About Hyogo Pulp Industries
Located in the inland area of Hyogo Prefecture, rich in wood resources, Hyogo Pulp Industries, Ltd. is a leading manufacturer of UKP (Unbleached Kraft Pulp) in Japan and one of the top producers in Asia. UKP is used as an outer liner for corrugated paper products, which must be durable and of high quality. It is also widely used for building materials such as exterior siding boards and roofing materials, as well as insulating paper for electronic equipment, taking advantage of its lightweight and excellent workability.
The company is also a pioneer for biomass power generation. The No.3 biomass power generator, built in 1993, uses black liquor (a byproduct of the kraft process) from the pulp manufacturing process as fuel, and the No.4 and 5 biomass power generators, which started generating electricity in 2004 and 2017, use recycled and unused materials as fuel. These power supplies cover 100% of the power required to operate the plant and are also supplied to local households through electric power companies.
Wood chips used as raw materials for UKP and biomass fuel for power generation are wood materials that have been disposed of in the past, such as leftover wood from the dismantling of sawmills and wooden houses, waste wood, and low-quality wood which is unsuitable for construction. Through the effective use of wood resources, Hyogo Pulp contributes to the regeneration of forests and the forestry industry, and the formation of a circular society.
In 2018, Hyogo Pulp introduced a virtual network infrastructure using SDN (Software-Defined Net-working) technology. The aim of this initiative is to strengthen cyber security measures in plant networks, and create a safer and more efficient network infrastructure anticipating the introduction of IIoT (Industrial IoT) solutions such as ERP (Enterprise Resource Planning).
The Challenges and the Solutions
Background of network infrastructure revamp
Cyber security threats to plant network is growing day by day. In order to provide stable and safe power supply, biomass power companies are required to assess risks, establish appropriate security policies and implement countermeasures for their plant networks. To address these agenda, it was necessary for Hyogo Pulp to establish a system to easily understand, evaluate, and improve the status of networks in the plant.
Management system required for plant networks
In addition, the following circumstances made it urgent to develop a new network infrastructure and policy.
- Plan to introduce IIoT solutions such as ERP systems that runs on cloud
- Strengthening cyber security measures against potential cyber attacks on plants
- Deployment of secure wireless access points
However, with the growing availability of the Internet, existing networks that had been deployed and expanded in the past were complex, and it was costly to lay new network cables. Also, it was difficult to secure network administrator resource for network revamp as they were also working on other tasks. Therefore, Hyogo Pulp decided to enhance their plant network security by utilizing the "Next Generation Industrial Network Security Solutions" from Yokogawa, their instrumentation and control system supplier with the experience and knowledge for both plant operation and OT-IT security.
Gaining visibility of the existing plant network
Yokogawa's network specialist team worked with customers to understand the current state of the plant-wide network. From the office area to the field equipment such as the computer room, the control room of the plant, and the electrical room, physical network cables were investigated while checking the network inventory list and the system architecture diagram with the current configuration, and the settings of each equipment such as firewalls and switches were unraveled.
In addition, the customer's current challenges and requirements were analyzed through interviews. The challenges for IT infrastructure management included the deployment of secure wireless access points and guest Wi-Fi, and the future requirements for the network included the management of increasing numbers of IT assets and prospects for network utilization.
User-friendly operation and management were designed based on the customer's actual situation, challenges and requests regarding the operation of the plant IT infrastructure.
Yokogawa’s proposal was a state-of-art approach to the plant network based on viable technologies, with new network policies anticipating future visions. A virtual network using SDN technology was introduced, virtually integrating existing network cables and equipment without making any physical changes, and creating a new, secure, intelligent network.
Yokogawa’s Next Generation Industrial Network Security Solutions
Deployment of the new virtual network
In the beginning, Yokogawa assessed the plant network and sorted out the network communications required for each segment such as office area and control room in order to develop a network policy to connect and secure the plant network. Then, the logical configuration of the entire plant network was designed and implemented using SDN virtual network technology, making the most of the existing asset.
The switchover from the conventional network to the virtual network was completed in about 30 minutes without any problems. Minimizing the impact on the running plant operations is one of the great benefits of virtual networking.
In addition to anti-spam and conventional anti-virus measures, the Intrusion Detection System and Log Collection and Analysis tools were also introduced to enable real-time monitoring of network. With the introduction of IT Asset Management tools, it is now possible to easily understand and manage the devices connected to the network and to monitor access and security status of each device.
Secure wireless access points with appropriate access rights and guest Wi-Fi have now became available in all area required, dramatically improving security and convenience.
Plant network security monitoring service to support operation and management of IT systems
Yokogawa's "Plant network security monitoring service" was introduced to manage the operation of the new network. When a network failure or a security threat occurs, immediate action must be taken. The company decided to rely on Yokogawa’s security monitoring service and allocated the company's limited human resources for higher-value-added operations.
The security monitoring service enables network specialists at Yokogawa to continuously monitor the customer’s plant network through secure remote access, and acts as if it were the customer’s IT department. If an abnormality or threat is detected, it will be immediately notified to the customer service by predetermined procedures. Day-to-day equipment configuration changes are made at the customer's site. However, when performing difficult configuration tasks or detecting abnormalities, the customer and Yokogawa discuss together while sharing the status of the network infrastructure. In some cases, Yokogawa remotely assists the customer with configuration changes.
In this way, Hyogo Pulp can easily maintain and manage a safe network infrastructure, and now focus on safe plant operation as well as new initiatives to improve productivity.
We spoke with Mr. Hideyuki Nakaya of the Electricity Section of the Facilities Department, who led the project, and Mr. Satoshi Ikawa of the General Affairs Section of the General Affairs Department.
Q. How do you see the benefit of deploying virtual network?
“With the integration of our factory and office area networks, people now have access to the necessary data. We see improvement in security levels and efficiency, with dual management no longer necessary.”
“Our expertise in networking have improved as we have been able to move forward with the project with support from Yokogawa experts. We usually change our network settings and troubleshoot problems ourselves, and ask Yokogawa for support when necessary.”
"The switchover took just around 30 minutes, and our employees may not have noticed the change."
"Of course, no security issues have occurred."
Mr. Ikawa and Mr. Nakaya
Q. What is your impression on the continuous monitoring service from Yokogawa?
“The key to this virtual network deployment was the plant security network monitoring service. Normally, we would have to train and increase the number of people with specialized knowledge, but with the continuous monitoring service, there was no need to do so.”
“We are happy with the remote support from Yokogawa, which allows us to share the status of the network infrastructure and get advice. When we faced a problem the other day, I worked on identifying the root cause and contacted Yokogawa for support. We looked into it together, and solved the issue within 20 minutes from occurrence.”
“The monthly report is also informative. I could see how the network was being used, and I realized that threats do exist in the plant network. The visualization has helped raise awareness on the network security.”
Q. What kind of cyber security management is required for biomass power companies?
“There is a voluntary initiative by the industry association, where an annual interview is performed to see if appropriate security measures are taken. We are pleased that our plant has been rated above the average.”
Q. Please share with us your future initiatives.
"Although a safe and efficient network infrastructure has been established, we believe it is necessary to continue PDCA (Plan-Do-Check-Action) cycle for operational rules and to continuously provide training to employees. We still have a lot to do on our own initiative. We hope that Yokogawa will provide support with these activities.”
Managed IT/OT cybersecurity services for threat detection and remediation
Yokogawa’s cybersecurity services take a lifecycle approach to help customers control the security risks and manage them to achieve the highest business continuity plan