managed industrial cyber security services · 2014. 10. 6. · products and services specific to...
TRANSCRIPT
Managed Industrial Cyber Security Services
Lifecycle Solutions & Services
Around the world, industrial firms and critical infrastructure operators partner with Honeywell to address the unique requirements of cyber security in process control environments. Honeywell’s broad expertise encompasses automation assets and their integrated communication networks— a distinct advantage in control system security.
Secure Industrial Control Systems and Mitigate Risk with Honeywell’s Managed Industrial Cyber Security Services.
With cyber security management tools specifically designed for the process control domain, Honeywell’s suite of technology infrastructure services helps secure the various aspects of a customer’s Distributed Control System (DCS). These services include an array of security defenses integrated to protect the network, workstations, applications, and process equipment. Supervising the operation of the DCS, Honeywell’s sophisticated analysis and reporting solutions provide the insights needed to quickly ascertain the status of critical control system assets.
This approach results in enhanced operating system security, stability and reliability, ultimately contributing to improved production and safety for complex industrial plant domains.
Best Practices for Managing Industrial Control System Security.
For Industrial Sites, Vulnerabilities Can Include:
• Connections between the corporate IT network
and Process Control Network (PCN)
• Unsecured access for maintenance or 3rd party
contractors or vendors
• Removable media brought into the site including
USB drives, external hard drives, and CD/DVDs,
as well as laptops and smart phones
• Out-of-date malware signatures
• Obsolete or unpatched operating systems
• Inadequate firewall configurations
• Unauthorized network activity
With the rising threat of industry focused malware, your Industrial Control System (ICS) is vulnerable to attack, disruption and damage. Cyber attacks on plant automation systems have not only increased, but they have grown more sophisticated in recent years. From targeted information gathering and theft, to elimination of crucial data, these intrusions represent a real and present danger to plant productivity, reliability, and safety.
Best Practices for Managing Industrial Control System Security.
Honeywell has developed a complete portfolio of Industrial Cyber Security products and services specific to the needs of your control network. These solutions form a cyber defense foundation and operate to safeguard both the business and human interests of the process control environment.
Managed Industrial Cyber Security Services
Protecting plant operations requires not only robust
firewalls, but also additional security measures and
defenses. Honeywell’s Managed Industrial Cyber
Security Services address the security of your ICS
and plant assets and include:
Secure Connection
Secure, customer initiated communication
tunnel for services.
Intelligence Reporting
Delivers insights into the operation and cyber
security status of DCS components and the PCN.
Continuous Monitoring and Alerting
Provides 24/7 monitoring of system, network
and cyber security performance and automated
alerting against thresholds.
Protection Management
Provides Honeywell-tested and approved
patches and anti-malware definitions.
Perimeter and Intrusion Management
Offers firewall support, and Intrusion Protection
System (IPS) implementation and management.
Honeywell’s Managed Industrial Cyber Security solutions provide the services and information needed to reduce the risk of security breaches and manage the essential elements of your process control infrastructure.
Secure Connection Honeywell’s Secure Connection is a
secure, customer-initiated connection to
Honeywell’s Security Service Center
(HSSC). It features a certificate-based, bi-directional,
two-factor authentication process to create an
encrypted tunnel, protecting data even through the
site’s corporate network.
Honeywell’s Secure Connection functions very
much like a castle’s drawbridge. If the site chooses
to connect to Honeywell, the drawbridge can be
lowered or raised, with the site retaining control of
the connection. Honeywell can request, but not
initiate a connection.
When a site launches Honeywell’s Secure Connection,
an authenticated, encrypted Virtual Private Network
(VPN) is established. This VPN can terminate solely
at the HSSC. Only upon creation of a secure connection
by the site, can Honeywell then communicate via
the Secure Connection tunnel.
Under complete site control, the Secure Connection
features easy-to-configure security policies dictating
the connection frequency to Honeywell’s HSSC.
Configuration as either an automatic or continuous
connection enables the efficient sending of alert
conditions for prompt attention. Manual connections,
initiated solely by authorized site personnel, may
alternatively be selected at any time.
Secure Connection security policies can be set to allow
the HSSC to view connected devices, including
Experion® control systems, on the site’s PCN for faster
identification of potential issues. Configuration can
also be set to enable additional diagnostic routines
should certain system problems be detected, providing
more information on the root cause of an issue.
All Secure Connections and actions are captured
and recorded with a full, non-optional audit.
Leveraging the non-optional audit trail, the Secure
Connection can serve as a single point of access
for third-party vendors and contractors if desired.
Providing policy-based, controlled communications
with a record of all actions, the Secure Connection
can be a useful tool in tracking third-party activities.
Honeywell HSSCs are the only termination points for
Honeywell Secure Connect tunnels. Currently, there
are centers in Europe and the U.S. for global support.
