industrial cyber security - honeywell · 2018-10-02 · industrial cyber security consulting...
TRANSCRIPT
CYBERVANTAGETM SECURITY CONSULTING SERVICESWhere Innovation Meets Implementation to Drive Industrial Cyber Security Excellence
Industrial Cyber Security
Innovation and Implementation: Industrial Cyber Security Services from ICS Experts
Engage with our experts for a comprehensive range of services, from wired and wireless network assessments, to security program design and solution implementation. CyberVantage consultants are well versed in both industrial operations and cyber security, with experience across technical disciplines or a single technical domain. Our full-lifecycle services focus on industrial control system (ICS) environments to reduce your operational risks and help you:
• Understand & improve cyber security readiness
• Securely plan and implement major migrations
• Meet regulatory requirements
• Evaluate current cyber security program resilience
• Improve ICS incident response
• Improve personnel cyber security competence.
Make your systems more secure, keep them connected, and ensure they remain up and running for a safer, more reliable and more profitable business.
A growing danger Increased digitization and connectivity in industrial control systems have massively increased the cyber attack surface. With more assets and operational processes automated and connected, the potential to exploit vulnerabilities grows.
So, too, do regulatory expectations. Governments worldwide are moving to secure critical infrastructure to protect the public. Organizations not safeguarding their systems face significant penalties and damage to their reputation if cyber security
Industrial companies no longer have to choose between security and the
power of connected enterprises. CyberVantage™ Security Consulting Services
provide over 30 specialized industrial cyber security offerings and custom
consulting to help process control industries safely operate and connect. Fully
embrace the potential of digitisation, cloud analytics and the Industrial Internet
of Things (IIoT), while preparing your business for new levels of cyber risk.
The benefits of CyberVantage Security Consulting Services
• Safely connect industrial facilities to adopt IIoT and digital transformation
• Improve cyber security maturity levels
• Demonstrate cyber assurance to C-suite, stakeholders and insurance carriers
• Optimize resources for managing cyber risks
• Ensure regulatory compliance and avoid fines
• Protect your business and reputation
• Prevent downtime and incidents caused by cyber attacks.
The CyberVantage Difference at a Glance
• Full range of 30+ services, strategic and tactical, to improve industrial cyber security and operations
• Safe-on-site, experienced personnel
• Global Centers of Excellence for customer access to industrial cyber security talent 200+ Honeywell community of industrial cyber security experts.
does not meet required standards, even without a successful breach.
Where attacks succeed, the consequences can be severe – crippling computers, shutting down systems endangering people and, facilities and potentially costing millions.
From Stuxnet and Sandworm, to Shamoon and WannaCry, malware is specifically targeting industrial control systems – and even safety systems 1 . More than half of industrial facilities have experienced some form of cyber security incident,2 and three quarters say they expect an attack on their industrial control system. 3
Worldwide there’s a shortage of cyber security expertise to address this growing risk. Fewer still have operational technology expertise as well as critical security skills.
The expertise you need for peace of mindHoneywell is a technical leader in addressing cyber security challenges in industrial control system environments. We complete hundreds of cyber security projects every year. Decades of experience and the latest thinking delivers effective ICS cyber security solutions globally.
We have half a century’s experience with SCADA, DCS and industrial control systems, and more than 15 years delivering cyber security services across process control industries. Our experts have deep domain knowledge across oil and gas, refining,
1 https://uk.reuters.com/article/us-cyber-infrastructure-attack/hackers-halt-plant-operations-in-watershed-cyber-attack-idUKKBN1E82712 https://www.securityweek.com/industrial-firms-slow-adopt-cybersecurity-measures-honeywell3 https://go.kaspersky.com/rs/802-IJN-240/images/ICS%20WHITE%20PAPER.pdf
chemicals, power, pulp and paper, food and beverage, and mining and minerals.
We are safe onsite. Our experienced practitioners are certified for work offshore and on site. Honeywell’s people know how to operate safely and effectively in critical facilities and hazardous environments.
