Cyber security with Valmet Cyber security with Valmet

Customer

Valmet’s Automation business line develops analyzers and measurement solutions for the process industry, paper quality control solutions, as well as the distributed control system platform Valmet DNA, which is a single automation system for all functions – process, machine, drive and quality controls. It covers information management along with mechanical and field device condition monitoring.

Case description

Valmet’s Automation business line has been running a systematic Industrial Control System (ICS) security activity for years and Valmet continues to invest in cyber security development. The Automation business line is partnering with Intopalo on the implementation of methods and technologies to improve the overall security level of their products in the ICS security area.

Intopalo works at multiple levels of cyber security development, including

  • Security roadmap and technology selections
  • Secure software engineering methods
  • Security architecture and the implementation of security technologies

To validate the plans for the future directions of cyber security development, we conducted a series of customer surveys. We held face-to-face interviews in Finland and North America with large, internationally-operating customers who represent a wide range of industries, including oil and gas, energy, pulp and paper, mining and construction, petrochemical and dairy. Based on the interviews, we were able to identify product opportunities and plan a cyber security roadmap.

In the area of cyber security development, we have deployed secure software engineering practices including security threat modeling, security requirements management, and secure coding checklists for code review.

Valmet is also partnering with Intopalo to develop the security architecture and implementing security technologies for future and current automation products.

Intopalo collaboration in the area of industrial control systems’ cyber security has proven effective and productive. Intopalo’s wide expertise in security has helped to identify and fix bottlenecks in security processes and practices, and to develop a solid secure software engineering framework. Deep technical knowledge about the pros and cons of different technical solutions has supported us in making rationalized decisions and created a basis for our long-term security roadmap. The deep enthusiasm that the Intopalo team shows in their work has had an especially strong influence.

Markku Tyynelä; Program Manager

Markku Tyynelä has a long history in ICS security area. He was one of authors in the first Finnish ICS Security book 2005, and has played an active role in several security workgroups and research projects, and is currently also a member of CERT Group in The National Cyber Security Centre Finland (NCSC-FI) at Finnish Communications Regulatory Authority (FICORA).

Key results
  • Security roadmap and validation of the roadmap with customers
  • Creation and deployment of secure software engineering practices
  • Security architecture and implementation of security technologies