Cyber Defense Institute and CybExer Selected as Support Partners for Keio University KGRI's Development of a Dynamic Penetration Testing Platform
Keio University KGRI, supported by the Cyber Defense Institute and CybExer, has begun research and development of a dynamic penetration testing platform for OT/IT environments to verify resilience against cyberattacks in practical scenarios.
📋 Article Processing Timeline
- 📰 Published: April 15, 2026 at 20:00
- 🔍 Collected: April 15, 2026 at 11:31
- 🤖 AI Analyzed: April 19, 2026 at 06:28 (90h 56m after Collected)
Keio University Global Research Institute (Director: Teruo Nakatsuma, hereinafter KGRI) is promoting the research and development of a Dynamic Penetration Testing platform to practically verify the resilience of OT/IT hybrid environments. This is part of the New Energy and Industrial Technology Development Organization's (NEDO) "Economic Security Key Technology Fostering Program (K Program) / Strengthening Advanced Cyber Defense Functions and Analytical Capabilities" (JPNP24003).
Cyber Defense Institute, Inc. (Headquarters: Shinjuku-ku, Tokyo; President and CEO: Toru Tsuchiya) and CybExer Technologies (Headquarters: Tallinn, Estonia; CEO: Andrus Kivisaar) will provide technical support as partners in infrastructure development for this research and development conducted by KGRI as the principal researcher.
[Company Logos]
■ Background
Cyberattacks against critical infrastructure and industrial systems are becoming increasingly sophisticated and complex, making it difficult to fully grasp system resilience in actual operational environments through traditional static security evaluations alone.
Especially in environments where OT (Operational Technology) and IT (Information Technology) are integrated, the interaction between attack and defense changes over time, increasing the need for a dynamic verification platform that reflects actual operational conditions.
The "Dynamic Penetration Testing" referred to in this research is a method that continuously reproduces and observes the interaction of attack and defense on a timeline in an environment that simulates actual operations, in order to evaluate the resilience characteristics of a system.
■ Overview of Research and Development
In this research, we will build a high-fidelity simulator combining actual equipment environments and attack scenario technologies, making it possible to dynamically reproduce and observe the interaction of attacks and defenses in an integrated OT/IT environment.
Unlike conventional verification environments centered on static evaluation, it offers technical novelty by enabling continuous security verification assuming actual operation.
Through this platform, we aim to achieve the following:
- Reproduction of attack scenarios close to real environments
- Execution of dynamic attack scenarios tailored to integrated OT/IT environments
- Quantitative evaluation of system withstanding capability and recoverability
- Cross-sectional utilization for research, education, and practical exercises
■ Establishment of Resilience Evaluation Metrics
To establish practical evaluation methods in the critical infrastructure sector, this research will organize a metric system to quantitatively evaluate system resilience from the following perspectives:
- Recovery: Recovery characteristics after a failure occurs
- Withstanding: Ability to maintain functions under attack
This aims to establish reproducible, operations-oriented resilience evaluations.
■ Alignment with International Standards
The outcomes of this research will be aligned with international security and resilience frameworks such as the IEC 62443 series and NIST SP800-160, aiming to ensure international interoperability. Special emphasis will be placed on its application to resilience verification in integrated OT/IT environments.
■ Social Significance and Future Development
This initiative is expected to contribute to:
- Advancing practical verification methods in the critical infrastructure sector
- Systematizing dynamic penetration testing
- Strengthening the environment for practical talent development
- Improving cyber defense capabilities through industry-academia-government collaboration
In the future, we plan to gradually roll this out to critical infrastructure sectors such as power and manufacturing, keeping in mind proof-of-concept demonstrations, guideline formulations, and broad societal implementation.
■ Endorsements
[Keio University]
Professor Jun Murai, Professor Emeritus and Special Project Professor at Keio University, stated:
"As cyber risks surrounding critical infrastructure increase, developing a verification platform that assumes actual operational environments carries significant meaning in effectively advancing our nation's cybersecurity policies. Through this initiative, we will further deepen industry-academia-government collaboration and contribute to strengthening Japan's overall cyber defense capabilities and talent foundation."