We have a global reach with industrial cyber security innovation labs and Centers of Excellence in the Americas, EMEA and APAC to expedite your initiatives wherever your facilities are based.
A Comprehensive Portfolio of Services
From operational technology policy development
and assessments to implementation and
remediation, our teams provide full-lifecycle
industrial cyber security consulting services that
help companies safely operate and connect.
Cyber Security assessments and auditsProviding an objective measure of your security
posture and identifying vulnerability gaps
with specific remediation recommendations,
our assessments and audits help you focus
efforts to reduce risk; provide assurance or
evidence to influence decision makers; drive
consistent standards across the business; and
operationalize the integration of security into
digital transformation and plant modernization
plans. We can help uncover security issues,
as well as develop actionable roadmaps to
prioritize and address identified concerns.
With recurring assessments, businesses can
track progress and address new vulnerabilities
and evolving threats that degrade security over
time. Assessments can uncover unsecured
passwords, software vulnerabilities, end of
service equipment, weak encryption, insecure
connections and open unauthorized access to
secure systems.
Our consultants deliver a wide range of
assessments and audits covering different areas
and depths to meet customers’ individual needs:
• Cyber security assessments
• Threat/Risk assessments
• Network assessments
• Wireless network assessments
• Security audits.
Penetration testing
As a stand-alone service or as part of an
assessment engagement, CyberVantage
Penetration Testing will put your cyber
security program through its paces. Acting
as “white hat” hackers, our experts provide a
safe simulation of an attack on the network
within the parameters you define, and deliver
a detailed report with recommendations for
mitigating risks and vulnerabilities.
Whether targeted against a single application,
a network or entire facility, penetration testing
enables businesses to see what an attack
would look like:
• Identifying gaps in security technology coverage
• Revealing vulnerabilities that cannot be detected by automated tools, such as insecure password storage or weak in-memory malware detection
• Testing an organization’s detection and responses to see if defenders can detect and prevent an attack in progress
• Providing validation, justification, and business cases for investment in OT security.
Providing detailed evidence of whether and how
You can’t manage what you can’t measure
Our objective assessments are closely aligned with the National Institute of Standards and Technology’s (NIST) Cyber Security Framework (CFS) tiers of implementation.
Companies pursuing security levels to follow best practices or comply with cyber security regulations, such as IEC-62443 or ANSSI, can engage Honeywell services at any stage of their compliance effort.
SituationalAwareness
Assessments& Audits
Architecture& Design
Response& Recovery
EndpointProtection
NetworkSecurity
PEOPLEPROCESS
TECHNOLOGY
• Backup and Recovery• Incident Response
Planning
• Incident Response: On Site and Remote
• Forensics and Analysis
• Industrial Patching and Anti-Virus
• Industrial Application Whitelisting
• End Node Hardening• Secure Media Exchange
(SMX)/USB Security
• Continuous Monitoring• Exchange (ATIX)• Industrial Risk Manager• SIEM
• Advanced Threat Intelligence • Compliance & Reporting• Awareness & Training• Asset Inventory & Management
5OPTIMIZED4
MANAGED3DEFINED2
REPEATABLE1AD HOC0
NON-EXISTENT
S E C U R I T Y M A T U R I T Y L E V E L
Little or no cyber security measures/standards in place
Disparate processes• Individualized efforts• No assessed risk• Not repeatable• Not scalable• Not strategic
Solutions:• Strategy and processes defined• Business outcomes defined• Assessment findings available• Some risk understanding• Solutions managed individually
Services:• Program in place• Managed by objectives• Governance structure• Strategic efforts• Consistent risk reviews• Ongoing adjustments to people, process and assets• Solutions managed and measured holistically (self or via provider)
Security Program:• Enterprise-wide management• Benchmarking• Monitoring• Ongoing feedback• Strategic improvements: – Cyber skills development – Digital transformation – Risk management best practicesManagement:
• Some repeatability• Some process defined• Some process documented• Some shared capabilities• Some automation
• Current State Analysis• Secure Design and
Optimization
• Vulnerability and Risk Assessments• Network and Wireless Assessments
• Cyber Security/Compliance
Audits• Industrial Penetration Testing• ICS Shield and Risk Manager
• Zone and Conduit Separation
Model for industrial cyber security maturity - levels run from 0 (non-existent) to 5 (optimized)CyberVantage consultants can help companies identify their current industrial cyber security maturity level and implement actions to improve security measures.
