Cybersecurity for OT/IT Collaboration
Yokogawa is a leading global provider of Industrial Automation and Test & Measurement solutions. Yokogawa has provided field-proven operating efficiency, safety, quality, and reliability for more than a century by integrating outstanding technology with engineering services, project management, and maintenance.
“Yokogawa has witnessed and been a part of the major technological innovations that have brought benefits and changes across industries and societies,” says Yu Dai, Director, Senior Vice President, Head of Digital Solutions Headquarters, Yokogawa. We are now embracing digital technology and the vast digital connectivity that connects all systems in various ways to achieve highly sophisticated and large systems with complex features, functionalities, and new potentials. When digital technology is integrated with operation technology, it can help organizations in achieving overall optimal operations. This includes smart manufacturing, smart enterprise, smart society, etc. Digital transformation has become a global trend nowadays, which has been accelerated by the COVID-19 pandemic.”
However, with the introduction of smart manufacturing has come new cyber threats. Today’s cyber-attacks on operational technology and industrial environments are more sophisticated than ever before. Advanced hacking methods, such as those that involve artificial intelligence technology, are being used to execute more successful attacks.
“The number of security incidents in OT areas is increasing, especially ransomware attacks,” says Yukihiro Funyu, Vice President, Head of Digital Strategy Headquarters and DX-Platform Center in Digital Solutions Headquarters.
“Notably, a hacker attacked a U.S.-based oil pipeline company, and their operation stopped last May. Additionally, due to COVID-19, employees in the company have to work from home. There are many remote access points by VPN, RDP, etc. Hackers are targeting such kind of remote access points and vulnerable endpoints in companies every day by using advanced technologies like AI/ML-based hacking tools.”
To defend against such attacks, organizations need more intelligent security solutions. That’s where Yokogawa comes in. As one of the world’s leading industrial automation providers, Yokogawa believes OT/IT collaboration is key to ensuring that manufacturing operations can keep up with industry trends while remaining secure.
“Yokogawa aspires to lead the way forward as an integrator in a world where entire societies function as systems within larger systems,” Dai says. “With OT domain knowledge, project implementation capabilities, and a corporate culture that builds a chain of trust, Yokogawa promotes effective connectivity and creates value through overall optimization driven by integration, autonomy, and digitalization.”
Industrial Cyber talked to Yokogawa about the OT/IT collaborative approach and their vision for the future of smart manufacturing. This involves what Yokogawa calls IA2IA, the revolutionary transition from industrial automation to industrial autonomy.
“Smart manufacturing requires vast digital connectivity, collection, and processing of big data from all business units, manufacturing plants, utilities, and logistics facilities, suppliers, customers, partners, contractors, etc., in order to contextualize and share the real-time data, and provide solutions for real-time optimization and automation of the entire supply chain, manufacturing, logistics and transportation, and asset performance management processes,” Dai says. “Smart manufacturing requires IT technologies and products like IoT / IIoT, cloud, edge, AI, etc., for extensive connectivity and big data collection, processing, storage, communication, analytics, and AI applications, etc. It also requires OT technologies and products like sensing, measuring, and control to generate data, monitor and control manufacturing processes. Without IT, industrial automation cannot become as “smart” as we want. Without OT, IT cannot reach mission-critical process control. OT/IT collaborative approach is essential to developing industrial automation and realization of smart manufacturing, and IA2IA.”
While a high OT/IT collaboration level is essential to smart manufacturing and IA2IA, these combined technologies in an OT environment can also create integration and security challenges.
“OT/IT collaboration is bringing a revolution to industrial automation with tremendous potential value and business opportunities,” Dai says. “However, it will also bring big concerns for cybersecurity into IT/OT systems. In the past, OT systems were relatively closed systems for manufacturing process automation purposes only. The connection to the outside was minimal, which provided less opportunity for cyber attacks. Simply introducing IT technologies in the OT world is making traditional OT systems more open and more vulnerable to cyberattack, and we have seen that there are more reported ICS cybersecurity incidents.”
OT/IT collaboration challenges also include technology integration between OT and IT security on the provider side and organizational integration between OT and IT security on the company side.
“In the past, OT and IT were separated clearly due to the characteristics of required conditions,” Funyu says. “Based on these differences, companies had separate organizations between OT and IT. However, due to OT/IT collaboration and digital transformation, many companies are starting to utilize IT, like the cloud, in OT areas. Big contributors for OT/IT collaboration are IT/OT data integration by IIoT and OT/IT security. Especially for security, until now, the approach for OT and IT security was different. However, OT-related environments are starting to connect with the internet partially by IIoT, and some advanced companies are starting to shift a part of OT-related systems like SCADA to public cloud environments. Due to such trends, OT security and IT security will be integrated in the future.”
Continuously advancing security threats and limited OT security investment are putting manufacturers at risk. According to a 2019 ARC report, security budget spending is less than two percent of total expenditure. However, Yokogawa says security budgets should be at least 5 percent of total expenditures to realize smart manufacturing. Yokogawa IA2IA Survey Research showed higher-than-anticipated expectations for autonomy, with 64% of industrial owners predicting a transition to fully autonomous operations by 2030. Cybersecurity is expected to be the top investment priority over the next three years.
“In the past, the employees in the company worked in the office, and the main way of protection was to enhance network security like IDS, firewalls, etc., based on office location,” Funyu says. “While this is an excellent approach, now, we are doing work from home, and OT environments are starting to move to the cloud. This means that our operation is being virtualized, and our important data is moving to the cloud from segregated networks. We need to change our protection methods to be more flexible and dynamic. So, we need to consider setting up a security operation center in the company to realize dynamic security monitoring by collecting security logs from all OT devices and speedy actions to be taken.”
Yokogawa says end-users need to strengthen OT security by increasing and optimizing investment. This means investing in the latest technology like AI-driven threat intelligence.
“Until now, OT-related systems were in a closed network from the internet, that’s why there is a limited budget for OT security to enhance network security and update OT systems by security patch regularly,” Funyu says. “Now, the situation is changing by remote operation due to COVID-19 and IIoT, etc. There is an increase in connection opportunities between OT systems and the cloud. However, the way of protection is the same as the previous one. This is one of the reasons for this big gap.”
In addition to increasing cybersecurity investment, Yokogawa also recommends customers outsource cybersecurity management to OT security partners. This is where Yokogawa can help. The company provides and implements a comprehensive security lifecycle solution for IT/OT plant systems.
“There are many vendors who provide outsourcing services of OT security in the market,” Funyu says. “However, these services tend to be point solutions like only IDS monitoring. The way of protection is changing. The integrated security monitoring approach by collecting security logs from all OT devices is essential. This means that companies need to collaborate with some providers to have an integrated approach in the OT field with deep experience. Yokogawa is one such solution provider, and we can provide cybersecurity managed services not only in the OT area but also in the IT area.”
For more information on Yokogawa’s Cybersecurity services, Click Here