[Cyber Defense Institute, Inc.]
Toru Tsuchiya, President and CEO of Cyber Defense Institute, Inc., stated:
"Leveraging the insights gained from threat hunting exercises utilizing cyber ranges, which we have been working on with CybExer since our company's establishment, it is an honor to support Keio University's research and development from a technical standpoint. Through this initiative, practical cyber
Cyber Defense Institute, Inc. (Headquarters: Shinjuku-ku, Tokyo; President and CEO: Toru Tsuchiya) and CybExer Technologies (Headquarters: Tallinn, Estonia; CEO: Andrus Kivisaar) will provide technical support as partners in infrastructure development for this research and development conducted by KGRI as the principal researcher.
[Company Logos]
■ Background
Cyberattacks against critical infrastructure and industrial systems are becoming increasingly sophisticated and complex, making it difficult to fully grasp system resilience in actual operational environments through traditional static security evaluations alone.
Especially in environments where OT (Operational Technology) and IT (Information Technology) are integrated, the interaction between attack and defense changes over time, increasing the need for a dynamic verification platform that reflects actual operational conditions.
The "Dynamic Penetration Testing" referred to in this research is a method that continuously reproduces and observes the interaction of attack and defense on a timeline in an environment that simulates actual operations, in order to evaluate the resilience characteristics of a system.
■ Overview of Research and Development
In this research, we will build a high-fidelity simulator combining actual equipment environments and attack scenario technologies, making it possible to dynamically reproduce and observe the interaction of attacks and defenses in an integrated OT/IT environment.
Unlike conventional verification environments centered on static evaluation, it offers technical novelty by enabling continuous security verification assuming actual operation.
Through this platform, we aim to achieve the following:
- Reproduction of attack scenarios close to real environments
- Execution of dynamic attack scenarios tailored to integrated OT/IT environments
- Quantitative evaluation of system withstanding capability and recoverability
- Cross-sectional utilization for research, education, and practical exercises
■ Establishment of Resilience Evaluation Metrics
To establish practical evaluation methods in the critical infrastructure sector, this research will organize a metric system to quantitatively evaluate system resilience from the following perspectives:
- Recovery: Recovery characteristics after a failure occurs
- Withstanding: Ability to maintain functions under attack
This aims to establish reproducible, operations-oriented resilience evaluations.
■ Alignment with International Standards
The outcomes of this research will be aligned with international security and resilience frameworks such as the IEC 62443 series and NIST SP800-160, aiming to ensure international interoperability. Special emphasis will be placed on its application to resilience verification in integrated OT/IT environments.
■ Social Significance and Future Development
This initiative is expected to contribute to:
- Advancing practical verification methods in the critical infrastructure sector
- Systematizing dynamic penetration testing
- Strengthening the environment for practical talent development
- Improving cyber defense capabilities through industry-academia-government collaboration
In the future, we plan to gradually roll this out to critical infrastructure sectors such as power and manufacturing, keeping in mind proof-of-concept demonstrations, guideline formulations, and broad societal implementation.
■ Endorsements
[Keio University]
Professor Jun Murai, Professor Emeritus and Special Project Professor at Keio University, stated:
"As cyber risks surrounding critical infrastructure increase, developing a verification platform that assumes actual operational environments carries significant meaning in effectively advancing our nation's cybersecurity policies. Through this initiative, we will further deepen industry-academia-government collaboration and contribute to strengthening Japan's overall cyber defense capabilities and talent foundation."
[Cyber Defense Institute, Inc.]
Toru Tsuchiya, President and CEO of Cyber Defense Institute, Inc., stated:
"Leveraging the insights gained from threat hunting exercises utilizing cyber ranges, which we have been working on with CybExer since our company's establishment, it is an honor to support Keio University's research and development from a technical standpoint. Through this initiative, practical cyber