CYBERVANTAGETM SECURITY CONSULTING SERVICESWhere Innovation Meets Implementation to Drive Industrial Cyber Security Excellence

Industrial Cyber Security

Innovation and Implementation: Industrial Cyber Security Services from ICS Experts

Engage with our experts for a comprehensive range of services, from wired and wireless network assessments, to security program design and solution implementation. CyberVantage consultants are well versed in both industrial operations and cyber security, with experience across technical disciplines or a single technical domain. Our full-lifecycle services focus on industrial control system (ICS) environments to reduce your operational risks and help you:

• Understand & improve cyber security readiness

• Securely plan and implement major migrations

• Meet regulatory requirements

• Evaluate current cyber security program resilience

• Improve ICS incident response

• Improve personnel cyber security competence.

Make your systems more secure, keep them connected, and ensure they remain up and running for a safer, more reliable and more profitable business.

A growing danger Increased digitization and connectivity in industrial control systems have massively increased the cyber attack surface. With more assets and operational processes automated and connected, the potential to exploit vulnerabilities grows.

So, too, do regulatory expectations. Governments worldwide are moving to secure critical infrastructure to protect the public. Organizations not safeguarding their systems face significant penalties and damage to their reputation if cyber security

Industrial companies no longer have to choose between security and the

power of connected enterprises. CyberVantage™ Security Consulting Services

provide over 30 specialized industrial cyber security offerings and custom

consulting to help process control industries safely operate and connect. Fully

embrace the potential of digitisation, cloud analytics and the Industrial Internet

of Things (IIoT), while preparing your business for new levels of cyber risk.

The benefits of CyberVantage Security Consulting Services

• Safely connect industrial facilities to adopt IIoT and digital transformation

• Improve cyber security maturity levels

• Demonstrate cyber assurance to C-suite, stakeholders and insurance carriers

• Optimize resources for managing cyber risks

• Ensure regulatory compliance and avoid fines

• Protect your business and reputation

• Prevent downtime and incidents caused by cyber attacks.

The CyberVantage Difference at a Glance

• Full range of 30+ services, strategic and tactical, to improve industrial cyber security and operations

• Safe-on-site, experienced personnel

• Global Centers of Excellence for customer access to industrial cyber security talent 200+ Honeywell community of industrial cyber security experts.

does not meet required standards, even without a successful breach.

Where attacks succeed, the consequences can be severe – crippling computers, shutting down systems endangering people and, facilities and potentially costing millions.

From Stuxnet and Sandworm, to Shamoon and WannaCry, malware is specifically targeting industrial control systems – and even safety systems 1 . More than half of industrial facilities have experienced some form of cyber security incident,2 and three quarters say they expect an attack on their industrial control system. 3

Worldwide there’s a shortage of cyber security expertise to address this growing risk. Fewer still have operational technology expertise as well as critical security skills.

The expertise you need for peace of mindHoneywell is a technical leader in addressing cyber security challenges in industrial control system environments. We complete hundreds of cyber security projects every year. Decades of experience and the latest thinking delivers effective ICS cyber security solutions globally.

We have half a century’s experience with SCADA, DCS and industrial control systems, and more than 15 years delivering cyber security services across process control industries. Our experts have deep domain knowledge across oil and gas, refining,

1 https://uk.reuters.com/article/us-cyber-infrastructure-attack/hackers-halt-plant-operations-in-watershed-cyber-attack-idUKKBN1E82712 https://www.securityweek.com/industrial-firms-slow-adopt-cybersecurity-measures-honeywell3 https://go.kaspersky.com/rs/802-IJN-240/images/ICS%20WHITE%20PAPER.pdf

chemicals, power, pulp and paper, food and beverage, and mining and minerals.

We are safe onsite. Our experienced practitioners are certified for work offshore and on site. Honeywell’s people know how to operate safely and effectively in critical facilities and hazardous environments.

We have a global reach with industrial cyber security innovation labs and Centers of Excellence in the Americas, EMEA and APAC to expedite your initiatives wherever your facilities are based.

