THE JOURNEY TO BE CYBERSECURE
Delivering Cybersecurity supported in our offerings
Cybersecurity has become a critical aspect of the power industry’s grid modernization. Today’s electric energy automation and operational technology (OT) control systems interconnect with multiple networks, systems, and locations, which has increased operational efficiencies tremendously. However, these interconnected digital system also has introduced cybersecurity concerns previously known only to office or enterprise IT systems. Furthermore, global challenges - such as more published vulnerabilities, a growing number of cybersecurity incidents targeting industrial control systems, and the increase in digitalization - have made it more complex to secure the electric energy OT automation and control system infrastructure.
When it comes to cybersecurity, the primary focus is on understanding cyberthreats and risk management. At Hitachi Energy, we are guided by the following principles: there is no such thing as 100 percent cybersecurity, and cybersecurity is not a fixed destination but an evolving target from new threats and bad actors.
Hitachi Energy’s end-to-end cybersecurity solutions assess risks wherever they arise, from control centers to communications networks to substation automation systems. We develop highly secure, trusted cybersecurity solutions for industrial and electric energy OT infrastructure, and mission-critical environments. Our evolving innovative product and system solutions place the highest priority on reliability and security.
SECURITY AND SAFETY
SUPPORTING ASSET OWNER’S REGULATION COMPLIANCE
SUPPORT AND INCIDENT RESPONSE
Secure your cyber assets and systems
CYBERSECURITY BY DESIGN
Cybersecurity is an integral part of product development at Hitachi Energy. From the outset, our grid automation products are designed with comprehensive, cybersecure measures. We have a well-defined Security Development Lifecycle program and implement multiple secure processes, including handling requirements, security training for software developers, threat modeling, in-house and external security testing. Our reliable, secure customer solutions also include built-in security features, such as individual user accounts and detailed security event logs.
When delivering a system, threaded throughout the project lifecycle, the project organization is responsible for the cybersecurity of our system delivery. Project execution embeds cybersecurity within processes during the design, engineering, acceptance testing, and commissioning phases. This approach is designed to deliver critical infrastructure solutions with the appropriate security properties and to securely execute projects.
Hitachi Energy's cybersecurity posture during testing and commissioning addresses cybersecurity in lifetime support services and future product adaptations, which includes implementing processes to resolve problems that might arise after product release. Read more here.
CYBERSECURITY FOR SYSTEMS
Hitachi Energy provides several offerings to help you manage the risks of cybersecurity exposure throughout the life of your industrial automation and control system:
ASSESS: Hitachi Energy carries out a cybersecurity assessment and an interview with you to understand your processes and procedures. A detailed cybersecurity assessment report is then produced and provided to you along with a set of recommended actions for improved cybersecurity specific to your system.
IMPLEMENT: We provide recommended actions for you to implement based on the cybersecurity assessment and our domain expertise. Upon agreement, Hitachi Energy implements the recommendations for your system, ensuring your critical systems are more secure.
SUSTAIN: By appointing Hitachi Energy as your cybersecurity partner; you enter a care agreement that ensures you benefit from our huge domain expertise across the globe. Your power systems will be regularly assessed and monitored by the Hitachi Energy cybersecurity service team for any potential cybersecurity infringements.
CYBERSECURITY AS A SERVICE
Cybersecurity is a constantly evolving target. Any cybersecurity measures that have been deployed need to be maintained continually. Plus, the effectiveness of your cybersecurity measures need to be assessed periodically in order to manage and reduce the risk of cybersecurity exposure. As an extension of our project delivery, Hitachi Energy offers security services that are focused on maintaining and increasing cybersecurity in the installed base of our grid automation systems. In addition to technical solutions, we provide training, consulting, and cybersecurity risk assessment solutions for any industrial automation and control systems.
The assessment provides technical and organizational analysis and proposes optimized measures to reduce cybersecurity risks at the installation. We offer a three-stage approach to optimize and maintain your system:
ASSESS - IMPLEMENT - SUSTAIN
Read all about our Cybersecurity as a Service offering here.
Hitachi Energy takes cybersecurity seriously and is committed to achieving certification to international standards in cybersecurity.
Hitachi Energy has successfully obtained certifications in:
- IEC 62443-2-4 sets the requirements for service providers that are involved in delivering industrial automation and control systems.
- IEC 62443-3-3 describes the requirements for an industrial automation and control system based on the security level. Our substation automation reference architecture that is based on our offerings is certified.
- IEC 62443-4-1 specifies the requirements for a product developer’s security development lifecycle. The requirements apply to our R&D unit that spans multiple countries developing our products. We received certification as well in IEC 62443-4-1.
- ISO 27001 is an international standard on how to manage information security. It details requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS). Hitachi Energy globally received certification in ISO 27001.
For Hitachi Energy, attaining and maintaining certification to these standards is the ideal combination for both Information Technology and Operational Technology. Read more about our Cybersecurity certification program here.
HANDLING PRODUCT CYBERSECURITY VULNERABILITY
At Hitachi Energy, we are committed to providing our customers with products, systems, and services that clearly address cybersecurity and minimize risks. The proper and timely handling of software vulnerabilities is one way we help you minimize cyber risks. Thus, we have established a formal vulnerability handling policy in relation to cybersecurity.
This rigorous multi-step process is aligned with international standards, namely ISO/IEC 29147 and ISO/IEC 30111, and is applicable on a company-wide basis. Please refer to our Hitachi Energy Software Vulnerability Handling Policy document (PDF).
For any reported vulnerabilities, we publish the cybersecurity advisory in our Cybersecurity Alerts and Notifications page.
Hitachi Energy’s intense focus on cybersecurity was rewarded in 2021, when we were accepted as a Common Vulnerabilities and Exposures (CVE) Numbering Authority.
By incorporating the latest cybersecurity standards into our products and systems, we can provide grid automation products and systems that help customers comply with all local laws and regulations
We're eager to partner with you!
Are you interested in a service agreement?
Our service agreements are tailored to your needs and offer total protection for your investment.
We have more than 40 engineering and service centers strategically located around the globe, ready to support you.