The following blog article is the second of three parts (to the first part) and deals with the topic “Converging and Securing OT-IT – Enabling Industrial Network Security Solutions for Use With Key Technologies”.
Simple visualization of existing plant network architecture
Yokogawa’s network specialist team worked closely with Hyogo Pulp to screen and understand the current state of the plant-wide network. From the office area to the field equipment such as the computer room, the plant control room, and the electrical room, physical network cables were investigated. This entailed checking the network inventory list and the system architecture diagram against the current configuration, and the settings of individual components such as firewalls and switches were unraveled.
In addition, the customer’s current challenges and requirements were analyzed through interviews with the employees responsible. The challenges for IT infrastructure management included the deployment of secure wireless access points and guest Wi-Fi. Among the future requirements specified for the network were the management of increasing numbers of IT assets and efficient network utilization.
User-friendly, intuitive operation and management were designed based on the customer’s actual situation, challenges and requirements regarding the operation of the plant IT infrastructure.
Yokogawa’s proposal was a state-of-art approach to the plant network. It was based on viable technologies, with new network policies anticipating future visions. A virtual network using SDN technology was introduced, virtually integrating existing network cables and equipment. This was achieved without making any physical changes, creating a new, secure and intelligent network.
In the beginning, Yokogawa assessed the plant network and sorted out the network communications required for each segment such as the office area and control room, in order to develop a network policy to connect and secure the plant network. Then, the logical configuration of the entire plant network was designed and implemented using SDN virtual network technology. This allowed the most to be made of the existing asset.
The switchover from the conventional network to the virtual network was completed in about 30 minutes without any problems. Minimizing the impact on running plant operations is one of the great benefits of virtual networking.
In addition to anti-spam and conventional anti-virus measures, the Intrusion Detection System (IDS) and Log Collection and Analysis tools were also introduced to enable real-time monitoring of the network. Thanks to IT Asset Management tools, it is now possible to easily understand and manage the devices connected to the network. The access and security status of each device can be monitored efficiently in this way.
Secure wireless access points with appropriate access rights and guest Wi-Fi have now become available in all areas required. That dramatically improves security and convenience.
Plant Network Security Monitoring Service
Yokogawa’s “Plant Network Security Monitoring Service” was implemented to manage the operation of the new network as smoothly as possible. If a network failure or a security threat occurs, immediate action must be taken. Hyogo Pulp decided to rely on Yokogawa’s Plant Network Security Monitoring Service and allocated the company’s limited human resources accordingly, to permit higher value-added to be achieved.
This service enables network specialists at Yokogawa to continuously monitor the customer’s plant network through secure remote access, and to act as if they were Hyogo Pulp’s IT department. If an abnormality or threat is detected, it is immediately notified to Customer Service by means of predetermined procedures. Day-to-day equipment configuration changes are made at the customer’s site. However, when performing difficult configuration tasks or correcting abnormalities, the customer and Yokogawa discuss together while sharing the status of the network infrastructure. In some cases, Yokogawa remotely assists the customer with configuration changes.
In this way, Hyogo Pulp can easily maintain and manage the secure network infrastructure, and instead focus on reliable plant operation as well as new initiatives to improve productivity.
In the following third part of this blog article about “Converging and Securing OT-IT – Enabling Industrial Network Security Solutions for Use With Key Technologies” it will be about the Customer Satisfaction and an interview with Hideyuki Nakaya of the Facilities Department’s Electricity Section, who led the project, and Satoshi Ikawa of the General Affairs Section.