#Japan #Tokyo #Newton Consulting #Kurita Water #CSIRT Setup

Establishing a Global CSIRT: A Success Story of Kurita Water Industries

Introduction

In an era where cybersecurity threats are rampant, Kurita Water Industries—known for its water treatment chemicals, equipment, and maintenance services—has taken significant steps to bolster its cybersecurity posture. To effectively manage risks associated with information security, the company has partnered with Newton Consulting to develop a comprehensive Global Computer Security Incident Response Team (CSIRT). This initiative represents a proactive approach to ensuring the security and continuity of its water treatment operations worldwide.

The Need for Information Security

Kurita Water Industries plays a crucial role in supporting social infrastructure with its advanced water treatment solutions. Engaged in research and development, the company aims to contribute to solving water scarcity issues and achieving a decarbonized society. Given the increasing reliance on information systems in their operations, implementing robust information security measures has become indispensable. In response to rising cyber threats, Kurita established its CSIRT in 2022 beneath the umbrella of its Business Continuity Management (BCM) division, initiating a structured approach toward cybersecurity.

Expanding CSIRT to Global Operations

With operational facilities and research centers located in Asia, North and South America, and Europe, Kurita is expanding its CSIRT framework beyond Japan. Following the domestic implementation of the CSIRT, the company has worked on creating operational manuals and conducting practical CSIRT exercises at its overseas locations across six regions and fifteen sites.

During the manual formulation phase, workshops tailored to the characteristics of each overseas facility were held. This initiative helped establish a unified incident response flow, roles, and clarify different levels of incidents. In the exercise phase, simulated cyber-attack scenarios were employed to scrutinize response policies and recovery procedures from backups, ensuring preparedness across all regions.

The culmination of these efforts established a framework enabling local CSIRTs to respond effectively to cyber incidents in coordination with the headquarters. This structure is a monumental step toward enhancing their cybersecurity capabilities on a global scale.

Overview of Global CSIRT Consulting Service

Newton Consulting's Global CSIRT Consulting Service provides targeted support for organizations aiming to improve their security levels across all sites. Given the rising threats posed by cyber-attacks, timely detection and containment of potential incidents have become urgent. This service offers flexibility tailored to the unique attributes of each operational hub and facilitates an interconnected CSIRT system across all locations.

Example Workflow of the Service

To implement a global CSIRT, it’s effective to first finalize rules domestically—encompassing international considerations—before proceeding with overseas deployment. This two-phase approach ensures both efficiency and effectiveness in building the CSIRT.

Conclusion

Kurita Water Industries’ initiative to establish a global CSIRT with the aid of Newton Consulting marks a significant advancement in corporate cybersecurity measures. As the project continues to evolve, further enhancements to the CSIRT framework will be anticipated, setting a precedent for other organizations navigating similar challenges in the cybersecurity landscape.

To learn more about this case study and the Global CSIRT Consulting Service offered by Newton Consulting, visit Newton Consulting.