At this site technical articles published at the YOKOGAWA technical report are introduced.
The Security of Control Systems
- Seiichi Shin*1
*1 : Graduate School of Informatics and Engineering,the University of Electro-Communications
- Tatsuaki Takebe*1
*1 : Strategic Intellectual Property and Stan Standardization Dept., Marketing Headquarters
Several security standards have been proposed for industrial control systems. Standardization activities began in the United States and Europe and their results were then studied in Japan. Oil and gas, chemical, and electric power industries have produced results. Non-profit organizations in each industry contributed to standardization and governmental organizations also helped them. In addition, public and private research institutes have been participating in these activities to identify issues on security in industrial control systems and have been providing solutions. Among them, ISA99 has been playing the key role in investigating industrial control systems security from wide ranging perspectives. ISA99 developed ISA 62443, which defines reference model and reference architecture for an industrial control system connected to corporate information systems via DMZ, and defines the security requirements for organizations, control systems, and control devices. The international standards IEC 62443 series is combination of ISA 62443 series and WIB 2.0. A security evaluation and certification standard was developed by the ISA Security Compliance Institute referencing the IEC 62443 series. It is expected to be used for security certification in industrial control systems and to enhance the security of the systems. This paper summarizes industry and international standards for security, including those described above.
- Nobuaki Konishi*1
*1 : Systems Business Division, IA Platform Business eadquarters
Cyber security is a major concern for industrial control systems. This paper describes Yokogawa's comprehensive approach to cyber security for industrial control systems. First, it takes a look at cyber security issues regarding industrial control systems and summarizes Yokogawa's basic policy on them. This policy, focusing on a lifecycle approach and "Defense-in-Depth" proposed by Yokogawa, can be the basis for enhancing security in control systems. Then, this paper describes various actual measures based on the policy. Considering cyber security at the stage of product development, Yokogawa prevents design defects that may lead to vulnerability of its products. A laboratory of Yokogawa specializing in security has established security measures suitable for control systems, based on the experience obtained by Yokogawa through the supply of control systems over many years. These measures are used for system construction and operation. Finally, this paper describes how Yokogawa handles vulnerability when it is detected in its products. With these security activities, Yokogawa will continue to help customers stably operate control systems.
- Gen Kinoshita*1
- Yasuhiro Niii*1
*1 : Consulting Dept.2, Solution Business Division, Yokogawa Solution Service Corporation
As the number of cyber crimes soars globally, the number of security incidents involving control systems is also increasing. This is because control systems are shifting from their original technologies to general-purpose commercial IT. This imposes the same security risk on control systems as on information systems. As a security countermeasure for control systems, Yokogawa recommends the "defense in depth" strategy, which is achieved by a best mix of measures in technology, management, and operation. Appropriate security policies are key to the implementation of this strategy. By offering consultation based on knowledge obtained through a wealth of experience in supplying control systems and developing international standards, Yokogawa helps control system users establish security policies with the best approach. This paper introduces both how to draw up security policies and Yokogawa's security consulting services.
- Katsuhiro Takamatsu*1
- Tsuyoshi Katou*1
- Hiroyuki Makabe*2
*1 : System Integration D&E Dept., Global Development Center, IA Platform Business Headquarters
*2 : Digital Hardware D&E Dept., Global Development Center, IA Platform Business Headquarters
To ensure the security of products, it is important to take measures in each phase of their development and also to implement security functions in the products themselves. This paper introduces the security development lifecycle that Yokogawa applies to each development phase of its system products. This paper also describes examples of security functions implemented in control systems. These are OS hardening, optimization of antivirus software, and security measures implemented in Vnet/IP to maintain the security of control networks even in an open network environment. Security is also being enhanced in recent security certification programs. In particular, the ISASecure certification program aims to become an IEC standard and it is attracting attention. In an effort to keep up with this trend, Yokogawa has acquired the certifications of this program for its core products, CENTUM VP and ProSafe-RS.
- Kinichi Kitano*1
- Shuji Yamamoto*1
*1 : Business Initiative Department, New Field Development Center, IA Platform Business Headquarters
From the beginning, Yokogawa has been participating in standardization and dissemination of ISA100.11a, a wireless communication standard for industrial automation advocated by the International Society of Automation (ISA), and has been expanding its product portfolio with conformance to this standard. Although field wireless standards including ISA100.11a are being introduced into plants widely, security is still one of the major concerns. This paper introduces the security measures of ISA100.11a and Yokogawa's efforts to enhance plant security.
