Mitsubishi Materials Corporation

Strengthening Information Security

Strengthening IT Asset Management

Protecting manufacturing technologies

Strengthening OT security

Information technology (IT) generally refers to systems that save, process and communicate information, serving as the technology that supports business processes. Meanwhile operational technology (OT) represents the systems that control and monitor production equipment and devices, serving as the technology that directly supports the operation of plants and factories. Because of these differences, OT systems require real-time performance and high availability, and generally once they are installed, they are used for long periods and are difficult to modify. In recent years OT environments have also become digitized and seen the advance of IoT technologies, exposing them to an increased risk as the targets of cyber attacks. Once an OT system is attacked, it can lead to production line stoppages, reduced product quality, and depending on the severity, cause serious accidents that imperil people's lives. That is why strengthening OT security is a challenge of the highest priority for the manufacturing industry.

Challenges with OT security

Security challenges in OT environments are wide-ranging. First, since OT systems are designed to operate for extended periods, they often use older technologies and software, which can lead to vulnerabilities. In addition, since many OT systems operate on closed networks that are generally not connected to the Internet, their defenses against outside attacks can be inadequate.
And as IT and OT become increasingly integrated, there are growing risks of attacks on OT systems via IT systems. For example, there are examples of malware infections that have entered via IT systems spreading to OT systems, along with a growing risk of unauthorized operation utilizing remote access. To face off against these challenges, security measures designed to combine IT and OT are needed.

Specific measures to boost security

Measures to beef up OT security include the following. We adopted OT security guidelines in the fiscal year ended March 2024 and plan to steadily phase in measures going forward.

  1. Network segmentation: Clearly separating OT and IT networks and blocking unnecessary communications between them prevents the spread of attacks.
  2. Access control: We strictly manage access privileges to OT systems and implement access control based on the principle of granting the minimum required permissions.
  3. Patch management: We regularly update the software and firmware of our OT systems to patch known vulnerabilities. However, careful planning is needed to ensure stable system operation when applying patches.
  4. Monitoring and detection: We have strengthened OT network monitoring and have systems in place to detect abnormal activities and suspicious behavior in real-time.
  5. Incident response plans: We have clearly laid out the procedures to follow when responding to a cyber incident and conduct regular drills.

Specific measures to boost security

MMC, MBS, DFF Inc., Trans-Asia Inc., ideaship Inc., KPMGあずさサステナビリティ

PAGE TOP