A Comprehensive Portfolio of Services

From operational technology policy development

and assessments to implementation and

remediation, our teams provide full-lifecycle

industrial cyber security consulting services that

help companies safely operate and connect.

Cyber Security assessments and auditsProviding an objective measure of your security

posture and identifying vulnerability gaps

with specific remediation recommendations,

our assessments and audits help you focus

efforts to reduce risk; provide assurance or

evidence to influence decision makers; drive

consistent standards across the business; and

operationalize the integration of security into

digital transformation and plant modernization

plans. We can help uncover security issues,

as well as develop actionable roadmaps to

prioritize and address identified concerns.

With recurring assessments, businesses can

track progress and address new vulnerabilities

and evolving threats that degrade security over

time. Assessments can uncover unsecured

passwords, software vulnerabilities, end of

service equipment, weak encryption, insecure

connections and open unauthorized access to

secure systems.

Our consultants deliver a wide range of

assessments and audits covering different areas

and depths to meet customers’ individual needs:

• Cyber security assessments

• Threat/Risk assessments

• Network assessments

• Wireless network assessments

• Security audits.

Penetration testing

As a stand-alone service or as part of an

assessment engagement, CyberVantage

Penetration Testing will put your cyber

security program through its paces. Acting

as “white hat” hackers, our experts provide a

safe simulation of an attack on the network

within the parameters you define, and deliver

a detailed report with recommendations for

mitigating risks and vulnerabilities.

Whether targeted against a single application,

a network or entire facility, penetration testing

enables businesses to see what an attack

would look like:

• Identifying gaps in security technology coverage

• Revealing vulnerabilities that cannot be detected by automated tools, such as insecure password storage or weak in-memory malware detection

• Testing an organization’s detection and responses to see if defenders can detect and prevent an attack in progress

• Providing validation, justification, and business cases for investment in OT security.

Providing detailed evidence of whether and how

You can’t manage what you can’t measure

Our objective assessments are closely aligned with the National Institute of Standards and Technology’s (NIST) Cyber Security Framework (CFS) tiers of implementation.

Companies pursuing security levels to follow best practices or comply with cyber security regulations, such as IEC-62443 or ANSSI, can engage Honeywell services at any stage of their compliance effort.

SituationalAwareness

Assessments& Audits

Architecture& Design

Response& Recovery

EndpointProtection

NetworkSecurity

PEOPLEPROCESS

TECHNOLOGY

• Backup and Recovery• Incident Response

Planning

• Incident Response: On Site and Remote

• Forensics and Analysis

• Industrial Patching and Anti-Virus

• Industrial Application Whitelisting

• End Node Hardening• Secure Media Exchange

(SMX)/USB Security

• Continuous Monitoring• Exchange (ATIX)• Industrial Risk Manager• SIEM

• Advanced Threat Intelligence • Compliance & Reporting• Awareness & Training• Asset Inventory & Management

5OPTIMIZED4

MANAGED3DEFINED2

REPEATABLE1AD HOC0

NON-EXISTENT

S E C U R I T Y M A T U R I T Y L E V E L

Little or no cyber security measures/standards in place

Disparate processes• Individualized efforts• No assessed risk• Not repeatable• Not scalable• Not strategic

Solutions:• Strategy and processes defined• Business outcomes defined• Assessment findings available• Some risk understanding• Solutions managed individually

Services:• Program in place• Managed by objectives• Governance structure• Strategic efforts• Consistent risk reviews• Ongoing adjustments to people, process and assets• Solutions managed and measured holistically (self or via provider)

Security Program:• Enterprise-wide management• Benchmarking• Monitoring• Ongoing feedback• Strategic improvements: – Cyber skills development – Digital transformation – Risk management best practicesManagement:

• Some repeatability• Some process defined• Some process documented• Some shared capabilities• Some automation

• Current State Analysis• Secure Design and

Optimization

• Vulnerability and Risk Assessments• Network and Wireless Assessments

• Cyber Security/Compliance

Audits• Industrial Penetration Testing• ICS Shield and Risk Manager

• Zone and Conduit Separation

Model for industrial cyber security maturity - levels run from 0 (non-existent) to 5 (optimized)CyberVantage consultants can help companies identify their current industrial cyber security maturity level and implement actions to improve security measures.

security can be breached, penetration tests

can be defined to users exact requirements,

including external, perimeter security and

process penetration testing. All test reports

are designed to help those responsible for

implementing security at the site understand

what our experts did, how they did it, and how

the site could prevent them from doing it again.