These facilities have added physical and cyber security
controls and monitoring in place for secure, encrypted,
customer communications. Access is restricted
to certificate-authenticated engineers and is tightly
managed by Honeywell Service Center personnel.
Intelligence Reporting Visibility into the cyber security
environment of control networks is a
critical element for an effective defense.
A robust cyber security strategy requires not only
deploying multiple defenses, but also monitoring the
security conditions of the network itself. With more
sophisticated attacks evading common detection
processes, it is crucial to know individual network
element trends in order to detect—and respond—
to possible breaches.
Honeywell’s advanced intelligence technology
transforms masses of system statistics into actionable
trends. This powerful management reporting solution
provides both critical site information and predictive
hardware analysis, as well as details on current cyber
security vulnerabilities and attacks.
Honeywell’s Intelligence Reporting capabilities help
you stay ahead of potential attacks and take quick
protective action when needed. Our system currently
provides both quarterly and weekly performance
reports. Leveraging statistics presented by Honeywell’s
Secure Connection, the reports include summaries
and charted trends of network and system events.
The reports also identify degrading conditions, and
predict hardware vulnerabilities.
The information also functions as a key source of
formatted compliance-related data, all streamlined for
quick, timely assessments to improve site and network
security, performance, and management. Reporting
information provides highlighted parameters, trends,
and number of events per device for fast scanning
and identification of equipment issues and possible
threats. Reported critical information includes:
• Alerts and availability conditions for controllers,
workstations, and servers
• Failed log-in attempts and credentials
• Installation status of anti-malware and OS patches
on servers, workstations, and systems
• Security-flagged conditions such as CPU
degradation, increased network traffic, firewall
status and conditions, and backup availability.
Honeywell’s Intelligence Reporting highlights system
and network actionable information from masses
of equipment and network statistics to help plants
optimize PCN management and security.
Continuous Monitoring and Alerting Modern automation systems monitor
and manage manufacturing equipment
to optimize production efficiency. But what watches
these distributed control systems? A DCS typically
includes routers, switches, controllers, and Windows-
based servers and workstations, all communicating
on the process control network. Monitoring the PCN,
including all attached devices, is crucial not only for
process orchestration, but also for the security of the
entire site. Compromised security opens a plant to
modification of processes and production mixes,
potentially affecting the quality of the produced product.
These modifications, ultimately stemming from poor
ICS security, can result in reduced plant output,
unsaleable products, or even far worse consequences.
Honeywell’s Continuous Monitoring and Alerting
monitors the performance and health conditions of the
PCN including controllers, servers, and workstations.
If an event is detected, or if thresholds are exceeded,
an alert is automatically generated. The alert thresholds
are different for each system and device to provide
accurate and useable event information. Should an
alert condition be detected, an email or SMS text alert
message will automatically be sent to the contact (or
contact alias) of the site — 24/7 as part of the service.
Additionally, alert messages may include attached
troubleshooting techniques to help resolve the issue.
Protection Management All of Honeywell’s Protection Management
services include application testing on
test bed systems emulating a customer’s
production environment. Testing and qualification of
newly released patches and anti-malware files adds to
system stability by identifying and restricting potential
ICS conflicts before implementation on site. This
helps take the worry out of updates, and customers
are assured that installing Honeywell-approved releases
will add to the reliability and security of their system.
Honeywell’s Industrial Secure Connection is used to
provide automatic, encrypted delivery of all patches
and anti-malware files. This method is designed
to reduce the potential for tampering, contamination,
or modification of files from email transmissions or
compromised hand-carried media.
Malware Protection
Formerly known as anti-virus programs, applications
such as McAfee and Symantec are a critical piece of
control system defense. These applications function
to identify and block harmful code from running on
Microsoft Windows® operating systems, and work in
conjunction with signature files identifying specific
viruses, worms, spyware, and trojans.
It is imperative that anti-malware programs remain
up-to-date; each and every workstation and server
should employ the latest release of malware signature
files to help prevent intentional failures or deliberate application malfunction of the PCN. A single unprotected
piece of hardware has the potential to spread malware
and jeopardize other networked devices, with some
malware enabling backdoors for unauthorized access
to the system. Malware can also include root kits to
hide in an operating system to escape detection.
Honeywell’s Protection Management service includes
qualified anti-malware files with encrypted delivery
to ensure signatures have not been compromised
or contaminated. Installation of current, Honeywell-
approved signatures will help keep malware—
and its potential effects—out of the ICS.
Operating System Patch Management
Operating System (OS) patch software is necessary
to update a computer’s program to fix problems,
or more frequently, to close discovered security
vulnerabilities. These vulnerabilities are akin to an
open door that allows malware to enter. Patch
installation closes this door and complements
anti-malware programs.
Suppliers of operating systems such as Microsoft
Windows release patch updates for their software.