security can be breached, penetration tests
can be defined to users exact requirements,
including external, perimeter security and
process penetration testing. All test reports
are designed to help those responsible for
implementing security at the site understand
what our experts did, how they did it, and how
the site could prevent them from doing it again.
System architecture and designProactive industrial companies have learned
that considering security early in the network
design stage can vastly improve reliability and
scalability. Industrial network architectures and
topologies can include segmentation of security
zones and conduits, for example, to limit the
impact of a cyberattack.
Our experts can analyze your current state
to recommend and document best practice
design specifications. Leveraging their deep
understanding of architectural impacts on
system configurations and control system
performance, they can deliver detailed
recommendations to optimize availability and
avoid system conflicts. Tapping our expertise
before you expand or change your network can
help better secure your perimeters and protect
your high priority system resources.
Network Security for modern and legacy infrastructureHoneywell security experts will make your
operational assets a more difficult target for
A return on investment
CyberVantage Security Consulting Services address risks and prevent major losses:
• $15.9M production loss 1
• Regulatory liabilities up to $1.2M2
1 Based on a 16.8 recovery-days model for a Denial-of-Service attack scenario, a 100mbpd refinery plant at gross refining margin of $9.45/barrel may record a US$15.9M production loss.
2 The same attack if resulting in an uncontrolled chemical reaction leading to a 4-month long pollution situation will incur further liability of a regulatory fine up to US$1.2M based on Texas’ maximum penalty for violation of oil and gas pollution of $10,000 per day.
• Policy and Procedures• Secure Network Refresh• Access Control• Network Hardening
• Intrusion Detection and Prevention
• Firewall, Next Gen Firewall
cyber attackers. To reduce your attack surface,
we identify weaknesses and implement best
practices across people, processes and
technology, improving your overall cyber security
maturity. For companies new to security, we
help design and author the right policies and
guidelines, including how to develop and govern
an industrial cyber security program.
Providing advice, implementation and
configuration services, we’ll help put in
place multiple safe layers of defense across
your operations to reduce the risk of cyber
incidents. These can include third party and
Honeywell solutions such as firewalls, intrusion
prevention systems, access control systems,
risk management, secure remote access, and
log management tools.
Secure Network Refresh
Burdened by obsolete systems and legacy
software? We can perform the necessary
inventorying and plans for a Secure
Network Refresh.
The CyberVantage Secure Network Refresh
service helps industrial operators improve
process control network (PCN) performance and
security by replacing older and obsolete network
equipment that is particularly vulnerable to cyber
security attacks:
• Eliminating old or obsolete PCN switches, routers and firewalls that do not meet modern cyber security standards and therefore add to the vulnerability of the network and process operations
• Replacing out of support equipment that is not repairable, adding to the potential of
longer downtimes in the event of a failure.
Network Hardening
Software systems behave differently depending
on how they are configured and integrated with
other systems in your industrial environment.
Hardening services performed by skilled cyber
security consultants security consultants
follow the Center for Internet Security (CIS)
industry standard to eliminate or reduce system
vulnerabilities and develop or add to the security
policy of the industrial systems. When performed
by experienced personnel, network hardening
services help mitigate risks and improve
compliance.
Endpoint protectionOur comprehensive services for endpoint
protection aim to eliminate entry points for
security threats. From identifying and closing
down open ports, to application whitelisting,
antivirus and patching, we offer comprehensive
services to protect users from intrusions.
Honeywell’s unique USB security insights
and experience with end node hardening set
us apart from stand-alone endpoint product
implementers, as does our sensitivity to work
performed in proximity to, or interdependent
with, live operational networks.
