimated location of the attacker and the extent of the damage caused by the cyber-attack. Similarly, the content of the email to the mobile terminal 70 (e.g., the text of the email) also differs depending on at least one of the estimated location of the attacker and the extent of the damage caused by the cyber-attack.

As described above, the notification system 10 provides notifications in different formats depending on the estimated location of the attacker, the extent of the damage caused by the cyber attack (type of cyber attack), and the attributes of the resident. For example, the notification system 10 changes the notification format by changing the device 40 used for notification. Such a notification system 10 can provide appropriate notifications.

The notification method shown in FIG. 3 is one example. In the notification system 10, the mode of notification may be changed depending on the cyberattack. For example, in FIG. 3, the magnitude of damage (type of cyberattack) is divided into two stages, but it may be divided into three or more stages. Also, for example, notification by outputting sound or light when the estimated location of the attacker is close to the facility 80 has the purpose of making the attacker leave, so it may be performed in a different mode from notification by outputting sound or light when the estimated location of the attacker is far from the facility 80, which has less of a meaning.

How notifications are received may also be set by the resident. For example, the notification system 10 may be configured to allow the resident to set the type of notification to be made or the notification destination (the control device 20 or the mobile terminal 70) based on the resident's operation received by the display unit 21 of the control device 20. The notification system 10 may also be configured to allow the resident to refuse to receive notifications during a time period specified by the resident, or to receive notifications only during a time period specified by the resident.

In addition, it is not essential that the determination of the estimated location of the attacker, the determination of the extent of damage caused by the cyber attack, and the acquisition of attributes of residents located within facility 80 be performed, and some of these may be omitted.

[Effects, etc.]
As described above, the notification system 10 includes a detection unit 53 that detects cyber attacks against equipment 40 installed in a facility 80 that is connected to a communication network, and a notification unit 56 that issues notifications in different manners depending on the detected cyber attacks.

Such a notification system 10 can provide notifications in different formats depending on the type of cyber-attack. Specifically, the notification system 10 can provide a variety of notifications depending on the level of damage caused by a cyber-attack by changing the notification format depending on the level of damage caused by the cyber-attack.

Also, for example, the notification unit 56 notifies in different manners depending on the type of device 40 that has been subjected to a cyber attack.

Such a notification system 10 can provide notifications taking into account the type of device 40 that has been subjected to a cyber attack.

Also, for example, the notification unit 56 notifies in different manners depending on the operation of the device 40 based on the cyber attack.

Such a notification system 10 can provide notifications taking into account the operation of the device 40 that has been subjected to a cyber attack.

Also, for example, the notification unit 56 notifies in different manners depending on the content of the data output by the device 40 based on a cyber attack.

Such a notification system 10 can provide notifications taking into account the content of the data output by the device 40 based on a cyber attack.

For example, the notification system 10 further includes an acquisition unit 55 that acquires attributes of users of the facility 80. The notification unit 56 issues notifications in different formats depending on the type of cyber attack detected and the acquired attributes of the users. In other words, the users of the facility 80 are the residents of the facility 80.

Such a notification system 10 can provide notifications taking into account the attributes of users of the facility 80.

For example, when the detected cyber-attack is of a first type, the notification unit 56 issues a notification in the same manner regardless of the user's attributes, and when the detected cyber-attack is of a second type, the notification unit 56 issues a notification in a different manner depending on the user's attributes.

Such a notification system 10 can provide notifications taking into account the attributes of users of the facility 80.

Also, for example, the first type of cyber attack has a higher threat level than the second type of cyber attack.

Such a notification system 10 can provide notifications taking into account the attributes of users of the facility 80 when the threat level of a cyber attack is low.

Furthermore, for example, the user's attributes may include at least one of the user's age and the user's health condition.

Such a notification system 10 can provide notifications taking into account at least one of the user's age and the user's health condition.

For example, the notification system 10 further includes a determination unit 54 that determines the estimated location of the person who carried out the cyber attack. The notification unit 56 notifies in different ways depending on the type of cyber attack detected and the determined estimated location.

Such a notification system 10 can provide notifications taking into account the estimated location of the attacker.

Also, for example, the device 40 is controlled by a control device 20 having multiple operating modes, and the detection unit 53 detects that the device 40 has been controlled when the control device 20 is in a specific operating mode among the multiple operating modes as a cyber attack against the device 40.

Such a notification system 10 can detect cyber attacks based on the operating mode of the control device 20.

Also, for example, the notification may be given in the form of sound output, light emission, image presentation, or email transmission.

Such a notification system 10 can provide notifications by outputting sound, emitting light, presenting an image, or sending an email.

The notification method executed by a computer such as the notification system 10 includes a detection step S11 for detecting a cyber attack on equipment 40 installed in a facility 80 that is connected to a communication network, and a notification step S15 for issuing a notification in a different manner depending on the detected cyber attack.

This type of notification method can provide notifications in different formats depending on the cyberattack. Specifically, the notification method can provide a variety of notifications depending on the magnitude of damage caused by the cyberattack by changing the notification format depending on the magnitude of damage.

(Other embodiments)
Although the embodiment has been described above, the present invention is not limited to the above embodiment.

For example, in the above embodiment, the facility is described as a detached house, but it may be other facilities such as an apartment building, an office building, a commercial facility, a lodging facility, a hall, a studio, a hospital, a school, a factory, or a warehouse.

In addition, in the above embodiment, notification is provided by email, but in addition to or instead of email notification, notification may be provided via a messaging service available on an application installed on the mobile device.

