Plant Security Lifecycle Services are a cyber security lifecycle approach to help customers reduce security risks and manage plant security throughout its life.
Challenges for Customers
Security is fundamental for the IIoT.
As IT technology expands into the field of industrial control systems, the security risk increases with new internal and external threats to plant assets (i.e. sensors, motors and other control devices) connected to the network. Yokogawa considers that both IT and OT have converged in today's industrial control system environments and there is an even greater need for a common understanding between all those who support or rely on these systems.
Hence, Yokogawa provides vendor-independent solutions to address the various issues faced by your plant.
Yokogawa has two types of solutions to protect your system.
Yokogawa has host based security which focuses on protecting the “end-points” (workstations and servers) from malicious or accidental actions. The Endpoint Security Service provides a fundamental security service as a first step to protecting your control system against malware infection and cyber-attacks.
For the next step, how to keep secure and manage the network and all endpoints? The Integrated Security Service provides various security solutions from endpoints to the network boundary in your plant to solve the major challenges.
The Yokogawa Security Solution Portfolio is a comprehensive security suite of indispensable solutions for the sustainability and efficiency of your control system.
- Increases plant safety & security
- Increases the availability, integrity and confidentiality of the control system
- Detects and records unwanted activity and modifications to applications
- Controls access to the network, and detects unwanted access or activity
- Protects viewing, editing, and use of specific pieces of control system content
- Controls who, what, where, and when access is allowed to which applications or devices
What kind of technology can protect my plant?
Protecting industrial assets requires a “defense-in-depth” security approach that addresses internal and external security threats. This approach utilizes multiple layers of defense (physical and electronic) at separate industrial levels by applying policies and procedures that address different types of threats. For example, multiple layers of network security protect networked assets, data, and end points, while multiple layers of physical security protect high-value assets. No single technology, product, or methodology can fully secure industrial networks.
The 1st step toward protecting your control system against malware infection and cyber-attack is to incorporate the Endpoint Security Service.
The threat of cyber-attack through unauthorized access or malware infection that targets vulnerable control systems via USB storage devices is increasing on a daily basis. By incorporating the “Endpoint” services on your Windows PCs or Servers, it will protect against such threats and mitigate any risks. Yokogawa Endpoint Security Service will mitigate security risks at the users “Endpoint” and will help to support the sustainability and health of the control system throughout your plant’s lifecycle.
Take a step from different perspective
To assume that everything will “probably be OK” may not be adequate as the risk to security increases every day. In order to evaluate the potential security risk objectively we encourage you to adopt the Security Risk Communication with Yokogawa and determine the best solution to fit your needs.
Security Risk Communication
Based on the results of the simple security survey provided by the customer, Yokogawa evaluates the security risk. Upon discussion with the customer, Yokogawa proposes the optimum security countermeasures.
Virus Check Service
Yokogawa Virus Check Service can detect computer viruses without the need for installing antivirus software. By periodically running this virus check, the security of your system can be maintained.
Adopt effective security services
The customer’s biggest concern is the risk of a computer malware infection and would like the reassurance that their system is safe. Yokogawa provides an effective security service in response to the customer’s requests and operational conditions.
AV/OS* Implementation Service
For the prevention of malware such as computer viruses, Yokogawa recommends the installation of antivirus software as well as the Microsoft Security Updates that has been approved by Yokogawa. AV/OS : Antivirus software/ Microsoft Security Updates
Malware Inactivated Service
A permitted program list is created and executed on the customer’s HIS-PC protect against infectious malware by restricting the execution of specific software.
USB Port Lock Service
This service can restrict the use of USB storage device, both physically and theoretically to protect against malware infections.
Software Backup Service
This service is not only used to minimize customer down time during HIS trouble occurrences but also to security data integrity. Yokogawa uses external hard drives to back up the hard drives of the HIS to ensure continuity and reliability of the data backup.
Avoid deteriorated security level
A periodical check and an update is indispensable to maintain or manage security levels, since security levels can deteriorate as time passes.
AV/OS Update Service
This service can periodically update pattern files of antivirus software and Microsoft Security Updates.
Security Effectiveness Service
This service can check implemented security measures during a periodical inspection or shutdown maintenance.
Security Information Service
This service regularly provides antivirus software and Microsoft Security Updates information in association with Yokogawa products.
Yokogawa provides various security solutions from endpoint to network boundary in your plant to solve the major challenges.