- Masaki Kawasumi*1
- Ichiro Ochiai*1
- Kenichi Yokoyama*1
*1 : YEI System Integration Technology Center
High availability is required in control systems that support critical infrastructures. Therefore, they must be protected from a growing number of cyber-attacks. However, without appropriate consideration of the requirements and operational conditions specific to control systems, engineering for security countermeasures may cause system failures. Meanwhile, Yokogawa has established its own best practices for security countermeasures based on its wealth of experience in providing control systems to customers over many years and through knowledge obtained through its involvement in international and governmental standardization. Yokogawa can offer proper security engineering based on these best practices. This paper introduces Yokogawa's security concept for control systems and the related engineering.
- Kazuya Suzuki*1
- Kenichi Eso*1
- Shunsuke Baba*2
*1 : PA Systems Planning Dept., Systems Business Division, IA Platform Business Headquarters
*2 : Yokogawa IA Technologies India Private Ltd.
Stable network operation is indispensable for stable operation of industrial control systems. However traditional network management systems and visualization systems do not have enough functions for understanding the condition of their networks. Yokogawa has developed a system for visualizing network traffic that helps operators to quickly understand the current network condition. A network traffic visualization system consisting of two major components, a capturing tool and a traffic viewer, was developed to satisfy the requirements. The capturing tool connected to a network switch or a router captures network packets and sends them to the traffic viewer, which visualizes the state of all packets from sources to destinations. The evaluation with an actual industrial control system proved that this system can detect undesirable events such as suspicious communications that may disturb stable operation of industrial control systems.
- Hiroshi Itakura*1
- Toshihiro Hatakeyama*1
- Kentaro Hayashi*1
- Kumiko Takayashiki*1
*1 : Business Planning & Development Dept., Global Service Center, Solution Service Business Headquarters
In the office automation environment, security measures are implemented, as a matter of course, in endpoints such as PC servers and terminal devices. However, many human machine interface (HMI) terminals and server systems in industrial control systems are left without any security measures. Since 2010, many incidents have been reported in which malware (malicious software, a kind of computer virus) invades and proliferates inside control systems, and then makes HMI terminals inoperable, leading to plant shutdowns. Many such incidents could have been prevented if security measures had been implemented at proper endpoints. In this paper, security measures for endpoints including HMI terminals and PC servers are shown as a comprehensive security measure for control systems.
- Hirotaka Tsuji*1
*1 : IA Platform Business Headquarters Common Technology Development Center Technology Promotion Dept.
These days, the risk of a cyber-attack is recognized on not only information systems but also industrial control systems, and for Yokogawa's business, security has become an important requirement for our customers. Customer satisfaction is inherent in Yokogawa's corporate philosophy and to achieve it Yokogawa needs to work harder, through its products and services, to ensure the security of customers' environments. In 2014, Yokogawa disclosed vulnerability in the CENTUM CS 3000 integrated production control system. This is the first time that Yokogawa disclosed a vulnerability to people other than users, and several problems were found while responding to these. Taking this opportunity, Yokogawa Point of Contact (YPOC) revised the vulnerability handling standards and system with a view to issuing them as rules for the entire Yokogawa Group. This paper describes these standards and system.
- Hideo Doi*1
- Takeshi Nakajima*2
- Teunis Both*3
- Ralph de Leede*3
*1 : Analytical Products Dept., Product Business Center, IA Platform Business Headquarters
*2 : Software D&E Dept., Global Development Center, IA Platform Business Headquarters
*3 : Yokogawa Process Analyzers Europe B.V.
In recent years, the share of liquid analyzers with smart sensors has been expanding especially in Europe. Unlike conventional analog sensors with no active components, smart sensors containing an electrical circuit can complete the measurement by itself and output the measured values as digital data. This digitization is expected to improve maintenance efficiency from calibration to data management and enable an integrated measurement management system to be constructed. Yokogawa named its smart sensors SENCOMR (SENsor and COMmunication) and released them in September 2013. This paper introduces the features and upcoming trend of smart sensors, and Yokogawa's efforts in developing this technology.