Yokogawa's Comprehensive Lifecycle Approach To Process Control System Cyber-Security
Yokogawa's Comprehensive Lifecycle Approach To Process Control System Cyber-Security
Yokogawa's Comprehensive Lifecycle Approach To Process Control System Cyber-Security
SEPTEMBER 2011
Executive Overview
Todays process control systems can take advantage of advanced generalpurpose IT to reduce costs, improve performance, enable
Todays cyber-security threats
mean that industrial process
control system users and
suppliers alike must be
increasingly vigilant against
interoperability and add other important new capabilities. However, the very same technologies make todays
industrial systems increasingly vulnerable to security
intrusions malicious or otherwise from both within
need to maintain nonstop operations and provide deterministic response) often make employing these tools and
techniques in industrial environments problematic.
Introduction
In the past, industrial automation systems (DCS, SIS, SCADA, etc.) were
largely closed, proprietary, and standalone (unconnected) in nature. While
this made interoperability challenging, from a security perspective, it minimized opportunities for and the likelihood of external intrusions
While todays process control
systems can take advantage of
advanced general-purpose IT to
performance, enable
interoperability and add other
important new capabilities; the
very same technologies have
made todays industrial systems
increasingly vulnerable to security
intrusions malicious or
Furthermore,
general-purpose, internet-enabled information technology (IT) developed for commercial and business
lieved that their systems and networks were obscure to the general public
and thus safe from cyber-attacks. Clearly, this is no longer the case.
Todays cyber-security threats mean that industrial process control system
users and suppliers alike must be increasingly vigilant against current and
future intrusions that could compromise the security
Users, suppliers, industry
environment (HSE).
Since industrial process control systems typically have a much longer lifecycle than do commercial systems (fifteen or more years for industrial
systems, vs. three to five years for commercial systems) and since both system technology and cyber-threats are ever-changing, automation system
suppliers must embrace a lifecycle approach to industrial cyber-security.
Ideally, this should involve a continuous improvement process of assessment, implementation, monitoring, and maintaining. As explained in this
white paper, this is precisely the approach that Yokogawa, one of the
worlds leading suppliers of process automation systems and related technologies and services, takes with its CENTUM process control systems,
ProSafe-RS safety systems, STARDOM and FAST/TOOLS SCADA systems
and related instrumentation and software applications.
helping to ensure the stable operation of its customers systems, Yokogawa built its security lifecycle
approach upon industry cyber-security standards;
Yokogawa Security Lifecycle
Yokogawa invests in the human and technical resources it believes are required to sustain a high level of competence in the cyber-security area. The
company supports international cyber-security standards; develops and
rigidly enforces internal engineering standards; carefully considers security
issues in the development of the companys system products, platforms,
and interfaces; and delivers a variety of related lifecycle services. Together,
these efforts are intended to help the companys customers reduce cybersecurity risk to a degree that is as low as reasonably practical (ALARP).
standards currently in
development.
plant areas, or zones in which they are applied. Security assurance levels
and security zones, which are somewhat analogous to the safety integrity
levels (SIL) used for process protective and other safety systems, are described within the ANSI/ISA S99 security standards.
According to the company, Yokogawa system products provide the mission-critical reliability and robustness required to help ensure safety and
security. The company also aligns the critical conduits between zones (a
prime target for intrusions) with the appropriate target SAL. This includes
zone-to-zone conduits, component-to-component conduits, and operator
interface-to-component conduits.
architects, engineers, and product development experts start the product design process from a clean
sheet of paper. This enables them to design security
security as a pasted-on
tion stage.
In the product development stage, Yokogawas devel-
opment engineers check the source code for software-based products, using
third-party tools to remove common vulnerabilities.
Prior to commercialization, Yokogawa system products are certified using
the companys extremely rigid internal certification process, based on established international standards. In addition, as a fundamental part of the
product lifecycle, Yokogawa system products undergo security evaluation
conducted by external security consultants based upon their prescribed
practices and proven technologies.
Finally, as part of the lifecycle approach, the companys development engineers based at various locations around the world participate in an ongoing
education program designed to familiarize them with the latest threats, potential vulnerabilities, and countermeasures.
components
into
functioning
system
vulnerable, non-essential
functionalities.
bility of the OS. Target operating systems include Windows XP, Windows
Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2.
