Security has been an embedded driver in the process industry for several decades. Since the first fence was erected around a production facility, or the first night watchman toured a buildings premises to restrict access and prevent deliberate or inadvertent consequences, security has played an important role in the respective business.

Physical security has grown and become more complex to combat the evolving threats in the world today, and growth is unlikely to slow as new threats continue to emerge. The cost to defend, protect and secure increases as threats evolve, and businesses struggle with the challenge of keeping abreast of the evolving threats as they change.

Today we are accustomed to the growing presence of physical security as it threads its way through our lives. We are, however, less familiar with the hidden intrusions that happen on a digital level, but the deliberate or inadvertent consequences can be said to be even higher due to the growth in digitization, and the act of protecting ourselves against such intrusions is becoming more important; now commonly known as Digital Security.

Rapid Growth in Technology

Over the past two decades we have seen exponential growth of technology enter our lives and businesses. This growth was brought about by three major points:

Moore’s Law: allowing technology to constantly evolve
Parkinson’s Law: that can be related to data expanding to fill the available space or processing power; and
Competition: Rapidly falling costs and increased availability and falling costs

Moore’s law refers to an observation made by Intel co-founder Gordon Moore in 1965. He noticed that the number of transistors per square inch on integrated circuits had doubled every year since their invention. Moore predicted that this trend would continue into the future, allowing technology to constantly evolve, which is obviously true up to today.

Cyril Parkinson, a British historian, first observed a trend during his time with the British Civil Service that “Work expands so as to fill the time available for its completion” – this concept can be applied to several areas and has come to be known as Parkinson’s Law. Relating to data: data expands to fill the available space or processing power allotted to it.

In economics, the theory of supply and demand has been proven true: as supply increases demand decreases, and prices drop. As technology improves and becomes more widely available to everyone, people are willing to pay less and prices drop significantly.

All three of the points stated above lead to lower entry points (barriers) for newer technologies. As technological advances become easier, and more people (and companies) join the game, there is a tendency for customers to gravitate to the latest available technology as it is assumed to be the best. As people gravitate to the newest technologies, they leap over solution-updates that have already been proven, leading to cheaper updates overall. Generally, the mindset is: if we see a new technology, we want it now.

As a consequence, information is traveling faster than ever before and our leaders no longer have a time buffer built into their decision making. Furthermore, if a major incident were to occur, information is readily available to the public and the sharing of this information drives public opinion almost immediately. The world has seen the effects of this several times in our recent history, resulting in crippled companies and toppled governments.

Improve Digital Safety In Parallel with Operational Safety

Traditionally, operating companies place great emphasis on safety in their corporate culture. When compared to most other industries, operating companies go the extra-extra mile and build sophisticated remote monitoring centers to provide guidance and oversight to their employees working offshore, in an effort to prevent even the smallest incident. However, the Deepwater Horizon (Transocean/BP) accident in 2010 clearly demonstrated how an unintended accident can occur at anytime, and how the impact of such an event, to a community and company, can be catastrophic.

By incorporating these remote monitoring centers, safety is improved but the company’s digital footprint grows significantly which adds risk to another area, in that it enhances the exposure to possible cyber-intrusion. As a result, it is a necessity to create a safe and predictable work environment by improving Digital Safety in parallel with safety in operations, at every production facility.

Off-the-Shelf Solutions

Due to the fact that Digital Security is now an absolute necessity, process control systems are directed towards utilizing commercial off-the-shelf (COTS) components to acquire improve capabilities and reduce costs. While the use of COTS brings various merits, it has also introduced its own set of security problems.

Control systems are expected to operate over the span of production facility (20 to 25 years) and have extremely high availability. In contrast, the COTS components of the system are subject to a much wider market audience that drives rapid obsolescence and increases exposure to widespread attacks as techniques become more sophisticated each year. As a result, the security measures installed at the beginning of a systems lifecycle may not be sufficient to prevent the attacks deeper into the plant lifecycle.

In other words, as the control system ages it may be increasingly difficult to install and maintain the latest security recommendations and maintain the appropriate level of safety, resulting in increased systems exposure. Moreover, even if the control system is able to be updated, without the appropriate testing, the risk of an unintended trip increases.

COTS components are constantly changing and improving; if plants do not upgrade often (which can be costly and inconvenient) they are at significant risk..

COTS components will remain as a integral part of the process control system and vendors are taking measures to integrate security into their designs and system lifecycle. These include:

Description		Response
Following recognized international standards	Design	Preventative
Embedding security into the design of the process control system	Design	Preventative
Partnering with COTS suppliers to provide an integrated hardened solution which has an obsolescence lifecycle relevant to the respective industry	Design	Preventative
Building systems architectures around a defense in depth philosophy	Design	Preventative
Incorporating security as a key engineering discipline when building the system	Design	Preventative
Existing infrastructure assessment surveys	Service	Analysis
Provide integrated services that are aimed at continued prevention, detection and isolation across system and the COTS components	Service	Preventative
On-going testing and backwards assurance against the latest known threats	Service	Preventative
Security Response Assistance	Service	Analysis Reactive

Conclusion

Much like the physical security provided at production facilities, there is a cost associated with each of the activities outlined above.