System architecture and designProactive industrial companies have learned

that considering security early in the network

design stage can vastly improve reliability and

scalability. Industrial network architectures and

topologies can include segmentation of security

zones and conduits, for example, to limit the

impact of a cyberattack.

Our experts can analyze your current state

to recommend and document best practice

design specifications. Leveraging their deep

understanding of architectural impacts on

system configurations and control system

performance, they can deliver detailed

recommendations to optimize availability and

avoid system conflicts. Tapping our expertise

before you expand or change your network can

help better secure your perimeters and protect

your high priority system resources.

Network Security for modern and legacy infrastructureHoneywell security experts will make your

operational assets a more difficult target for

A return on investment

CyberVantage Security Consulting Services address risks and prevent major losses:

• $15.9M production loss 1

• Regulatory liabilities up to $1.2M2

1 Based on a 16.8 recovery-days model for a Denial-of-Service attack scenario, a 100mbpd refinery plant at gross refining margin of $9.45/barrel may record a US$15.9M production loss.

2 The same attack if resulting in an uncontrolled chemical reaction leading to a 4-month long pollution situation will incur further liability of a regulatory fine up to US$1.2M based on Texas’ maximum penalty for violation of oil and gas pollution of $10,000 per day.

• Policy and Procedures• Secure Network Refresh• Access Control• Network Hardening

• Intrusion Detection and Prevention

• Firewall, Next Gen Firewall

cyber attackers. To reduce your attack surface,

we identify weaknesses and implement best

practices across people, processes and

technology, improving your overall cyber security

maturity. For companies new to security, we

help design and author the right policies and

guidelines, including how to develop and govern

an industrial cyber security program.

Providing advice, implementation and

configuration services, we’ll help put in

place multiple safe layers of defense across

your operations to reduce the risk of cyber

incidents. These can include third party and

Honeywell solutions such as firewalls, intrusion

prevention systems, access control systems,

risk management, secure remote access, and

log management tools.

Secure Network Refresh

Burdened by obsolete systems and legacy

software? We can perform the necessary

inventorying and plans for a Secure

Network Refresh.

The CyberVantage Secure Network Refresh

service helps industrial operators improve

process control network (PCN) performance and

security by replacing older and obsolete network

equipment that is particularly vulnerable to cyber

security attacks:

• Eliminating old or obsolete PCN switches, routers and firewalls that do not meet modern cyber security standards and therefore add to the vulnerability of the network and process operations

• Replacing out of support equipment that is not repairable, adding to the potential of

longer downtimes in the event of a failure.

Network Hardening

Software systems behave differently depending

on how they are configured and integrated with

other systems in your industrial environment.

Hardening services performed by skilled cyber

security consultants security consultants

follow the Center for Internet Security (CIS)

industry standard to eliminate or reduce system

vulnerabilities and develop or add to the security

policy of the industrial systems. When performed

by experienced personnel, network hardening

services help mitigate risks and improve

compliance.

Endpoint protectionOur comprehensive services for endpoint

protection aim to eliminate entry points for

security threats. From identifying and closing

down open ports, to application whitelisting,

antivirus and patching, we offer comprehensive

services to protect users from intrusions.

Honeywell’s unique USB security insights

and experience with end node hardening set

us apart from stand-alone endpoint product

implementers, as does our sensitivity to work

performed in proximity to, or interdependent

with, live operational networks.