This hardening tool runs two different procedures depending on the designed security policy and the integrated system in question and the
relative sensitivity of the application. The objectives are to:
Harden Yokogawa systems products throughout with a single security
model in which the OS is secured against attack from both internal or
external networks, such as third-party devices or networks
Allow Yokogawa systems products to be combined with legacy systems, for which latest and most recommended security procedures in
industrial environments do not apply
Furthermore, additional strengthened procedures are supported for Yokogawa systems products, which the company implements as needed to
match the specific risk levels for different environments.
Using Security Standards as a basis, Yokogawa engineers use the companys system hardening tools to configure the PC/server so that base
(registries, services, and local security policy), networking (personal firewall, file sharing control, NetBIOS over TCP/IP, DCOM setting, etc.), user
account management and access control, and USB control are all configured
securely.
These actions supplemented by a rigorous verification program that uses
custom plug-in tools to verify robustness help ensure that the company
can deliver an integrated, yet secure system to its global customers. The
company can also use these tools to verify the robustness of customers existing system. During the verification program, users are provided with a
simple and comprehensive view of the security level of their control systems based upon the companys defined indexes.
Yokogawa has
Countermeasure Implementation
Many industrial organizations lack the internal resources needed to deal
with identified threats to their industrial systems and networks in a manner
that will not negatively impact production operations or health, safety, and
environment. To respond to this need, Yokogawa created an additional
VigilantPlant Service to deliver appropriate, non-intrusive countermeasures
to the assessed threats and/or vulnerabilities of installed control systems
following the assessment and consultation service.
The service includes:
Virus check
USB port lock
Security patch update
Software backup and recovery
Unauthorized software control
Even in the face of constantly evolving cyber-security threats and evolving
platform technology, these services can help ensure that installed systems
remain as robust and secure over their entire lifecycles as they are at commissioning.
sophisticated
cyber-security
threats.
The Security Competence Laboratories research today's security technologies and real-world cyber-security implications for industrial operating environments and develop solutions and
countermeasures that are best suited for different industry sectors, applications, and system configurations.
Recommendations
Security experts agree that, given adequate time and resources, any system
even hardened, relatively segregated, industrial control systems can be
penetrated by determined external hackers or careless or disgruntled employees.
acceptable level (as low as reasonably practical) and to do so without compromising the basic functionality of the system.
ARC believes that Yokogawas
security and engineering standards, work together to enforce defense in depth to help provide a solid foundation
for secure industrial control systems and stable plant operation.
acceptable level, users must cultivate a security culture across all departments and develop and enforce internal security processes and
practices based on ANSI/ISA S99, NIST SP 800, and other industry standards and best practices.
Dick Hill
HMI
B2B
Business-to-Business
IOp
Interoperability
IT
Information Technology
MIS
CAS
OpX
Operational Excellence
PAS
CPG
PLC
PLM
Management
DCS
Management
SCM
ERP
Founded in 1986, ARC Advisory Group is the leading research and advisory
firm for industry. Our coverage of technology from business systems to product and asset lifecycle management, supply chain management, operations
management, and automation systems makes us the go-to firm for business
and IT executives around the world. For the complex business issues facing
organizations today, our analysts have the industry knowledge and first-hand
experience to help our clients find the best answers.
All information in this report is proprietary to and copyrighted by ARC. No part
of it may be reproduced without prior permission from ARC. This research has
been sponsored in part by Yokogawa. However, the opinions expressed by
ARC in this paper are based on ARC's independent analysis.
You can take advantage of ARC's extensive ongoing research plus experience
of our staff members through our Advisory Services. ARCs Advisory Services
are specifically designed for executives responsible for developing strategies
and directions for their organizations. For membership information, please
call, fax, or write to:
ARC Advisory Group, Three Allied Drive, Dedham, MA 02026 USA
Tel: 781-471-1000, Fax: 781-471-1100, Email: [email protected]
Visit our web pages at www.arcweb.com
3 ALLIED DRIVE
ARGENTINA
DEDHAM, MA 02026
USA