Yokogawa Electric executives recently briefed ARC Advisory Group on the companies countermeasures needed to address specific vulnerabilities in cyber security recently found in its Centum control system. Although this is the first time that vulnerabilities have been found in Yokogawa’s DCS software and no related customer incidents have been reported, the company is acting proactively to resolve the issues.
ARC Advisory Group have highlighted the key points of this briefing as:
- While the fundamental principles and organizational structure of the company’s cyber security lifecycle support will remain unchanged, security measures will be further strengthened. The current product centric security policy developed for the industrial automation division will be extended across the entire corporation to incorporate engineering and human elements across all divisions.
- Yokogawa is addressing the identified vulnerability by providing customers with visibility into the security issue and has quickly implemented a comprehensive program of appropriate countermeasures. These include software patches for all affected systems.
- Yokogawa is proactive about managing the technical competency of its security experts. The company has more than 600 certified experts and four security competence laboratories are available to assist customers. The company stands ready to supply any needed engineering support to customers in line with the company’s security lifecycle management policies.
Countermeasures for vulnerability
When vulnerabilities are found in the system, Yokogawa has adopted a policy to reveal information of the vulnerability and make appropriate countermeasures available to customers as soon as possible.
Security advisory reports
Yokogawa openly published its first Security Advisory Report on its website on 7 March 2014 to inform customers of the availability of security patches for three vulnerable areas found in operational and monitoring functions of Centum CS 3000 R3.
Following the progress of its internal research, the company released its revised Security Advisory report on 9 May, which extended the alert to additional Yokogawa system products, including the Centum VP distributed control system, ProSafe-RS safety instrumented systems, and the Exapilot operation efficiency improvement package.
Yokogawa can now offer patch software for each of its latest revisions immediately, free of charge. Depending on customer need, Yokogawa will also develop and prepare patches for older versions.
Adapted from a press release by Emma McAleavey.
Read the article online at: https://www.oilfieldtechnology.com/product-news/19052014/yokogawa_cyber_security_65/