Situational awarenessWith the rapid proliferation of threats and more

sophisticated attackers, ongoing vigilance is

essential. Our monitoring, inventory and risk

management services layer in safeguards and

regulatory compliance checks. Since even the

most secure system can be undermined by the

actions or failures of individuals to follow safe

practices and procedures, Honeywell provides

comprehensive, flexible training options. Increase

cyber risk awareness and drive best practices

through your organisation through a variety of

courses that can be built to meet your precise

requirements. Better yet, experience simulated

attacks first hand through our global Industrial

Cyber Security Centers of Excellence.

We continually update and expand our service

offerings to support your needs for increasing

situational awareness across your facility, fleets,

sites, personnel, and data.

If the inevitable happens…

Adversaries and attack technologies are

always changing. Planning for a cyber incident

can help ensure critical data is backed

up, systems can reboot more quickly, and

personnel can act effectively and efficiently

in the moment. Our Response & Recovery

services promotes organizational readiness.

Our experts can review your process, policy,

and people roles to plug the holes that

attackers exploit. And they can implement

backup systems to ensure the impacts of

data losses are minimized. We also provide

forensics and analytics services, tapping into

our 200+ cyber security experts working in the

field every day to get you back up and running.

CyberVantage Security Consulting Services

customers benefit from our:

• Ongoing investments in developing cyber security insights and expertise

• Worldwide reach

• Support for third party hardware, software and services

• Wide portfolio of cyber security software

and solutions.

Honeywell Centers of ExcellenceHoneywell Industrial Cyber Security Centers

of Excellence (COE) provide state-of-the-art

facilities and specialized technical personnel

to help you simulate, validate, and accelerate

your industrial cyber security initiatives –

all in an exciting setting with world-class

demonstration capabilities. With our COE

resources, you can save time, develop more

efficient solutions, and avoid costly security

mistakes as you improve your organization’s

industrial cyber security maturity

Honeywell COEs specific to industrial cyber

security are currently available in Atlanta,

Georgia (USA), Dubai (UAE), and Singapore,

and are open to any customer or interested

party around the world. Our COE footprint

continues to expand to meet customer needs:

• Safe off-production ICS test bed

• State-of-the-art ICS equipment

• Skilled expertise in control systems and ICS security

• Group ICS security training facilities (varies per location).

CyberVantage Managed Security Services In addition to consulting services, Honeywell

provides CyberVantage Managed Security

Services for 24/7 remote monitoring of

industrial systems to detect threats and identify

vulnerabilities. With facilities in Houston (USA),

Bucharest (Europe), and Singapore, customers

have access to cyber security experts for

continuous security and performance

monitoring and delivery of patches and antivirus

updates to their systems. Customers gain

complete peace of mind, putting their cyber

security in the hands of leading experts with the

most advanced solutions.

Why Honeywell?

• 50 years’ experience in industrial automation

• 15 years’ OT cyber security expertise

• 100s of cyber security projects every year

• 3 Industrial Cyber Security Centres of Excellence

• 200+ cyber security experts globally

• 1 stop for your automation and cyber security needs.

• Safe on site

• Combination of operational systems knowledge together with industrial cyber security skills

Strength and Depth: CyberVantage Services

from removable media and USB ports.

Managing USB ports across any industrial

facility against cyber risk and unauthorized

usage, SMX verifies the security of removable

media and logs its usage in the plant. Plant

owners and operators gain unprecedented

control and visibility into the secure use of

removable media, reducing cyber risk to process

control networks globally.

Advanced Threat Intelligence Exchange (ATIX), Honeywell’s secure, hybrid-cloud threat

analysis service, fuels SMX for evergreen threat

updates across your enterprise.

Third party partnerships As well as its own comprehensive portfolio,

Honeywell partners with some of the leading

players in cyber security. These partnerships

enable us to bring customers the best tried

and tested offerings that work seamlessly

with our own and third party solutions in the

OT environment:

• McAfee and Symantec Anti-Virus programs and software patches, supported for Microsoft OS, Adobe Products and Control System

• Cisco® secure hardware to build your wireless infrastructure, including wireless access points

• Palo Alto Networks® next-generation firewalls for unrivalled process network traffic monitoring and advanced threat prevention across the automation environment.