Situational awarenessWith the rapid proliferation of threats and more
sophisticated attackers, ongoing vigilance is
essential. Our monitoring, inventory and risk
management services layer in safeguards and
regulatory compliance checks. Since even the
most secure system can be undermined by the
actions or failures of individuals to follow safe
practices and procedures, Honeywell provides
comprehensive, flexible training options. Increase
cyber risk awareness and drive best practices
through your organisation through a variety of
courses that can be built to meet your precise
requirements. Better yet, experience simulated
attacks first hand through our global Industrial
Cyber Security Centers of Excellence.
We continually update and expand our service
offerings to support your needs for increasing
situational awareness across your facility, fleets,
sites, personnel, and data.
If the inevitable happens…
Adversaries and attack technologies are
always changing. Planning for a cyber incident
can help ensure critical data is backed
up, systems can reboot more quickly, and
personnel can act effectively and efficiently
in the moment. Our Response & Recovery
services promotes organizational readiness.
Our experts can review your process, policy,
and people roles to plug the holes that
attackers exploit. And they can implement
backup systems to ensure the impacts of
data losses are minimized. We also provide
forensics and analytics services, tapping into
our 200+ cyber security experts working in the
field every day to get you back up and running.
CyberVantage Security Consulting Services
customers benefit from our:
• Ongoing investments in developing cyber security insights and expertise
• Worldwide reach
• Support for third party hardware, software and services
• Wide portfolio of cyber security software
and solutions.
Honeywell Centers of ExcellenceHoneywell Industrial Cyber Security Centers
of Excellence (COE) provide state-of-the-art
facilities and specialized technical personnel
to help you simulate, validate, and accelerate
your industrial cyber security initiatives –
all in an exciting setting with world-class
demonstration capabilities. With our COE
resources, you can save time, develop more
efficient solutions, and avoid costly security
mistakes as you improve your organization’s
industrial cyber security maturity
Honeywell COEs specific to industrial cyber
security are currently available in Atlanta,
Georgia (USA), Dubai (UAE), and Singapore,
and are open to any customer or interested
party around the world. Our COE footprint
continues to expand to meet customer needs:
• Safe off-production ICS test bed
• State-of-the-art ICS equipment
• Skilled expertise in control systems and ICS security
• Group ICS security training facilities (varies per location).
CyberVantage Managed Security Services In addition to consulting services, Honeywell
provides CyberVantage Managed Security
Services for 24/7 remote monitoring of
industrial systems to detect threats and identify
vulnerabilities. With facilities in Houston (USA),
Bucharest (Europe), and Singapore, customers
have access to cyber security experts for
continuous security and performance
monitoring and delivery of patches and antivirus
updates to their systems. Customers gain
complete peace of mind, putting their cyber
security in the hands of leading experts with the
most advanced solutions.
Why Honeywell?
• 50 years’ experience in industrial automation
• 15 years’ OT cyber security expertise
• 100s of cyber security projects every year
• 3 Industrial Cyber Security Centres of Excellence
• 200+ cyber security experts globally
• 1 stop for your automation and cyber security needs.
• Safe on site
• Combination of operational systems knowledge together with industrial cyber security skills
Strength and Depth: CyberVantage Services
from removable media and USB ports.
Managing USB ports across any industrial
facility against cyber risk and unauthorized
usage, SMX verifies the security of removable
media and logs its usage in the plant. Plant
owners and operators gain unprecedented
control and visibility into the secure use of
removable media, reducing cyber risk to process
control networks globally.
Advanced Threat Intelligence Exchange (ATIX), Honeywell’s secure, hybrid-cloud threat
analysis service, fuels SMX for evergreen threat
updates across your enterprise.
Third party partnerships As well as its own comprehensive portfolio,
Honeywell partners with some of the leading
players in cyber security. These partnerships
enable us to bring customers the best tried
and tested offerings that work seamlessly
with our own and third party solutions in the
OT environment:
• McAfee and Symantec Anti-Virus programs and software patches, supported for Microsoft OS, Adobe Products and Control System
• Cisco® secure hardware to build your wireless infrastructure, including wireless access points
• Palo Alto Networks® next-generation firewalls for unrivalled process network traffic monitoring and advanced threat prevention across the automation environment.
