rudrajit roy industrial cyber security · • maintain uptime and meet production goals and other...

A Comprehensive ApproachINDUSTRIAL CYBER SECURITYRudrajit Roy

20 October 2016

Honeywell Confidential - © 2016 by Honeywell International Inc. All rights reserved.

Agenda

• Global Industrial Cyber Security Journey

• Industry Best Practices

• Honeywell Industrial Cyber Security – Who we are, What can we do?

• Honeywell Risk Manager

• Why Honeywell?

• DEMOs at the Technology Center

1


SAFETY Culture Vs CYBER Security Culture

No Safety, Reliability & Availability without Cyber Security

• Walking through the area without

a hard hat or applicable PPE?

• Beginning to welding without hot

work permit?

• “I don’t have time for the hazard

assessment”

• Configure without security, path

of least resistance

• Connecting untrusted portable

devices to critical

networks/devices

• “I don’t have time to scan”

On the operations floor, which scenario would be considered the more serious violation?

Complacency is not tolerated for safety,

why Cyber?

2


Global Journey – Industrial Cyber Security

Integral part of Control System Lifecycle

2010 YOUNG &

IMMATURE

1. FEAR

2. AVAILABILITY,

SAFETY and

RELIABILITY

3. STANDARDS and

COMPLIANCE

Starts MATURING

1. STANDARDS and

COMPLIANCE

2. AVAILABILITY,

SAFETY and

RELIABILITY

3. FEAR

• Scientific Discipline

• Integral part of

Control System

Lifecycle

• Never “ Solved “ but

“ Managed “

• Attack Back

PRESENT FUTUREPAST

3


Industrial Cyber Security Standards

Honeywell Experience

United Arab Emirates

• NESA National Electronic Security Authority

Qatar

• ICT Qatar National Electronic Security Authority

Standards organizations such as

• IEC International Electro technical Commission

• ISA International Society of Automation

• ISASecure ISA Security Compliance Institute

• ISO International Standards Organization

United States of America - Government / semi-government

• NIST National Institute of Standards &Technology

• NERC CIP North American Electric Reliability Corporation / Critical Infrastructure Protection

4

Standards/NESA - UAE.pdf

Standards/ICT - Qatar.pdf

Standards/IEC 62443.pdf

Standards/ISA99.pdf

http://www.isasecure.org/en-US/End-Users/ISASecure-Certified-Devices

http://www.iso.org/iso/home/standards/management-standards/iso27001.htm


Industry Best Practice – Purdue model of Controls

• IEC-62443, ISO-99, NIST, ICT Qatar, NESA, etc.

- Demarcation (DMZ Deployment)

- Layered structured

3rd Party PLC Modbus TCP SCADA

Controllers Honeywell C300 3rd Party PLC Modbus TCP SCADA

Controllers

3rd Party DCS Systems

3rd Party DCS

Honeywell C300 PLC Modbus TCP SCADA

Controllers

Advanced Control Systems

Security Management PCN Monitoring

Level 3PCN

EPKS R410.x EPKS R430.x

Experion PKS

Network Monitoring Performance Monitoring Patch & Update Services

HoneywellManaged Services

Proxy / Relay Server

Remote AccessDMZ (PROD)

Honeywell Managed Service Center

IPS Sensor

Remote Users

Internet

Blade Chassis

IPS Sensor

Level 2

Level 2.5

Level 3

Level 3.5

Level 4

Internet

Level 1

IPS Sensor

Business LAN

Dell 01

ICS 201S

Dell 02

ICS 202S

ICS 203S

Dell 03

ICS 204S

Dell 03

ESXi hosts

L2.5 Routers

L3 Routers

L3.5 Firewalls

PCS Historian E-SVR / Collaboration Station

Process ControlDMZ

VPN

Backup & Restore VM Monitoring Passive Vulnerability

Monitoring

Honeywell Virtualization

Honeywell FTE Network

Threat Intelligence Next Generation Firewalls Intrusion Detection System Intrusion Prevention System Data Diode

Risk Manager Security Information & Event

Management (SIEM) Network Performance and Security

Monitoring Network Access Control

Backup & Restore System Hardening VM Performance Monitoring Domain High Security Policy User Access Control Passive Vulnerability Monitoring

OS/Application Vulnerability Management

Application Whitelisting ICS USB Protection Anti-Virus / Malware Protection Security Patch Management

Managed Industrial Cyber Security Services

EPKS R410.x EPKS R430.x

Experion PKS

Status

Power

FirewallCont rol

Honeywell MODBUS/TCP Firewall

Honeywell Control Firewall

Passive Security Monitoring Sensors

Backup & Restore VM Monitoring Passive Vulnerability

Monitoring

Honeywell Virtualization

ProxyFirewall

ESXi hosts

Power

Status

FirewallCont rol

Status

Power

FirewallCont rol

Power

Status

FirewallCont rol

Control

Zone

DMZ

EnterpriseZone

5


6

Honeywell Industrial Cyber Security



Global Operations with Local Focus

Amsterdam

AtlantaHouston

Edmonton

Santiago Perth

Kuala Lumpur

RSC + HICS

HICS Office

Private LSS RSC

HICS Resource(s)