In addition, in the above embodiment, the notification system is realized by multiple devices, but it may be realized by a single device. For example, the notification system may be realized as a single device corresponding to the notification device. When the notification system is realized by multiple devices, the components of the notification system may be distributed in any manner among the multiple devices. Also, in the above embodiment, the processing executed by a specific processing unit may be executed by another processing unit.

For example, in the above embodiment, some or all of the processes described as being executed by the notification device may be executed by the server device. In addition, the order of the processes described in the above embodiment may be changed, and the processes described in the above embodiment may be executed in parallel.

In the above embodiment, each component may be realized by executing a software program suitable for each component. Each component may be realized by a program execution unit such as a CPU or processor reading and executing a software program recorded on a recording medium such as a hard disk or semiconductor memory.

Furthermore, each component may be realized by hardware. For example, each component may be a circuit (or an integrated circuit). These circuits may form a single circuit as a whole, or each may be a separate circuit. Furthermore, each of these circuits may be a general-purpose circuit or a dedicated circuit.

In addition, the general or specific aspects of the present invention may be realized as a system, an apparatus, a method, an integrated circuit, a computer program, or a recording medium such as a computer-readable CD-ROM. In addition, the general or specific aspects of the present invention may be realized as any combination of a system, an apparatus, a method, an integrated circuit, a computer program, and a recording medium.

For example, the present invention may be realized as a control device having the function of a notification device. The present invention may also be realized as a notification method executed by a computer, such as the notification system of the above-mentioned embodiment. The present invention may also be realized as a program for causing a computer to execute the notification method. The present invention may also be realized as a computer-readable non-transitory recording medium on which such a program is recorded.

In addition, the present invention also includes forms obtained by applying various modifications to each embodiment that a person skilled in the art may conceive, or forms realized by arbitrarily combining the components and functions of each embodiment within the scope of the spirit of the present invention.

REFERENCE SIGNS LIST 10 Notification system 20 Control device 40 Equipment 52 Memory unit 53 Detection unit 54 Determination unit 55 Acquisition unit 56 Notification unit 80 Facility

Claims (16)

A detection unit that detects cyber attacks against devices installed in a facility and connected to a communication network;
A notification system comprising: a notification unit that performs notification in different manners depending on the content of the data output by the device based on the detected cyber attack. The notification system according to claim 1 , wherein the notification unit issues the notification in a different manner depending on a type of the device that has been subjected to the cyber-attack. The notification system according to claim 1 , wherein the notification unit issues the notification in a different manner depending on the operation of the device based on the cyber-attack. Further, an acquisition unit for acquiring attributes of users of the facility,
The notification system according to claim 1 , wherein the notification unit performs the notification in different manners depending on the type of the detected cyber attack and the acquired attributes of the user. The notification unit is
When the detected cyber-attack is of a first type, a notification is given in the same manner regardless of the attributes of the user;
The notification system according to claim 4 , wherein, when the detected cyber-attack is of a second type, the notification is given in a different manner depending on an attribute of the user. The notification system according to claim 5 , wherein the first type of cyber-attack has a higher threat level than the second type of cyber-attack. 7. The notification system according to claim 4, wherein the attributes of the user include at least one of an age group of the user and a health condition of the user. Further, a determination unit for determining an estimated location of the person who performed the cyber attack is provided,
The notification system according to claim 1 , wherein the notification unit issues the notification in a different manner depending on the type of the detected cyber attack and the determined estimated location. the device being controlled by a controller having a plurality of operating modes;
The notification system according to any one of claims 1 to 8, wherein the detection unit detects control of the device when the control device is in a specific operating mode among the multiple operating modes as the cyber attack against the device. The notification system according to claim 1 , wherein the notification is given in any one of the following ways: outputting a sound, emitting light, presenting an image, and sending an e-mail. A detection unit that detects cyber attacks against devices installed in a facility and connected to a communication network;
A notification unit that notifies the user in a different manner depending on the detected cyber-attack ,
The notification unit is
When the detected cyber attack is of a first type, a notification is given in the same manner regardless of the attributes of the user of the facility;
When the detected cyber-attack is of a second type, the notification is given in a different manner depending on the attributes of the user.
Notification system. A detection unit that detects cyber attacks against devices installed in a facility and connected to a communication network;
A determination unit that determines an estimated location of the person who performed the cyber attack;
A notification system comprising: a notification unit that provides notification in different manners depending on the type of the detected cyber attack and the determined estimated location . 1. A computer-implemented notification method, comprising:
A detection step of detecting a cyber attack on a device installed in a facility and connected to a communication network;
and a notification step of issuing a notification in a different manner depending on the content of the data output by the device based on the detected cyber-attack. 1. A computer-implemented notification method, comprising:
A detection step of detecting a cyber attack on a device installed in a facility and connected to a communication network;
A notification step of notifying in different manners depending on the detected cyber-attack ,
In the notification step,
When the detected cyber attack is of a first type, a notification is given in the same manner regardless of the attributes of the user of the facility;
When the detected cyber-attack is of a second type, the notification is given in a different manner depending on the attributes of the user.
Notification method. 1. A computer-implemented notification method, comprising:
A detection step of detecting a cyber attack on a device installed in a facility and connected to a communication network;
a determination step of determining an estimated location of the cyber attacker;
A notification method comprising: a notification step of providing notification in different manners depending on the type of the detected cyber attack and the determined estimated location . A program for causing the computer to execute the notification method according to any one of claims 13 to 15 .

Images