Please select a language

Please select the country/region where you would like to introduce your business.

Contact Us
Contact Us

Please select a language

Please select the country/region where you would like to introduce your business.

Knowledge OT Security – An Essential for Overseas Locations and Factories: Introduction to Risks and Specific Countermeasures(2/3)~Guidelines for OT security~

For OT security, there are international guidelines and frameworks that aim to eliminate risks specific to the OT environment. In particular, the “NIS2 Directive” developed by the EU has established important standards.


img

OT (Operational Technology) security is essential in the manufacturing and infrastructure sectors, where digitization is progressing, and the risk of cyber-attacks is increasing. To achieve OT security, it is vital to have a clear division of roles between headquarters and overseas locations so they can cooperate promptly. Headquarters are responsible for overall security standards and governance, while overseas locations need to strengthen coordination throughout the supply chain, taking into account locally specific risks. 

This article explains the risks and specific countermeasures in OT security based on guidelines, details how to establish a security system on a global scale, and discusses specific OT security essentials in three parts.

3. Guidelines for OT security

For OT security, there are international guidelines and frameworks that aim to eliminate risks specific to the OT environment. In particular, the “NIS2 Directive” developed by the EU has established important standards.

Guidelines for OT security

Article 21 defines 10 key basic policies, including risk analysis and incident response systems, backup and vulnerability management, supply chain security enhancement, and multi-factor authentication (MFA).
Of all the measures, a risk assessment based on “risk analysis and periodic risk assessment” according to the characteristics of each location can help visualize vulnerabilities and security gaps and prioritize measures to address them.

In line with the “Standardization of Incident Response and Development of a Rapid Action System,” setting global response standards at the headquarters and establishing a system that allows for immediate local response at overseas locations will prevent delays in response due to time differences and distance.

By following the above guidelines, the “cyber resilience” of the entire enterprise can be enhanced by reducing the risk of system outages, production delays, and spillover to the supply chain in the OT environment. In addition, improved coordination and governance among locations can serve as a foundation for ensuring consistency in the global security structure. Please refer to the following article for more details.

Source:EU NIS2 Directive Summary (Ministry of Economy, Trade and Industry
Japanese)https://www.jraia.or.jp/members/uploads/files/230526_METI_NIS2.pdf
*Place the link to the NIS2-compliant article.