Industrial OT System and Operation is complex and critical as its nature. Hence, designing OT security countermeasures and its deployment does not allow any room for a single error.
A well-designed and hassle-free implementation of security countermeasures is one of the key measures in minimizing the cyber risks and maximizing the plant availability (uptime). If any undesirable error occurs, it could even lead to the failure of safety systems designed to protect human life or induce the process to injure personnel. Therefore, designers of OT security systems and deploying experts must have in-depth knowledge to avoid any nuisance interruption risk to systems’ operation and its consequences. With the convergence of IT and OT in today's industrial control system environments, there is a greater need for a common understanding between all those who support or rely on these systems.
*IT - Information Technology, OT - Operational Technology.
Yokogawa’s cybersecurity design & implementation services
Yokogawa takes “defense-in-depth” security strategy to protect the industrial assets. This approach utilizes multiple layers of defense (physical and electronic) at separate industrial levels by applying policies and procedures that address different types of threats. For example, multiple layers of network security protect networked assets, data, and endpoints, while multiple layers of physical security protect high-value assets. If one layer is broken or affected, other layers continue to protect against the attack.
Expertise knowledge and skills are required to implement defense-in-depth technical measures to keep the operation availability at the highest level. Yokogawa’s security engineers and professionals are always up to date with global and national security standards and trained to meet international qualifications while leveraging Yokogawa’s best practices over 100 years’ experience. We deliver an appropriate vendor-independent OT security solution to address the various issues faced by your plant. We have specific knowledge about how to update your architecture in accordance with the IEC 62443, a global security standard for Industrial Control Systems, and how to integrate your OT architecture with the IT domain.
Following through the Security Program cycle, in aligning with complete risk assessment, company’s policies, procedures, and business cases, Yokogawa ensures deployment of the best hassle-free technical countermeasures in the design & implementation phase.
Customer benefits who implement and design their cybersecurity by Yokogawa
Yokogawa’s security solutions are a comprehensive security suite of indispensable solutions for the sustainability and efficiency of your control system. Our highly reliable security design solutions and best-working implementation services bring the following benefits to our customers.
- Achieve the highest business continuity plan by increasing the availability, integrity, and confidentiality of the control system.
- Detects and records undesirable activities and modifications to applications.
- Control access to the network and detect unwanted access or activity.
- Protect viewing, editing, and use of specific pieces of control system content.
- Control who, what, where, and when access is allowed to which applications or devices.
- Support flexible and scalable modifications required for defined standards and targeted security levels.
- Tackle security challenges arising from industrial digital transformation with peace of mind and increase the investment value.
- Close the gap between people, process, and technology by following the comprehensive security program from a lifecycle perspective.
Details
The 1st step toward protecting your control system against malware infection and cyber-attack is to incorporate the Endpoint Security Service.
The threat of cyber-attack through unauthorized access or malware infection that targets vulnerable control systems via USB storage devices is increasing on a daily basis. By incorporating the “Endpoint” services on your Windows PCs or Servers, it will protect against such threats and mitigate any risks. Yokogawa Endpoint Security Service will mitigate security risks at the users “Endpoint” and will help to support the sustainability and health of the control system throughout your plant’s lifecycle.
Take a step from a different perspective
To assume that everything will “probably be OK” may not be adequate as the risk to security increases every day. In order to evaluate the potential security risk objectively, we encourage you to adopt the Security Risk Communication with Yokogawa and determine the best solution to fit your needs.
Security Risk Communication
Based on the results of the simple security survey provided by the customer, Yokogawa evaluates the security risk. Upon discussion with the customer, Yokogawa proposes the optimum security countermeasures.
Virus Check Service
Yokogawa Virus Check Service can detect computer viruses without the need for installing antivirus software. By periodically running this virus check, the security of your system can be maintained.
Adopt effective security services
The customer’s biggest concern is the risk of a computer malware infection and would like the reassurance that their system is safe. Yokogawa provides an effective security service in response to the customer’s requests and operational conditions.
AV/OS* Implementation Service
For the prevention of malware such as computer viruses, Yokogawa recommends the installation of antivirus software as well as the Microsoft Security Updates that have been approved by Yokogawa. AV/OS: Antivirus software/ Microsoft Security Updates
Malware Inactivated Service
A permitted program list is created and executed on the customer’s HIS-PC protect against infectious malware by restricting the execution of specific software.
USB Port Lock Service
This service can restrict the use of USB storage devices, both physically and theoretically to protect against malware infections.
Software Backup Service
This service is not only used to minimize customer down time during HIS trouble occurrences but also to security data integrity. Yokogawa uses external hard drives to back up the hard drives of the HIS to ensure continuity and reliability of the data backup
Avoid deteriorated security level
A periodical check and an update are indispensable to maintain or manage security levels since security levels can deteriorate as time passes.
AV/OS Update Service
This service can periodically update pattern files of antivirus software and Microsoft Security Updates.
Security Effectiveness Service
This service can check implemented security measures during a periodical inspection or shutdown maintenance.
Security Information Service
This service regularly provides antivirus software and Microsoft Security Updates information in association with Yokogawa products.
Yokogawa provides various security solutions from endpoints to network boundaries in your plant to solve the major challenges.
- Network design and architecture
Yokogawa understands the need to secure protected areas of a plant. Accordingly, Yokogawa provides secure network architecture, a design based on IEC 62443 that includes zoning or grouping of assets based on their security requirements. In addition, this secure network architecture is equipped with firewalls which are the first line of defense against intrusion from other networks.
- Centralized AV/OS patch management
The need to protect a system from malicious attacks is critical for customers. Yokogawa’s Anti-Virus Management and OS Patch Management help secure the system by blocking any form of malicious software and fixing software vulnerabilities which could lead to the disruption of plant operation. In addition, Yokogawa offers “system hardening” which removes all non-essential software programs and utilities from plant workstations.
- Network management system
The necessity for network devices to monitor the network status (i.e., network loading, network up/down) can be achieved through the network management system. In addition, the solution can monitor the usage of memory and hard disks of servers. This solution provides centralized management involving a dedicated network monitoring and management server as the point of administration for all monitored clients.
- Network health check service
Communication traffic may appear to be working smoothly, but it cannot be seen with the naked eye. The network health check service provides clear reporting on network traffic, enabling close monitoring of all vital communication.
- Backup and recovery system
Yokogawa understands that customers need to protect all information in their systems. The backup & recovery system ensures that all information remains intact even after an incident, thus facilitating rapid restoration of the system.
- Centralized user/PC setting management
Yokogawa offers a solution that can easily manage all customer resources on a network. The active directory service simplifies user and computer management. Policies can also be created in the active directory to meet the security requirements of the customer. Yokogawa application user/groups will be seamlessly integrated with the active directory.
Looking for more information on our people, technology and solutions?
Contact Us