Honeywell’s ICS ShieldTM platform for cyber
security operations provides a centralized
solution to simplify and deliver ICS security.
Providing top-down ICS and DCS security
management, ICS Shield automates an
integrated approach for deployment and
enforcement of plant-wide security controls:
• Detect and discover what’s on the network
• Connect with secure remote access to field assets for personnel, third-parties and machines
• Protect with unified and automated policy management processes
• Scale with multi-site, multi-vendor deployment, with all sites connected to the security and operations center via
Honeywell’s Secure Tunnel.
Industrial Cyber Security Risk Manager is the
first solution to proactively monitor, measure
and manage cyber security risks in industrial
environments. Consolidating cyber threat
and vulnerability data into a single view, Risk
Manager promotes better decisions about cyber
security and enables industrial operators to
focus on the key risks to their enterprise.
With Enterprise Risk Manager (ERM), Risk Manager users can gain real-time visibility of
over 20 different Risk Manager sites in a single
dashboard at the Level 4 Business Network.
Secure Media Exchange (SMX) reduces the
cyber security risk and operational disruption
Why CyberVantage Security Consulting Services?
• Skilled resources to design and implement your critical industrial cyber security work
- Reduces risks of non-compliant work, which can trigger fines of up to $1.7M
- Enables competent implementation of key innovation strategies including digital transformation, Connected Plants, Industry 4.0 and Industrial Internet of Things (IIoT)
• On demand cyber security expertise
- Vital amidst cyber security skills shortages, 3.5 million unfilled cyber security positions by 2021 (cyber security ventures)
- Avoids anywhere from 7-10 years average team-building time ―with no need to train and manage in-house staff
• Cyber Security Assessments helped locate gaps, and associated risks; and establish an overview of the cyber security posture.
• Automated patch and anti-virus definition delivery has significantly increased server and workstation security.
• Honeywell technology monitors, protects and logs use of USB removable media throughout the facility.
Honeywell Performance Materials and Technology
• Strategic resources were needed to design a new facility network architecture to handle both current and future needs.
• Security overhead on the company’s system administrators was reduced through security technology standardization across business units, enabling one centralized admin team
• Productivity increased as software was implemented to automate and simplify daily operational work, such as patching to close vulnerabilities or update anti-virus
• A formerly flat network has been replaced with a defense-in-depth design and segmentation that better protects assets based on risk prioritization.
Greenfield Energy Facility in North America• CyberVantage experts delivered a
collaborative Technical Design Workshop to identify security needs across all company sites
• The delivered Reference Architecture and remediation work scoping has simplified visibility, management, and control of ICS security across sites
• Understanding critical infrastructure security level (SL3) and the latest industry standards has helped the customer clarify the path forward, saving them from costly mistakes and non-compliance.
Global Critical Infrastructure Provider
• Active monitoring and secure remote access has been provided to multiple remote sites for over eight years.
• Due to the success of this work, the company has expanded investments on Honeywell cyber security.
• PCN security updates are better managed and constantly kept up to date.
• Downtime has been reduced and the business is more responsive to issues before further deterioration.
• Secure remote support with full recording and audit trail of all activities allows for internal and external resources to safely perform work..
Binh Son Refining & Petrochemical
Customer Success Stories
For More InformationTo learn more about Honeywell’s CyberVantage
Security Services, visit www.becybersecure.com
or contact your Honeywell account manager.
Honeywell Process Solutions Honeywell1250 West Sam Houston Parkway South
Houston, TX 77042
Honeywell House, Arlington Business Park
Bracknell, Berkshire, England RG12 1EB
Shanghai City Centre, 100 Junyi Road
Shanghai, China 20051
www.honeywellprocess.comBR-14-17-ENG I 09/18©2018 Honeywell International Inc.