CYBERVANTAGE TM SECURITY CONSULTING SERVICES

Transcription

1 Industrial Cyber Security CYBERVANTAGE TM SECURITY CONSULTING SERVICES Where Innovation Meets Implementation to Drive Industrial Cyber Security Excellence

2 Innovation and Implementation: Industrial Cyber Security Services from ICS Experts Industrial companies no longer have to choose between security and the power of connected enterprises. CyberVantage Security Consulting Services provide over 30 specialized industrial cyber security offerings and custom consulting to help process control industries safely operate and connect. Fully embrace the potential of digitisation, cloud analytics and the Industrial Internet of Things (IIoT), while preparing your business for new levels of cyber risk. Engage with our experts for a comprehensive range of services, from wired and wireless network assessments, to security program design and solution implementation. CyberVantage consultants are well versed in both industrial operations and cyber security, with experience across technical disciplines or a single technical domain. Our full-lifecycle services focus on industrial control system (ICS) environments to reduce your operational risks and help you: Understand & improve cyber security readiness Securely plan and implement major migrations Meet regulatory requirements Evaluate current cyber security program resilience Improve ICS incident response Improve personnel cyber security competence. Make your systems more secure, keep them connected, and ensure they remain up and running for a safer, more reliable and more profitable business. A growing danger Increased digitization and connectivity in industrial control systems have massively increased the cyber attack surface. With more assets and operational processes automated and connected, the potential to exploit vulnerabilities grows. So, too, do regulatory expectations. Governments worldwide are moving to secure critical infrastructure to protect the public. Organizations not safeguarding their systems face significant penalties and damage to their reputation if cyber security does not meet required standards, even without a successful breach. Where attacks succeed, the consequences can be severe crippling computers, shutting down systems endangering people and, facilities and potentially costing millions. From Stuxnet and Sandworm, to Shamoon and WannaCry, malware is specifically targeting industrial control systems and even safety systems 1. More than half of industrial facilities have experienced some form of cyber security incident, 2 and three quarters say they expect an attack on their industrial control system. 3 Worldwide there s a shortage of cyber security expertise to address this growing risk. Fewer still have operational technology expertise as well as critical security skills. The expertise you need for peace of mind Honeywell is a technical leader in addressing cyber security challenges in industrial control system environments. We complete hundreds of cyber security projects every year. Decades of experience and the latest thinking delivers effective ICS cyber security solutions globally. We have half a century s experience with SCADA, DCS and industrial control systems, and more than 15 years delivering cyber security services across process control industries. Our experts have deep domain knowledge across oil and gas, refining, 1 hackers-halt-plant-operations-in-watershed-cyber-attackidukkbn1e WHITE%20PAPER.pdf The benefits of CyberVantage Security Consulting Services Safely connect industrial facilities to adopt IIoT and digital transformation Improve cyber security maturity levels Demonstrate cyber assurance to C-suite, stakeholders and insurance carriers Optimize resources for managing cyber risks Ensure regulatory compliance and avoid fines Protect your business and reputation Prevent downtime and incidents caused by cyber attacks. The CyberVantage Difference at a Glance Full range of 30+ services, strategic and tactical, to improve industrial cyber security and operations Safe-on-site, experienced personnel Global Centers of Excellence for customer access to industrial cyber security talent 200+ Honeywell community of industrial cyber security experts.

3 chemicals, power, pulp and paper, food and beverage, and mining and minerals. We are safe onsite. Our experienced practitioners are certified for work offshore and on site. Honeywell s people know how to operate safely and effectively in critical facilities and hazardous environments. We have a global reach with industrial cyber security innovation labs and Centers of Excellence in the Americas, EMEA and APAC to expedite your initiatives wherever your facilities are based.

4 A Comprehensive Portfolio of Services From operational technology policy development and assessments to implementation and remediation, our teams provide full-lifecycle industrial cyber security consulting services that help companies safely operate and connect. Cyber Security assessments and audits Providing an objective measure of your security posture and identifying vulnerability gaps with specific remediation recommendations, our assessments and audits help you focus efforts to reduce risk; provide assurance or evidence to influence decision makers; drive consistent standards across the business; and operationalize the integration of security into digital transformation and plant modernization plans. We can help uncover security issues, as well as develop actionable roadmaps to prioritize and address identified concerns. With recurring assessments, businesses can track progress and address new vulnerabilities and evolving threats that degrade security over time. Assessments can uncover unsecured passwords, software vulnerabilities, end of service equipment, weak encryption, insecure connections and open unauthorized access to secure systems. Our consultants deliver a wide range of assessments and audits covering different areas and depths to meet customers individual needs: Cyber security assessments Threat/Risk assessments Network assessments Wireless network assessments Security audits. Penetration testing As a stand-alone service or as part of an assessment engagement, CyberVantage Penetration Testing will put your cyber security program through its paces. Acting as white hat hackers, our experts provide a safe simulation of an attack on the network within the parameters you define, and deliver a detailed report with recommendations for mitigating risks and vulnerabilities. Whether targeted against a single application, a network or entire facility, penetration testing enables businesses to see what an attack would look like: Identifying gaps in security technology coverage Revealing vulnerabilities that cannot be detected by automated tools, such as insecure password storage or weak inmemory malware detection Testing an organization s detection and responses to see if defenders can detect and prevent an attack in progress Providing validation, justification, and business cases for investment in OT security. Providing detailed evidence of whether and how You can t manage what you can t measure Our objective assessments are closely aligned with the National Institute of Standards and Technology s (NIST) Cyber Security Framework (CFS) tiers of implementation. Companies pursuing security levels to follow best practices or comply with cyber security regulations, such as IEC or ANSSI, can engage Honeywell services at any stage of their compliance effort. Backup and Recovery Incident Response Planning Incident Response: On Site and Remote Forensics and Analysis Response & Recovery Assessments & Audits Continuous Monitoring Exchange (ATIX) Industrial Risk Manager SIEM Advanced Threat Intelligence Compliance & Reporting Awareness & Training Asset Inventory & Management Situational Awareness PEOPLE PROCESS TECHNOLOGY Architecture & Design Industrial Patching and Anti-Virus Industrial Application Whitelisting End Node Hardening Secure Media Exchange (SMX)/USB Security Endpoint Protection Network Security