Too often, however, patch installation takes a lower
priority at industrial sites due to time and personnel
constraints. Additional planning to accommodate
the occasional dreaded reboot is also required.
Nevertheless, installation of these patches helps
block multiple malware vulnerabilities to reduce
system breaches, prevent unauthorized shutdowns,
and keep control systems operating properly.
Honeywell extensively qualifies all operating system
patches on custom test beds before release to our
customers. This non-trivial approach is done so that
there are no unexpected control system consequences
as a result of a patch installation. Additionally, file
integrity is maintained through encrypted Secure
Connection delivery. These enhancements support
continued process stability and production at
plant facilities.
Control System Patch Management
Honeywell DCS updates are custom-built and based
on each site’s configuration. Our industrial controls
experts determine the specific software needed for
each customer location, and only that selected
software is sent. This custom software load has no
extraneous elements or unnecessary code. The
result is a reduced cyber attack profile, and improved
system efficiency, reliability, and security.
Optional On-Site Patch Deployment
On-site patch installation service is available
from Honeywell using our technical field experts.
Coordinating with site operations, Honeywell
technicians will manually patch the designated
PCN with the latest tested and approved
software releases.
Perimeter and Intrusion Management Protecting the productivity, reliability,
and safety of the plant is of paramount
importance. Firewalls are the first line of defense to
keep unwanted traffic and potential attackers out of
the ICS network. With improved processing speeds
and reduced latency, today’s high-performance firewalls
can now also be deployed between process control
levels or zones as additional defensive elements
around the process equipment core.
An Intrusion Prevention System (IPS) complements
firewalls by examining traffic that has made it onto
the internal network. It analyzes both the data packets
and the network traffic flow and compares these to
the patterns, or signatures, commonly seen with
malware. Utilizing sophisticated behavior analysis, an
IPS monitors and protects the internal network from
malware or attacks that may have been well hidden
in other legitimate applications. Ideally, firewalls and
Intrusion Prevention Systems should be used
together to block and remove security threats from
process control networks.
It is important to remember that firewalls and IPS
technology only work well when properly configured
and consistently maintained. Honeywell’s Perimeter
& Intrusion Management expertise provides the
appropriate configurations, custom definitions,
and ongoing monitoring required for the industrial
manufacturing environment—adding real security
to plant systems and operations.
Honeywell-managed firewalls and Intrusion Prevention
Systems form a critical barrier, functioning to secure
key areas and strengthen ICS defenses. Firewalls,
IPS, anti-malware, and patches each have different
protection approaches, and Honeywell strongly
recommends that all four be deployed and kept
up-to-date for optimum PCN protection.
Benefits of Honeywell’s Managed Industrial Cyber Security Services Honeywell’s Managed Industrial Cyber Security
Services combine leading engineering analysis
with the industrial expertise essential in process
control environments. Leveraging an encrypted
Secure Connection, the services provide Protection
Management, Continuous Monitoring and Alerting,
Intelligence Reporting, and Perimeter and Intrusion
Management.
Additionally, Honeywell’s system and security
professionals offer the experience and expertise you
can rely on to assist you in managing your site’s
cyber security and system requirements. Honeywell’s
Managed Industrial Cyber Security Services are
designed to provide the requisite tools, services,
and solutions needed to lower the risk of security
breaches and improve the management of your
PCN. With Honeywell’s Managed Industrial Cyber
Security Services, industrial organizations and critical
infrastructure sites can achieve unparalleled visibility
and control into the system and cyber security
conditions of their control network infrastructure.
Additional Honeywell Products and Services Honeywell provides a full range of products and
services to help customers manage and secure
their industrial control systems. Leveraging our
industry leading process control and cyber security
experience, our expertise, and technology,
Honeywell delivers proven cyber security solutions
designed for the specific needs of process control
environments. Our cyber security solutions include
secure architecture analysis, design and optimization,
security assessments and audits, policy development,
operational security controls and training, network
security, endpoint protection, and response and
recovery services. These solutions help protect the
availability, safety and reliability of industrial control
systems and plant operations.
Assessments& Audits
Architecture& Design
NetworkSecurity
EndpointProtection
SituationalAwareness
Response& Recovery
P E O P LEP R O C E S S
TE C H N O LO G Y
Honeywell Industrial Cyber Security Solutions
BR-14-17-ENG October 2014©2014 Honeywell International Inc.
For More Information
To learn more about Honeywell’s
Managed Industrial Cyber Security Services,
visit www.becybersecure.com or contact
your Honeywell account manager.
Honeywell Process Solutions
Honeywell
1250 West Sam Houston Parkway South
Houston, TX 77042
Honeywell House, Arlington Business Park
Bracknell, Berkshire, England RG12 1EB
Shanghai City Centre, 100 Junyi Road
Shanghai, China 20051
www.honeywellprocess.com