HOME > Case Studies > Industrial Automation > Idemitsu Kosan Co., Ltd.

Idemitsu Kosan Co., Ltd.

Idemitsu Kosan, whose oil refining business provides energy for people’s everyday lives and economic activities, recently updated its plant information management system to meet the increasing threat of cyberattacks on important infrastructure. The new security-enhancing system, which uses the only communication standard recommended for Industry 4.0, gives company employees peace of mind as they analyze and utilize operational data.

An increasing risk of cyberattacks targeting important infrastructure

In the more than 100 years since its founding in 1911, Idemitsu Kosan Co., Ltd., has been supplying energy for daily living and economic activity. In April 2019, the company completed management integration with another company in the same industry. The newly integrated company will do business not only in areas connected with energy, like oil, electricity, and renewable energy, but also in areas connected with materials, like chemicals and organic electroluminescence. As a Japanese “energy co-creation company,” it is just taking its first steps.

For some years, the use of IT has been necessary in infrastructure-related industries, and Idemitsu is known for its leading initiatives in this area. For example, operational data that was once stored in individual control systems at oil refineries and other production sites all over the country is now collected by a plant information management system (PIMS).*1 The company analyzes its data using business intelligence (BI) tools,*2 and has taken steps to improve processes and productivity and to achieve energy efficiency ahead of other companies in the same industry.

“Especially in recent years, there is an increased threat of cyberattacks on infrastructure, such as targeting facilities that provide oil or electricity. Actually, some power generation, transmission, and distribution facilities overseas have been attacked, leading to power outages, and there are countless incidents resulting from cyberattacks. In light of such incidents, the Ministry of Economy, Trade and Industry has been urging businesses connected with important infrastructure in Japan to strengthen information security,” says Seiji Yoshii, manager of Idemitsu’s Information Systems (IS) Department.

“Of course, this is an important topic for us, because our company is committed to providing a reliable energy supply for society. One problem we realized was that an interface called OPC Classic*3 was used to link data between site control systems, the PIMS, and the BI tools,” says Takahiro Ogata of the IS Department.

OPC Classic is widely used in manufacturing industries, etc., as a standard for exchanging process data and historical data between control systems and information systems. However, this interface requires that firewall ports on the periphery of the system be left wide open, which gives attackers a possible route for attack, and therefore it was a recognized security problem.

For that reason, Idemitsu Kosan decided to replace the aging PIMS and create a system compliant with OPC UA,*4 which is the new standard that supersedes OPC Classic. OPC UA is the only recommended communication standard for Industry 4.0, and since it can narrow down the ports that must be open for communication to one, it can greatly improve the security level compared to the old standard.

This article was published in July 2021.