Dubai

Global setup to serve

global organizations

as well as local asset

ownersBucharest

Pune

7


Complete Industrial Cyber Security Solutions

Proven, Trusted and Industry Leading

• Professional Field Services

- Advisory consulting

- Implementation and systems integration

- Operational service and support

• Managed Cyber Security Services

- Continuous monitoring and alerting

- Secure automated patch & signature updates

- Cyber expert support and co-management

• Honeywell Cyber Security Software

- Industrial Cyber Security Risk Manager

- Monitoring platform and assessment tools

• Integrated Partner Technology

Comprehensive, Holistic and Vendor Neutral

8


Solutions Addressing Cyber Security End to End• Industrial Cyber Security Vulnerability &

Risk Assessments

• Network & Wireless Assessments

• Cyber Security & Compliance Audits

• Policy and Procedures Development

• Firewall, Next Gen FW

• Intrusion Detection & Prevention (IDS/IPS)

• Access Control

• Industrial Patching & Anti-Virus

• Industrial Application Whitelisting

• End Node Hardening

• Portable Media/Device/USB Security

• Continuous Monitoring

• Compliance & Reporting

• Cyber Security Risk Manager

• Industrial Security Information& Event Management (SIEM)

• Cyber Security Awareness & Training

• Current State Analysis

• Secure Design and Optimization

• Zone & Conduit Separation

• Backup and Recovery

• Incident Response Planning

• Incident Response:On Site & Remote

• Forensics & Analysis

9


Customer Demonstrations

Training and Certification

Solutions Development

Industrial Cyber Security Solutions Lab

World-Class, Industry Leading Innovation

Flexible Model of Complete Process Control Network

10



Monitoring, Reporting and Honeywell Expert Support

Patch and Anti-Virus Automation

Security and Performance Monitoring

Activity and Trend Reporting

Advanced Monitoring and Co-Management

Secure Access

Tested and qualified

patches for

operating systems &

DCS software

Tested and qualified

anti-malware

signature file

updates

Comprehensive

system health &

cybersecurity

monitoring

24x7 alerting

against predefined

thresholds

Automated inventory

Monthly or quarterly

compliance &

performance reports

Identifying critical

issues and chronic

problem areas

Firewalls, Intrusion

Prevention Systems,

etc.

Honeywell Industrial

Cyber Security Risk

Manager

Highly secure remote

access solution

Encrypted,

two factor

authentication

Complete auditing:

reporting &

video playback

11


Honeywell Security Service Center (SSC)

12


Honeywell SUIT Lab Security Update Investigation Team

Testing & Qualification of Microsoft Patch Updates & Anti-Malware Updates for Honeywell Systems

13


Honeywell Expertise

Operational Technology Experience

14


Cyber Security Controls and Tools: Examples

Security Management

Intrusion Protection & Threat Intelligence

Application & Endpoint Security

Next Generation Firewall

Network Security

15


Roadmap

16


Cyber Trainings by Automation College

Trained ‘people’ = effective Cyber Program

17


Honeywell Risk Manager

No Need to be a Cyber Security Expert, made for DCS

Risk Location

WHERE IS IT

COMING FROM?

Risk Indicators

WHAT DO I NEED

TO DO?

Risk Sources

WHAT IS CAUSING

THE RISK?

Risk Trends

HOW AM I DOING?

18


Proven and Trusted

• Continuously & Real-time

• Identify & Analyze

Vulnerabilities and Threats

• Inside and Outside attacks

• Employee actions

• Devices on Network

• Network Traffic

• Rogue Devices

• Immediate Notifications

Monitor

• Time to implement security

patches

• % of endpoints free of

malware and viruses

• Reduction in unplanned

system downtime

• Reduction in number of known

vulnerabilities & Threats

• Percentage of recurring

incidents

• Improvements in overall site

risk

Measure

• Reactive to proactive cyber

security planning

• Accurately track

improvements

• Generate correct reports

• Trending help you gauge the

impact of decisions

• Manage workflow and

prioritize resources based on

risk severity

• No reconfiguration of system

with each upgrade

Configuration data and risk

settings are preserved

Manage

19


Value Proposition

20


Addresses Stakeholder Responsibilities

Proven and Trusted

• Provide updates on the site’s

security posture

• Have accurate measurements of

risk aligned with industry standards

• Help focus resources on addressing

threats

• Maintain uptime and meet

production goals and other core

business objectives

• Gain the know-how to prioritize

efforts to manage risk

• Assess the impact of security

controls on automation

performance

• Establish and improve metrics for

out-of-date patches and anti-

malware.

