industrial cyber security - honeywell...3. sc ask cs to open a tunnel 4. vse polling the cs for...
TRANSCRIPT
INDUSTRIAL
CYBERSECURITY
ICS SHIELD INDUSTRIAL CYBER SECURITY
Elewa Ali
18th April 2019
Honeywell Confidential - © 2019 by Honeywell International Inc. All rights reserved.
High-level Challenges of IT-OT Integration
2
ICS/SCADA Complexity
• Multiple sites
• Multiple vendors requiring access to assets
• Multiple protocols on ICS network
• Multiple businesses
• Mix of legacy and proprietary equipment
• ICS security ownership is not clear
• OT/IT mindsets are very different
• Transition from plant-by-plant to plant-wide security practices
IT/OT Misalignment
• Cannot place experts at every site
• Manual processes don’t scale and only provide limited security
• Multiple security solutions partially utilized
Skilled Resources Shortfall and Budget Limitation
Honeywell Confidential - © 2019 by Honeywell International Inc. All rights reserved.
Honeywell ICS Shield
Industry Standard Platform for Secure Remote Access – 6000+ Installs
3
Top-down OT security management
• Automates top-down integrated approach for deployment and enforcement of plant-wide security policies
• Delivers unrivaled visibility, reliability and compliance for industrial plant operations
• Enables security of remote field assets from a single operations center
• Based on proven technology with over 6000 installs
Key Features:
• Secure remote access
• Secure file transfer
• Automated patch and AV updates
• Asset discovery
• Performance/health monitoring
• Compliance reporting
Honeywell Confidential - © 2019 by Honeywell International Inc. All rights reserved.
Grassroots-level OT Cyber Security Issues
4
Partial coverage of security essentials
• Multiple access points
• Partial data on assets & events
• No proper hardening
• No proper monitoring
• No proper governance
• No proper planning & accountability
Remote employees, control system vendors,
3rd party vendors, contractors
Honeywell Confidential - © 2019 by Honeywell International Inc. All rights reserved.
The Selected Approach for ICS OT Security Management
Define, automate and monitor security policies across disparate
ICS/SCADA environments, providing increased visibility, reliability and
compliance.
OT Security Managed
Secure what matters
and doing the essential
things right, repeatedly
Centrally define
plant wide policies,
then automate
execution and
monitoring
Focus on shielding endpoint industrial assets
5
Honeywell Confidential - © 2019 by Honeywell International Inc. All rights reserved.
ICS Shield Deployment
6
Virtual Security Engine
Distributed architecture and secure tunnel from plants to center
• Install SC at the data center
• Install VSEs at each plant
• Establish a secure tunnel, outbound, using port 443, TLS encrypted
• One FW rule to manage all remote connections
Honeywell Confidential - © 2019 by Honeywell International Inc. All rights reserved.
ICS Shield System Architecture
7
DISCOVER assets and devices
CONNECT secure remote access
PROTECT monitoring, patching, AV
Honeywell Confidential - © 2019 by Honeywell International Inc. All rights reserved.
Discover – The Starting Point For A Secure ICS
8
NIST Cybersecurity Framework
ID.AM-2: Software platforms and applications
within the organization are inventoried.
End-to-end visibility into the ICS environment
• Passive and Active options
• Discovery down to L2
• Configuration collection
• Change monitoring
• Asset classification & tagging
© 2019 by Honeywell International Inc. All rights reserved.
Security Center Dashboard (as of Q1 2019)
9
© 2019 by Honeywell International Inc. All rights reserved.
10
Case Study 1 – Discovery And Inventory
Multi-National Conglomerate
• Active & passive discovery
• Down to level 2
• 30 plants a year
• >200 plants in plan
• >1000 field assets/plant
Visibility of ICS network
Inventory control
Vulnerability snapshot
SOLUTION BENEFITS
Honeywell Confidential - © 2019 by Honeywell International Inc. All rights reserved.
Connect – Expert To Asset, Fast And Secured
11
Improving remote access security
• Centralized authentication
• Granular privileges
• Accountability with full audit
• Real-time supervision and session termination
• Password Vault
• Files & Data transfer
Authentication, Authorization,
and Accounting
Access Control (AC): Access to assets and associated
facilities is limited to authorized users, processes, or
devices, and to authorized activities and transactions.
