Yokogawa Corporation of America: Combining Industrial Automation and Cybersecurity to Create a Safer Cyber Infrastructure

Yokogawa Corporation of America: Combining Industrial Automation | CyberPro Magazine

A particularly destructive cyber-attack recently crippled a portion of the US’s vital infrastructure, stopping the Colonial Pipeline’s 5,500-mile route down the east coast. Many organisations, especially those dealing with vital infrastructure, found that this ransomware attack was a serious wake-up call and reexamined their vigilance policy as a result.

Scientists are always finding new, sophisticated viruses that target live systems. Because of this, cybersecurity is becoming a vital component of the industrial automation process.

Yokogawa has established a solid reputation for offering clients in a wide range of industries, including bioscience, energy, chemicals, materials, pharmaceuticals, food, and water, cutting-edge technology, advice, and services in the areas of measurement, control, and information.

Strong Cybersecurity’s Contribution to Digital Transformation

It’s no secret that technology has advanced capacities to a great extent, but automation in manufacturing has also helped businesses evolve. Automation was considered futuristic at one point. Automation is now possible in production facilities, enabling quicker, safer, and more effective processes. Yet, the numerous and various harmful cyberattacks impede automation procedures.

Yokogawa Corporation provides robust cybersecurity services and solutions to lower cyber threats in each customer’s industrial control systems (ICS) environment by adopting a lifecycle perspective. Organisations may depend on the long-term effectiveness of their business operations across several domains by putting in place a cybersecurity lifecycle management system. Effective cybersecurity management lowers the danger of ransomware demands, security lapses, and assaults, which is another fundamental requirement for reliable operations.

In order to lower cybersecurity risk, a cybersecurity programme will enhance and harmonise the plant’s three essential components: people, procedures, and technology. It assists in overcoming the formidable issue of minimising the human variables that contribute to events and narrowing the gaps between the three essential aspects.

Companies will be assisted in developing mid- to long-term strategies to implement their security programme across the plant’s lifecycle by a created security roadmap. Additionally, this roadmap will provide an easily comprehensible representation of the countermeasures required to meet the organization’s security objectives.

The security programme fosters a more effective organisational team synergy including all employees by involving many stakeholders. Additionally, it makes a big difference in strengthening the personnel’ increased dedication to their ongoing security awareness.

“We actively assist operators throughout the whole life cycle of the plant, consistently striving for enhancements in close collaboration with our clients. We mean it when we talk about co-innovating tomorrow.

Stronger is preferable. A Better Cybersecurity in Six Steps.

Based on Yokogawa’s experience, the following six processes result in the best cybersecurity solutions:


Efficient risk management for cybersecurity requires more than just robust technology and procedures. These days, a lot of cyber problems are caused by human error stemming from a lack of cybersecurity expertise and awareness. The first step in implementing cybersecurity measures should be to implement educational awareness and training.

Based on IEC 62443, Yokogawa Corporation provides customers with customised training programmes that may be accessed remotely or on-site as needed. These programmes address relevant information at various functional levels and take into account national and industry-specific requirements.


Inventorying assets and determining which ones are in and out of scope are the first steps in risk management. Using a risk-based approach enables organisations to evaluate the relative merits and drawbacks of various security choices in the context of a convoluted operational environment governed by numerous laws, regulations, and guidelines. Even the most seasoned individuals may find it difficult to design an operational technology (OT) cybersecurity plan due to the constantly changing threat landscape.

Establishing a risk security baseline to identify vulnerabilities and their corresponding impact and likelihood is a component of risk management. Writing the policies and business case is made easier by the results of the risk security baseline. It aids in establishing the OT baseline measurements as well.

Our programme uses a three-step process to assist clients with the OT domain risk assessment baseline:

Using the international standard IEC62443, a Technical Security Risk Assessment (TSRA) is used to identify security vulnerabilities on-site. The evaluation is also used to calculate the difference between the IEC62443 security targets and the state of cybersecurity today.

To identify security flaws in the business cybersecurity management system, use Operation Security Risk Assessment (OSRA). Organisation, procedures, and governance are the main topics of the evaluation.

To identify the security flaws in the business procedures pertaining to the business security risk connected to the OT data, use the Business Security Risk Assessment (BSRA). We specifically look at the possibility of OT information-related security breaches.

In order to determine the possibility and significance of potential undiscovered vulnerabilities, Yokogawa Corporation cybersecurity consultants collaborate with the client to assess the vulnerabilities that have already been found. The gap analysis between the current plant and the security standards outlined in IEC 62443 comes next. Clear comprehension of the evaluation results is crucial for laying the groundwork for the successful development of an extensive OT cybersecurity programme.