• Anticipate cyber security scenarios

• Plan for protective measures/safe

operating procedures

• Understand how possible attacks

might disrupt operations

• Monitor the IACS for indicators of

threats

• Track/monitor assets according to

different zones.

• Demonstrate cyber security due

diligence to board of directors,

investors and regulators

• Map key risk indicators to KPIs

• Demonstrate the value of cyber

security investments

• Incorporate meaningful cyber

security risk ratings into risk

management frameworks and

evaluate compliance efforts

Control Engineers ExecutivesPlant Management

21


Proven

Experience

• Global team of certified Industrial

Cyber Security experts

• 100% dedicated to Industrial Cyber

Security

• Experts in process control cyber

security

• Leaders in security

standards ISA99 / IEC62443 / NIST

• 10+ years industrial cyber security

• 1,000+ successful industrial cyber

projects

• 350+ managed industrial cyber

security sites

• Proprietary cyber security

methodologies and tools

• Largest R&D investment

in industrial cyber security

• Strategic partnerships with leading

cyber security

product vendors

• Industry first Cyber Security Risk

Manager

• State of art Industrial Cyber Security

Solutions Lab

Investment and InnovationIndustrial Cyber

Security Experts

Why Honeywell?

Proven Industrial Cyber Security Solution Provider

Minerals,

Metals & Mining

Refining &

Petrochemical Chemicals Power Generation Pulp & PaperOil & Gas

22


Demo @ Technology Center

23


Industrial Cyber Security Risk Manager

Proactively Monitor, Measure, and Manage Industrial Cyber Security Risk

Easy-to-use interface and built in guidance eliminates need to be a cyber security expert

Real time data collection and analytics, continuously monitors for indicators of cyber security risk

Internal health monitoring helps ensure the system is operating at optimum level

Low impact monitoring won’t disrupt plant operations or cause network delays

First and only of its kind for

Industrial Environments

Available Globally

Proactively identifies vulnerabilities & detects threats that could impact the ICS

24



Database Servers

Application Servers

Communication Server

Experion Servers

Domain Controller

EST/ESF

ACE

Relay Node

Service Node

Domain Controller

eServerTerminal Server

EST/ESF 3rd Party Historian

Level 4

Level 3.5

Level 3

Level 2

Level 1

Corporate Proxy Server

Anti malwarePatch ManagementMonitoringSecure access

SSL Encrypted communication

Connects to Honeywell Security Service Center ONLY!

Isolates ICS/PCN

Restricts unauthorized ICS/PCN nodes from sending or receiving data

Ensures no direct communication between L3 and L4

Security Service CenterIndustrial Site Internet

Ge

t u

pd

ate

s

Sen

d d

ata

Ge

t u

pd

ate

s

Co

llect

mo

nit

ori

ng

da

ta

25



Follow us: www.twitter.com/InSecCulture

Blog: http://insecurity.honeywellprocess.com

Bulletin Board: http://hpsvault.honeywell.com/sites/hpsvault/services/

Website: http://www.becybersecure.com

Safdar Akhtar

Director Business Development

ME, Africa and Asia Pacific

cell: +971 56 418 8706

[email protected]

Rudrajit Roy

Business Development Manager

India and SEA

cell: +602 4646915

[email protected]

Mike Spear

Global Operations Manager

phone: +1 (770) 689-1132

cell: +1 (678) 447-6422

[email protected]

Chee Ban Ngai

APAC Operations Manager

cell: +60-122330915

[email protected]

26

http://www.twitter.com/InSecCulture

http://insecurity.honeywellprocess.com/

http://hpsvault.honeywell.com/sites/hpsvault/services/

http://www.becybersecure.com/

mailto:[email protected]




Thank You

www.becybersecure.com

http://www.becybersecure.com/


Backup Slides

28


IT Vs OT

Corporate

IT

Industrial Controls Systems

OT

Risk Non life threatening Safety

Availability &

ReliabilityImportant – Down time is acceptable Critical – Downtime is not acceptable

Architecture & Traffic

type

Voice, Video, Data over business IT

infrastructure

Events drive, real-time, Industrial embedded HD

and SW. Controls, safety, motion, time

synchronization, etc.

Interfaces

OS and applications, Unix, terminals,

keyboards, web browsers, Graphical

user interfaces, etc.

Servers, Sensors, E/M switches, actuators, relays,

PLC, DCS, SCADA, etc.

Customized embedded OS

Communication

connectivity

LAN based on dynamic IP, WAN Based

on optical, etc.

Plant based on static IP over ethernet or

customized twisted pair, etc.

Roles &

Responsibilities

Support and protect business

applications

Support plant critical processes

Availability, reliability and safety

29

rudrajit roy industrial cyber security · • maintain uptime and meet production goals and other...

Documents