“Cyber/Physical Security Guidelines for Factory Systems [Appendix: Key Considerations for Promoting Smartification]” Formulated

1. Background

Against the backdrop of the advancement of digital transformation (DX), companies have been accelerating the introduction of IoT devices in their factories and advancing efforts to create new added value by making use of the operational data obtained from various devices. Meanwhile, along with the advancement of these efforts, a growing number of companies need to connect their in-plant networks, which have until now not been connected, to external networks including the internet and related companies’ networks, and this has driven companies into a situation where they must consider cybersecurity measures in light of supply chain risks. In addition, as cyberattacks are constantly becoming more intricate and sophisticated and all factories are potential targets of cyberattacks, companies are now more than ever required to take measures against cyberattacks.

Bearing in mind these challenges, in November 2022, METI formulated and published Cyber/Physical Security Guidelines for Factory Systems (hereinafter referred to as the “main Guidelines”) as a reference, demonstrating approaches and procedures that help companies in taking security measures for factory systems.

Since the formulation of the main Guidelines, more and more companies have been paying attention to factory smartification against the backdrop of the further advancement of DX. While smart factories have the potential to strengthen business competitiveness in the manufacturing industry, (e.g., by enhancing the efficiency and sophistication of manufacturing processes and making data visible) such factories may face increased security risks stemming from the increased connectivity with external networks and the expansion of supply chains.

To address this, METI held a series of meetings of the Factory Sub-Working Group of Working Group 1 (Systems, Technologies, and Standardization) of the Study Group for Industrial Cybersecurity, and the Sub-Working Group advanced discussions on cybersecurity measures focusing on factory smartification, bringing together experts in the field of factory smartification and stakeholders of industrial associations in a variety of fields.

METI hereby announces that as an outcome of the discussions and as an expanded version of the main Guidelines, it formulated Cyber/Physical Security Guidelines for Factory Systems [Appendix: Key Considerations for Promoting Smartification] (hereinafter referred to as the “Guidelines Appendix”) as a compilation of the points to be considered by companies in advancing factory smartification and the key points in preparing measures therefor.

2. Overview of the Guidelines Appendix

The Guidelines Appendix mainly targets personnel in companies promoting factory smartification (IT-related departments, production-related departments, strategic management departments, risk control departments, and departments in charge of DX), and it provides an overview of smart factories as well as points to be considered and specific case examples that will help companies in advancing factory smartification in accordance with related measures for each step shown in the main Guidelines.

Specifically, the Guidelines Appendix explains the need for companies to take into account the following points in preparing security measures at smart factories.

Concept of zoning

• In smartization, as operations are added and upgraded according to the purpose, detailed zones from a business perspective (referring to areas where operations are of equal content and importance, and the same level of security measures are required for protected assets in the same zones.) Zoning is more important.
• While the importance of zones was described in the main Guidelines as well, the Guidelines Appendix explains approaches to and points to be considered in zoning in a more detailed manner from an operational perspective.

Dividing roles and responsibilities in line with the expansion of supply chains

• In the process of smartification, it is especially crucial to clarify the division of roles and responsibilities related to security measures, because the smartification process is highly likely to involve the introduction of external equipment and services and the accelerated distribution of data between one company’s numerous factories or between companies, causing an increase in events that the company cannot manage internally.
• The main Guidelines present the key points in promoting supply chain measures, while the Guidelines Appendix provides approaches to and specific examples of setting security requirements for business partners and suppliers.

Related Materials

• The Cyber/Physical Security Guidelines for Factory Systems [Appendix: Key Considerations for Promoting Smartification]

Related Links

• METI website for its policies: Cyber/Physical Security Guidelines for Factory Systems

Division in Charge

Cybersecurity Division, Commerce and Information Policy Bureau