- Network design and architecture
Yokogawa understands the need to secure protected areas of a plant. Accordingly, Yokogawa provides a secure network architecture, a design based on IEC 62443 that includes zoning or grouping of assets based on their security requirements. In addition, this secure network architecture is equipped with firewalls which are the first line of defense against intrusion from other networks.
- Centralized AV/OS patch management
The need to protect a system from malicious attacks is critical for customers. Yokogawa’s Anti-Virus Management and OS Patch Management help secure the system by blocking any form of malicious software and fixing software vulnerabilities which could lead to the disruption of plant operation. In addition, Yokogawa offers “system hardening” which removes all non-essential software programs and utilities from plant workstations.
- Network management system
The necessity for network devices to monitor the network status (i.e., network loading, network up/down) can be achieved through the network management system. In addition, the solution can monitor the usage of memory and hard disks of servers. This solution provides centralized management involving a dedicated network monitoring and management server as the point of administration for all monitored clients.
- Network health check service
Communication traffic may appear to be working smoothly, but it cannot be seen with the naked eye. The network health check service provides clear reporting on network traffic, enabling close monitoring of all vital communication.
- Backup and recovery system
Yokogawa understands that customers need to protect all information in their systems. The backup & recovery system ensures that all information remains intact even after an incident, thus facilitating rapid restoration of the system.
- Centralized user/PC setting management
Yokogawa offers a solution that can easily manage all customer resources on a network. The active directory service simplifies user and computer management. Policies can also be created in the active directory to meet the security requirements of the customer. Yokogawa application user/groups will be seamlessly integrated with the active directory.
Saudi Aramco's operations span the globe and the energy industry. The world leader in crude oil production, Saudi Aramco also owns and operates an extensive network of refining and distribution facilities, and is responsible for gas processing and transportation installations that fuel Saudi Arabia's industrial sector. An array of international subsidiaries and joint ventures deliver crude oil and refined products to customers worldwide.
yi-MAC stands for YOKOGAWA Innovative Main Automation Contractor:
- Full control of scope and schedule across packages
- Realization of customer expectation
- Single point of responsibility
- Providing fully integrated solutions
The ability to deliver a full scope of project execution capabilities is becoming more important than ever for automation suppliers that wish to compete on a global scale. Process automation suppliers have always had some degree of project execution capabilities, but only recently have suppliers and end users begun to realize the true economic impact that precise and comprehensive execution capabilities can have on the success of an automation project and on plant lifecycle costs.
The number of incidents involving attempted unauthorised access to computer systems via the internet as reported by CERT (Computer Emergency Response Team) was 137,539 in 2003. Statistics show an exponential increase in the number of reported incidents in the last five years. Although this can be partly explained by the increase in the number of computer systems in the world that are connected to the internet, it is nevertheless an alarming fact.
Yokogawa’s industrial automation (IA) product and service offerings, industry domain knowledge, and VigilantPlant approach – which emphasizes safe, secure, and uninterrupted operations -- provide a solid foundation for an Industrial Internet of Things that specifically addresses the requirements of process automation, particularly for the OT side of the equation. To be able to provide an equally solid foundation for the IT side, Yokogawa is partnering with Cisco Systems and other industry leaders.
This white paper provides an overview of how Yokogawa believes its customers can best prepare for and position themselves to benefit from IIoT-enabled technology and solutions and digitalization in general to emerge as the successful connected industrial enterprises of the future.
Network and system security is now a necessity in process automation industry. YOKOGAWA provides a service lifecycle solution for cyber security to ensure that the security measures and deployments are continuously enhanced, monitored and inspected.
This white paper explains the details of the security design, implementation, operation and validation solutions from the technical perspective.
Initially when control and safety systems moved away from being hardwired and relay-based to computerized systems, vendors and asset owners were more interested in functionality than security. Typically, especially in high risk environments in refineries and off-shore oil installations, the systems were standalone with a dedicated Safety Instrumented System.
Over the last ten years more security solutions have available, and more industrial end users have implemented them to protect their businesses. Today nearly all companies use an anti-virus product installed on their industrial control system (ICS), as well as having their ICS segregated from the business network and the Internet by a firewall.
Harness the Future of Innovation
Highlights of the 2014 Yokogawa Users Conference and Exhibition
September 9 - 11, 2014, Houston, TX
By the editors of CONTROL Magazine
Op zoek naar meer informatie over onze mensen, technologie en oplossingen?Contact