First, there is an infrastructure cost that lays a foundation to build on, much like the physical barriers built around our refineries and power plants today. In the case of retro-fitting to an existing facility without disrupting production, the cost can be high. However, when security is designed to meet the specifications of a new facility, the costs are much lower. Much like security officers that patrols the physical barriers and screen visitors at our operating facilities each day, there is a maintenance cost as well.

Like our physical security, the investment in digital security is a function of what we are trying to protect and the exposure if breached. It is not only a necessity to have digital security, but to also be keep abreast of the changes and threats that effect such security systems, and update our systems accordingly. The cost and inconvenience level may seem high, but the repercussions that can result in neglecting these security measure may be irreparable if they were to occur.

If you enjoyed this article you may also enjoy: SecureIT - Basic Cyber Defense

Feel free to leave us a comment below!

Apr 18, 2024

Oil & Gas Operations and Decision-Making in the Cloud Era

Recently, KBC launched the Acuity Industrial Cloud Suite, consolidating its simulation software solutions. It aligns with KBC's portfolio to address challenges in energy transition, process optimization, value chain optimization, and asset management. For insights, we interviewed Rolando Gabarron, a senior consultant in product management.

Apr 2, 2024

Behind the scenes of Pioneers: Pursuing objectives while also focusing on personal growth with Esmeralda Roxas

In the dynamic landscape of professional careers, the journey of growth and adaptation of Esmeralda Roxas at Yokogawa stands out. From her humble beginnings in system sales engineering for upstream oil and gas to her current role in network security, her trajectory is a testament to resilience, proactivity, and a thirst for knowledge.

Dec 21, 2023

The Necessity of Converged IT/OT SOC in Strengthening Cybersecurity for Today's Industrial Landscape

In the rapidly advancing technological landscape, industrial organizations face escalating cyber threats. To fortify cybersecurity, embracing a Converged IT/OT SOC is imperative. Yokogawa's cloud-based IT/OT SOC service provides a holistic defense, offering integrated visibility, proactive measures, and real-time monitoring. As cyber threats evolve, businesses can stay ahead with Yokogawa, safeguarding operations effectively in the cybersecurity race.

Dec 19, 2023

Yokogawa Recognised as a ‘Leader’ in Verdantix Green Quadrant for Process Safety Software 2023

Yokogawa has been acknowledged as a key software platform provider in the Green Quadrant report published by Verdantix and achieved the title of a 'Leader' in Process Safety Management. This recognition stands as a great achievement for Yokogawa, showcasing excellent performance in areas such as Control of Work, Mobile, Platform Interoperability, Integration, and Sustainability, including ESG considerations, among other notable areas.

Dec 18, 2023

Behind the scenes of Pioneers: Mahalakshmi R, Deputy Head, Yokogawa India Service: A Trailblazer in Leadership and Career Success at Yokogawa

In a recent interview, Mahalakshmi, Deputy Head at Yokogawa India Service, revealed her remarkable 28-year journey with the company. A leader in training and customer service, she has driven innovative projects and fostered a culture of success. Let's explore the key elements that have defined her leadership and career at Yokogawa.

Nov 30, 2023

Optimizing Energy Efficiency for Industrial Enterprise Buildings & Offices

Explore Yokogawa's EEMS revolutionizing energy efficiency in industrial buildings, recognizing their substantial impact on global energy consumption and CO2 emissions. This blog delves into EEMS's digital prowess for optimizing energy dynamics through real-time monitoring and a centralized platform. Uncover insights into smart meters, sensors, and communication protocol challenges and solutions.

Oct 2, 2023

Enhancing Energy Security Unveils the Power of Convergence and Yokogawa's Cybersecurity Program

In an age of looming cyber threats, the energy sector's vulnerability is glaring. Embracing IT-OT convergence is vital to combat these risks. Explore the benefits, challenges, and the pivotal role of Yokogawa's cybersecurity program in safeguarding energy systems against cyber threats. Discover more in our enlightening infographic, here: Access the infographic. Convergence merges security aspects for a unified defense, yet poses new risks. The Colonial Pipeline incident highlighted the cascading impact of IT breaches on OT systems. Yokogawa's comprehensive cybersecurity program addresses these challenges, offering tailored solutions, risk assessment, layered defense, monitoring, and employee education. Join us in fortifying cybersecurity posture.

Digital Solutions Blog

Digital Security & Off-the-Shelf Solutions

Rapid Growth in Technology

Improve Digital Safety In Parallel with Operational Safety

Off-the-Shelf Solutions

COTS components are constantly changing and improving; if plants do not upgrade often (which can be costly and inconvenient) they are at significant risk..

Conclusion

Looking for more information？

Yokogawa Digital Solutions

Contact us