Control system vendors, 3rd party
vendors, contractors
© 2019 by Honeywell International Inc. All rights reserved.
Remote Access Flow:Fast And Secure Access Of Experts To Assets
PR.MA-2: Remote maintenance of organizational
assets is approved, logged, and performed in a
manner that prevents unauthorized access
2. User is authenticated
3. SC ask CS to open a tunnel
4. VSE polling the CS for requests
6. Following a certificate based handshake, TLS encrypted outbound tunnel is established
5. Plant can approve/deny access, and thereafter supervise, record and terminate the remote session
7. Following approval session is initiated with granular privilege
Supported protocols:
• RDP
• VNC
• Telnet
• SSH
• HTTP/HTTPS
Vendor-Based:
• Simatic
• RSLinx/Logix
• Centum
• and all TCP & UDP based protocols …
1. 3rd party want to access an assets
12
© 2019 by Honeywell International Inc. All rights reserved.
Remote Access – Security Policy
13
© 2019 by Honeywell International Inc. All rights reserved.
Remote Access – Site Operator View
14
© 2019 by Honeywell International Inc. All rights reserved.
15
Case Study 2 – Secure Remote Access
Global Pulp & Paper Enterprise
• 150 plants
• 400-1000 field assets/plant
• 60 vendors
• 1500 routine users
60 1 remote access entry
Reduced risk to ICS network
Reduce TTR
SOLUTION BENEFITS
© 2019 by Honeywell International Inc. All rights reserved.
16
Case Study 3 – Secure Remote Access
Global Chemical & Plastics Producer
• 130 plants
• 500-1200 field assets/plant
• ~80 vendors and 3rd party
• 25,000 users
~80 1 remote access entry point
30% operational savings
Increased compliance
SOLUTION BENEFITS
© 2019 by Honeywell International Inc. All rights reserved.
17
• Minimize manual effort and human mistakes
• Improve security and compliance by standardizing on plant-wide policy
Protect – Automate Plant-wide Security Policy
1. Create a policy 6. Refine policy
3. Enforce
2. Distribute
5. Analyze and make decision
Information Protection Processes and Procedures
(PR.IP): Security policies, processes, and procedures
are maintained and used to manage protection of
information systems and assets.
4. Send data
17
Control system vendors, 3rd party
vendors, contractors
© 2019 by Honeywell International Inc. All rights reserved.
Site Compliance Report18
IP Address
Device Custodian
Device criticality
AV up to date?
AV installed?
AV running?
Successful backup?
Data collection complete?
SIEM integration healthy?
OS patches current?
OS supported?
© 2019 by Honeywell International Inc. All rights reserved.
19
Case Study 4 – Security Essentials Coverage
Global Tier-1 Oil & Gas Enterprise
• 30 upstream & downstream plants
• More plants are pending
• Outsourcing Operations
• 2500 users
• Shielding 400-1600 field assets/plant
Drove annual cost savings
Reduced risk to ICS network
Increased compliance
SOLUTION BENEFITS
Asset Inventory
• Semi-Automated Collection of PCD Assets and Asset
Information
Process Control Domain (PCD) Access
• Standardised Remote Access on a Single Platform
Maturity Reporting
• Centralised, Automated Maturity & Compliance Reporting
Patch Management
• Automate QPL Synchronisation and Standardized,
Automated Patching
Anti-Virus Management
• Automated Update of Approved AV Signature Files
Log Collection
• Leverages Group Standard SIEM for Global Awareness
© 2019 by Honeywell International Inc. All rights reserved.
Enjoy The Upside Of Connected Plants & Minimize RiskW
Summary
• Assess your level of industrial cyber security maturity
• Manage cyber security as a program
• Solve the immediate challenges with clear ROI
• Ensure value for central IT as well as plant people
• Focus on the essentials
• Choose the right experienced partner
• Consider outsourcing planning, implementation and management
20
© 2019 by Honeywell International Inc. All rights reserved.
Thank You!
21