Honeywell’s ICS ShieldTM platform for cyber

security operations provides a centralized

solution to simplify and deliver ICS security.

Providing top-down ICS and DCS security

management, ICS Shield automates an

integrated approach for deployment and

enforcement of plant-wide security controls:

• Detect and discover what’s on the network

• Connect with secure remote access to field assets for personnel, third-parties and machines

• Protect with unified and automated policy management processes

• Scale with multi-site, multi-vendor deployment, with all sites connected to the security and operations center via

Honeywell’s Secure Tunnel.

Industrial Cyber Security Risk Manager is the

first solution to proactively monitor, measure

and manage cyber security risks in industrial

environments. Consolidating cyber threat

and vulnerability data into a single view, Risk

Manager promotes better decisions about cyber

security and enables industrial operators to

focus on the key risks to their enterprise.

With Enterprise Risk Manager (ERM), Risk Manager users can gain real-time visibility of

over 20 different Risk Manager sites in a single

dashboard at the Level 4 Business Network.

Secure Media Exchange (SMX) reduces the

cyber security risk and operational disruption

Why CyberVantage Security Consulting Services?

• Skilled resources to design and implement your critical industrial cyber security work

- Reduces risks of non-compliant work, which can trigger fines of up to $1.7M

- Enables competent implementation of key innovation strategies including digital transformation, Connected Plants, Industry 4.0 and Industrial Internet of Things (IIoT)

• On demand cyber security expertise

- Vital amidst cyber security skills shortages, 3.5 million unfilled cyber security positions by 2021 (cyber security ventures)

- Avoids anywhere from 7-10 years average team-building time ―with no need to train and manage in-house staff

• Cyber Security Assessments helped locate gaps, and associated risks; and establish an overview of the cyber security posture.

• Automated patch and anti-virus definition delivery has significantly increased server and workstation security.

• Honeywell technology monitors, protects and logs use of USB removable media throughout the facility.

Honeywell Performance Materials and Technology

• Strategic resources were needed to design a new facility network architecture to handle both current and future needs.

• Security overhead on the company’s system administrators was reduced through security technology standardization across business units, enabling one centralized admin team

• Productivity increased as software was implemented to automate and simplify daily operational work, such as patching to close vulnerabilities or update anti-virus

• A formerly flat network has been replaced with a defense-in-depth design and segmentation that better protects assets based on risk prioritization.

Greenfield Energy Facility in North America• CyberVantage experts delivered a

collaborative Technical Design Workshop to identify security needs across all company sites

• The delivered Reference Architecture and remediation work scoping has simplified visibility, management, and control of ICS security across sites

• Understanding critical infrastructure security level (SL3) and the latest industry standards has helped the customer clarify the path forward, saving them from costly mistakes and non-compliance.

Global Critical Infrastructure Provider

• Active monitoring and secure remote access has been provided to multiple remote sites for over eight years.

• Due to the success of this work, the company has expanded investments on Honeywell cyber security.

• PCN security updates are better managed and constantly kept up to date.

• Downtime has been reduced and the business is more responsive to issues before further deterioration.

• Secure remote support with full recording and audit trail of all activities allows for internal and external resources to safely perform work..

Binh Son Refining & Petrochemical

Customer Success Stories

For More InformationTo learn more about Honeywell’s CyberVantage

Security Services, visit www.becybersecure.com

or contact your Honeywell account manager.

Honeywell Process Solutions Honeywell1250 West Sam Houston Parkway South

Houston, TX 77042

Honeywell House, Arlington Business Park

Bracknell, Berkshire, England RG12 1EB

Shanghai City Centre, 100 Junyi Road

Shanghai, China 20051

www.honeywellprocess.comBR-14-17-ENG I 09/18©2018 Honeywell International Inc.