Recently a segment of critical infrastructure in the US was hit by a singularly damaging cyber-attack that brought the Colonial Pipeline to a standstill, affecting its entire 5,500-mile stretch along the east coast. This ransomware attack turned out to be a strong wake-up call for many organizations, particularly the ones that deal with critical infrastructure, leaving them to re-examine their vigilance policies.
Researchers are continuously discovering advanced viruses designed to attack operational systems. This has made cybersecurity a crucial aspect of the industrial automation journey. Enter Yokogawa Corporation of America, featured in The Enterprise World’s Top Cybersecurity Companies to Watch in 2022.
Yokogawa has built a reputation for providing advanced technologies, consulting, and services in the areas of measurement, control, and information to customers across a broad range of industries, including bioscience, energy, chemicals, materials, pharmaceuticals, food, and water.
How Robust Cybersecurity Supports Digital Transformation
It’s no secret that technology has played a pivotal role in advancing capabilities, but manufacturing has also contributed to business evolution with automation. There was a time when automation was a farfetched idea. Now manufacturing plants enable automation to make processes faster, safer, and more efficient. Automation processes are hindered, however, by the many and varied pernicious cyber-attacks.
Taking a lifecycle perspective, Yokogawa delivers resilient cybersecurity services and solutions to reduce cyber risks in each customer’s industrial control systems (ICS) environment. By implementing a cybersecurity lifecycle management solution, organizations can rely on the long-game efficiency of their business operations across different areas. Comprehensive cybersecurity management is also the basic precondition for sound operations by reducing risk against attacks, safety breaches, and ransom requests.
A cybersecurity program will align and improve the capabilities of the plant’s three key elements of people, processes, and technology to reduce cybersecurity risk. It helps to overcome the imposing challenge of closing the gaps among the three key elements and reducing the human factors that contribute to incidents.
A developed security roadmap will support companies as they create mid to long-term plans to execute their security program for the lifecycle of their plant. This roadmap will also illustrate the countermeasures needed to achieve the company’s security goals in an understandable and digestible format.
As a result of involving different stakeholders, the security program creates more effective organizational team synergy involving all employees. In addition, it greatly helps to strengthen employees’ higher commitment to their daily security vigilance.
“We actively support operators over the plant’s entire life cycle, continually working on improvements in a close partnership with our customers. That’s what we understand by Co-innovating tomorrow.”
The Stronger, The Better. Six Steps to Better Cybersecurity.
Yokogawa’s experience has proven these six steps lead to the most effective cybersecurity solutions:
1 | AWARENESS AND TRAINING
Effective cybersecurity risk management is not only about good technologies and processes. Human error due to a lack of cybersecurity knowledge and awareness leads to many cyber incidents nowadays. Educational awareness and training are essential cybersecurity controls that should be in place at the first step.
Yokogawa supports customers with tailored training programs, either remotely or on-site as needed, addressing appropriate contents to different functional levels, based on IEC 62443 while also considering required national and specific industrial standards.
2 | SECURITY RISK ASSESSMENT
Risk management starts with asset inventory and the agreement of assets in and/or out of scope. Adopting a risk-based approach allows organizations to assess the relative strengths and weaknesses of different security decisions within the context of a complex operational environment where a maze of laws, policies, and directives apply. Along with an evolving threat landscape, developing an operational technology( OT) cybersecurity strategy can challenge even the most experienced professionals.
Part of risk management is the risk security baseline to determine the vulnerabilities and their associated likelihood and impact. The outcome of the risk security baseline assists in writing the policies and business case. It also helps determine the OT baseline measures. Our program helps customers with the risk assessment baseline for the OT domain following the three-step approach:
- Technical Security Risk Assessment (TSRA) to find the security vulnerabilities on-site under the international standard IEC62443. The assessment is also used to determine the gap between the current cybersecurity maturity and the IEC62443 security targets.
- Operation Security Risk Assessment (OSRA) to find security vulnerabilities in the enterprise cybersecurity management system. The assessment focuses on governance, processes, and organization.
- Business Security Risk Assessment (BSRA) to find the security vulnerabilities in the business processes concerning business security risk associated with the OT information. We specifically investigate the risk in case of security breaches related to OT information.
Yokogawa cybersecurity consultants work with the customer to analyze the identified vulnerabilities to understand the likelihood and the impact of potential unidentified vulnerabilities. This is followed up by gap analysis between existing plant and security requirements specified by IEC 62443. Delivering clear cut understanding of assessment results provides a base on which to develop a comprehensive OT cybersecurity program effectively.
