CYBERSEC 2021 uses cookies to provide you with the best user experience possible. By continuing to use this site, you agree to the terms in our Privacy Policy. I Agree

May 4-6 at Taipei Nangang Exhibition Center, Hall 2

Cyber Insight

OT Security

Jrsys Inc. Chairman and CEO James Wu

JRSYS is a well-known mobile security and cloud security Taiwanese company with 100% independent innovated R&D in Taiwan. An international security team based on Taiwan and already have international customers. In addition to possessing nearly 20 mobile information security-related invention patents in Taiwan, China and The State. Jrsys has won a number of international information security championship awards, including but not limited the APICTA Award champion of the Asia Pacific Information Security Contest.

In recent years, there have been frequent hacking incidents, and many well-known companies have been shot down accordingly. In addition to affecting business operations, they have also caused the leakage of personal information of customers and consumers. The purpose of establishing information security management is to reduce various business risks and avoid major losses or unbearable impacts caused by sudden information security incidents. Therefore, in accordance with the requirements of the international information security standards ISO 27001 (ISMS), ISO 27701 (PIMS), ISO 22301 (BCMS), and IEC 62443 (CSMS), the IT/OC/CT/BC security protection software framework that may meet with the needs of modern business requirements.

The standard of JRSYS’ information security protection is to adopt international information security standards, emphasizing CIA (confidentiality, integrity and availability). Factory automation information security is based on the international IEC 62443 standard, emphasizing that AIC sequence and Availability should be put first, because on the operation level, it is not possible to stop the machine while in processing.

The integrated information security of JRSYS production information includes the diagnosis, consultation and necessary solution introduction. In addition, production line information security, supply chain information security, and identity authentication information security are also indispensable and important links in the overall industrial control information security field.

The industrial automation information security provided by JRSYS includes the access control that corresponds to IEC.62443-2-1 and all enterprises face every day, including: account management, authentication management, authorization management, etc. According to these basic information security policies and adopted products, then decide other peripheral hardware and software accordingly.

The recommended approach for the B2B protection mechanism of the OT Security starts with the pain point of the industry.

The current OT Security pain points include:

  1. Worry about the Internet being attacked by hackers.
  2. There are many networked machines and system hubs, and the password must be highly complex, each must be different, and it must be replaced regularly, which is too difficult to remember and manage.
  3. The company's B2B supplier employees turn-over and the passwords are transferred to the successors, but the company itself does not know and cannot control it. The worry is that the turnover personnel could illegally log in to the company with the same account and password to obtain secret information.
  4. The company was invaded by hackers, causing the payment of goods to be remitted to the hacker's instead, and there have been endless incidents that harmed the company and various suppliers and vendors, with losses of tens of millions to billions.
  5. The important production parameters and formula ratio of the machine are important intellectual property rights of the company. How to protect?
  6. How to manage and save a large number of documents with suppliers: inquiry for quotation, contract, warehousing acceptance form, shipping order and various documents in the production process?

Based on the above industry pain points, the solutions proposed by JRSYS include:

  1. The company must have a firewall to establish a DMZ demilitarized zone to protect external connections.
  2. Through the highest authority management system to complete important password management of servers, databases and machines.
  3. Using 2FA authentication to simply and effectively control and solve the possible risks caused by the turnover of supplier employees.
  4. Digital paperless electronic documents must be electronically signed to confirm the correctness and authenticity of the documents, avoid tampering and forgery, and then store them through electronic documents to reduce the cost of data searching and storage.
  5. In the COVID-19 post-epidemic era, it is a more convenient, fast and safe solution to exchange documents with suppliers through online sign-off and eMail but protected by IT/OT/CT security.