The question of how much money should be put in cybersecurity to obtain an acceptable risk level is crucial to the business case. To guarantee that the budget is established in accordance with the results of the security risk assessment, Yokogawa works closely with its clients.

Priorities are assigned to security risk categories in accordance with policies and procedures. Yokogawa’s consultants adopt a lifecycle approach, gradually collaborating with clients to create a practical risk mitigation plan and an execution timeline that elevates the plant’s security level.


The most important components in creating and implementing a cohesive security strategy inside an organisation are comprehensive and clearly defined policies and procedures. By utilising Yokogawa’s best practices, pre-made OT policy and procedure documents, and in-depth understanding of national standards, ISO/IEC 27001, IEC 62443, and the NIST framework, Yokogawa’s security consultants and experts assist clients in creating the best security policies and procedures possible. As a result, there are no gaps and people and technology are connected more effectively.


Yokogawa guarantees the deployment of the most efficient, hassle-free countermeasures by coordinating the full risk assessment with the business cases, rules, and processes of the organisation. Yokogawa’s staff of engineers and specialists is constantly trained to satisfy international security standards and requirements.

Among the standard security countermeasures are firewalls, unidirectional gateways, secure remote access, backup/recovery, automated/manual security upgrades, user and access control design, and network segmentation design.


Plant engineers’ crucial cybersecurity workload is lessened by round-the-clock protected monitoring, network activity analysis, and an overview of the security performance and compliance matrix. These measures also offer effective defence against both known and undiscovered cyberthreats.

The managed operation and maintenance services offered by Yokogawa Corporation are created securely to satisfy the specific needs of the client and guarantee that cybersecurity solutions that have been put in place are not eroding. Completely integrated, standard managed services include asset inventory management, threat analysis, incident response, and ongoing security monitoring and maintenance.

Increasing Resilience to IT/OT Security Issues

When it comes to designing cybersecurity for industrial automation and control systems (IACS), Yokogawa has over a century of experience providing industrial automation and services in both green- and brown-field projects. As such, we are well-versed in all aspects of information and operational technologies.

The most effective cybersecurity management solutions may be implemented by the users thanks to this high degree of competence. The company makes the full body of Yokogawa knowledge available to vital industries.

As a lifecycle value partner, we are committed to minimising risk and maximising company values. This is our overarching goal.

Apart from the apparent risks to cybersecurity, there exist several imperceptible dangers arising from concealed security vulnerabilities that greatly jeopardise business continuity strategies. Business continuity plans remain intact when cybersecurity management is put into practice. Yokogawa can assist in enhancing cybersecurity programs on both sides of the OT/IT divide, regardless of an organization’s level of development.

It is well known that integrating IT and OT systems while maintaining system security can be quite difficult. Which actions need to happen now, and which can wait? How should cybersecurity elements be applied seamlessly so that production is not disrupted? Which resources—financial, material, and human—are needed?

Yokogawa Corporation has a long history in security, therefore it is familiar with the answers to these crucial queries. Yokogawa is at home in all sectors and nations; it is knowledgeable about safety standards, laws, and best practices; additionally, it comprehends the latest developments in OT and IT/OT integration. To put it plainly, Yokogawa is aware of which sensible course of action to take and which to introduce.

In order to help clients avoid having their brand reputations damaged by unforeseen incidents, Yokogawa may meet them where they are in the security spectrum and offer a workable solution to reach the highest levels of protection against external threats. Investing in cybersecurity protects several information classes, including intellectual property, personal information, client sensitive data, and system operations, in addition to data breaches.

Yokogawa and Yokogawa Corporation of America: An Overview

Yokogawa serves clients in a wide range of industries, including energy, chemicals, materials, pharmaceuticals, food, and water, by offering cutting-edge technology and services in the areas of measurement, control, and information. Yokogawa uses digitally enabled smart manufacturing to facilitate the shift to autonomous operations and serves customers with increasingly complicated production and operations management needs as well as supply chain, energy, and asset optimisation.

Established in Tokyo in 1915, Yokogawa is a global network of 119 enterprises spanning 61 countries, employing over 17,500 people that strive towards a more sustainable society.

Yokogawa has a wholly-owned subsidiary called Yokogawa Corporation of America. The company was founded in 1957 and has its main office in Houston, Texas. It also has manufacturing and service facilities located all across the United States, Canada, and Mexico. 

To learn more, go to www.yokogawa.com/us.