3 | BUSINESS CASE DEVELOPMENT
The business case is a question of high importance: How much money should be invested in cybersecurity to achieve an acceptable risk level? Yokogawa collaborates closely with customers to ensure the budget is planned based on the outcome of the security risk assessment.
Security risk levels are prioritized in conjunction with policies and procedures. Taking a lifecycle perspective, Yokogawa’s consultants work step-by-step with customers to develop a realistic risk mitigation roadmap and implementation schedule to increase the plant’s security level.
4 | POLICIES AND PROCEDURES IMPROVEMENT
Complete and well-defined policies and procedures are the most critical elements across an organization in defining and executing a unified security strategy. With Yokogawa’s best practice, off-the-shelf OT policy and procedure documents and comprehensive knowledge of IEC 62443, ISO/IEC 27001, NIST framework and national standards, Yokogawa’s security consultants and experts support customers in developing the most effective security policies and procedures. Hence, people and technology are connected more efficiently while avoiding any gaps.
5 | DESIGN AND IMPLEMENTATION
In aligning complete risk assessment, company’s policies, procedures, and business cases, Yokogawa ensures deployment of the most effective hassle-free countermeasures. The team of engineers and professionals at Yokogawa are always trained to meet global security standards and qualifications.
Standard security countermeasures, include among others, are automated/manual security updates, user and access control design, firewall, unidirectional gateway, network segmentation design, secure remote access, and backup/recovery.
6 | MANAGED OPERATION AND MAINTENANCE
24/7 secured monitoring, analysis of network activities, and overviewing security performance and compliance matrix not only reduce the critical cybersecurity burden on plant engineers but also provide effective protection against known and unknown cyber threats.
Yokogawa’s managed operation and maintenance services are designed securely to meet the customer’s unique requirements and to ensure that implemented cybersecurity solutions are not deteriorating. Standard managed services are fully integrated and include continuous security monitoring/maintenance, asset inventory management, threat analysis, and incident response.
Building IT/OT Security Issue Resiliency
Founded on more than 100 years of providing industrial automation and services in green- and brown-field projects, Yokogawa knows all the details of information and operational technologies, and we appreciate different priorities of these domains when designing cybersecurity for industrial automation and control systems (IACS).
This high-level expertise enables the users to implement the best-working cybersecurity management solutions. The organization enables critical industries to take advantage of the entire Yokogawa knowledge.
“We follow one overall objective: to minimize risk and maximize corporate values according to our self-commitment as a lifecycle value partner.”
Beyond the obvious threats to cybersecurity, there are far more invisible threats from hidden security issues that pose a high risk to business continuity plans. Implementing cybersecurity management means that business continuity plans stay intact. No matter what stage an organization is at, Yokogawa can help improve cybersecurity programs on either side of the OT/IT aisle.
It is common understanding that securing highly complex OT and IT systems with IT/OT integration is a considerable challenge. Which measures have priority, which can wait? How should cybersecurity components be implemented smoothly and without interruption of production? Which human, material and financial resources are required?
With its long history in security, Yokogawa knows the answers to these important questions. Yokogawa is at home in all industries and countries; is familiar with safety best practices, standards and regulations; and understands visions and innovations in OT and IT/OT integration. Simply put, Yokogawa knows which effective actions and protocols to avoid and which to introduce.
Yokogawa can meet clients where they are on the security spectrum and can provide a viable path forward to achieve maximum levels of protection against external threats and help ward off diminishing brand reputations from unplanned events. Investment in cybersecurity is not only protection against data breaches, it protects multiple classes of information like intellectual property, personal information, client sensitive data, and systems operations.
About Yokogawa and Yokogawa Corporation of America
Yokogawa provides advanced technologies and services in the areas of measurement, control, and information to customers across a broad range of industries, including energy, chemicals, materials, pharmaceuticals, food, and water. Yokogawa addresses customer issues regarding increasingly complex production, operations management, and the optimization of assets, energy, and the supply chain with digitally enabled smart manufacturing, enabling the transition to autonomous operations.
Founded in Tokyo in 1915, Yokogawa continues to work toward a more sustainable society through more than 17,500 employees in a global network of 119 companies spanning 61 countries.
Yokogawa Corporation of America is a wholly-owned subsidiary of Yokogawa. Established in 1957, the business is headquartered in Houston, Texas, and supported by other domestic manufacturing and service locations across the U.S, Canada and Mexico.
For more information, visit www.yokogawa.com/us