5 Model for industrial cyber security maturity - levels run from 0 (non-existent) to 5 (optimized) CyberVantage consultants can help companies identify their current industrial cyber security maturity level and implement actions to improve security measures. 3 DEFINED 4 MANAGED S E C U R I T Y M A T U R I T Y L E V E L 0 NON-EXISTENT Little or no cyber security measures/ standards in place 1 AD HOC Disparate processes Individualized efforts No assessed risk Not repeatable Not scalable Not strategic 2 REPEATABLE Management: Some repeatability Some process defined Some process documented Some shared capabilities Some automation Solutions: Strategy and processes defined Business outcomes defined Assessment findings available Some risk understanding Solutions managed individually Services: Program in place Managed by objectives Governance structure Strategic efforts Consistent risk reviews Ongoing adjustments to people, process and assets Solutions managed and measured holistically (self or via provider) 5 OPTIMIZED Security Program: Enterprise-wide management Benchmarking Monitoring Ongoing feedback Strategic improvements: Cyber skills development Digital transformation Risk management best practices security can be breached, penetration tests can be defined to users exact requirements, including external, perimeter security and process penetration testing. All test reports are designed to help those responsible for implementing security at the site understand what our experts did, how they did it, and how the site could prevent them from doing it again. System architecture and design Proactive industrial companies have learned that considering security early in the network design stage can vastly improve reliability and scalability. Industrial network architectures and topologies can include segmentation of security zones and conduits, for example, to limit the impact of a cyberattack. Vulnerability and Risk Assessments Network and Wireless Assessments Current State Analysis Secure Design and Optimization Cyber Security/Compliance Audits Industrial Penetration Testing ICS Shield and Risk Manager Zone and Conduit Separation Our experts can analyze your current state to recommend and document best practice design specifications. Leveraging their deep understanding of architectural impacts on system configurations and control system performance, they can deliver detailed recommendations to optimize availability and avoid system conflicts. Tapping our expertise before you expand or change your network can help better secure your perimeters and protect your high priority system resources. Network Security for modern and legacy infrastructure Honeywell security experts will make your operational assets a more difficult target for A return on investment CyberVantage Security Consulting Services address risks and prevent major losses: $15.9M production loss 1 Regulatory liabilities up to $1.2M 2 1 Based on a 16.8 recovery-days model for a Denial-of-Service attack scenario, a 100mbpd refinery plant at gross refining margin of $9.45/barrel may record a US$15.9M production loss. 2 The same attack if resulting in an uncontrolled chemical reaction leading to a 4-month long pollution situation will incur further liability of a regulatory fine up to US$1.2M based on Texas maximum penalty for violation of oil and gas pollution of $10,000 per day. Policy and Procedures Secure Network Refresh Access Control Network Hardening Intrusion Detection and Prevention Firewall, Next Gen Firewall

6 cyber attackers. To reduce your attack surface, we identify weaknesses and implement best practices across people, processes and technology, improving your overall cyber security maturity. For companies new to security, we help design and author the right policies and guidelines, including how to develop and govern an industrial cyber security program. Providing advice, implementation and configuration services, we ll help put in place multiple safe layers of defense across your operations to reduce the risk of cyber incidents. These can include third party and Honeywell solutions such as firewalls, intrusion prevention systems, access control systems, risk management, secure remote access, and log management tools. Secure Network Refresh Burdened by obsolete systems and legacy software? We can perform the necessary inventorying and plans for a Secure Network Refresh. The CyberVantage Secure Network Refresh service helps industrial operators improve process control network (PCN) performance and security by replacing older and obsolete network equipment that is particularly vulnerable to cyber security attacks: Eliminating old or obsolete PCN switches, routers and firewalls that do not meet modern cyber security standards and therefore add to the vulnerability of the network and process operations Replacing out of support equipment that is not repairable, adding to the potential of longer downtimes in the event of a failure. Network Hardening Software systems behave differently depending on how they are configured and integrated with other systems in your industrial environment. Hardening services performed by skilled cyber security consultants security consultants follow the Center for Internet Security (CIS) industry standard to eliminate or reduce system vulnerabilities and develop or add to the security policy of the industrial systems. When performed by experienced personnel, network hardening services help mitigate risks and improve compliance. Endpoint protection Our comprehensive services for endpoint protection aim to eliminate entry points for security threats. From identifying and closing down open ports, to application whitelisting, antivirus and patching, we offer comprehensive services to protect users from intrusions. Honeywell s unique USB security insights and experience with end node hardening set us apart from stand-alone endpoint product implementers, as does our sensitivity to work performed in proximity to, or interdependent with, live operational networks. Situational awareness With the rapid proliferation of threats and more sophisticated attackers, ongoing vigilance is essential. Our monitoring, inventory and risk management services layer in safeguards and regulatory compliance checks. Since even the most secure system can be undermined by the actions or failures of individuals to follow safe practices and procedures, Honeywell provides comprehensive, flexible training options. Increase cyber risk awareness and drive best practices through your organisation through a variety of courses that can be built to meet your precise requirements. Better yet, experience simulated attacks first hand through our global Industrial Cyber Security Centers of Excellence. We continually update and expand our service offerings to support your needs for increasing situational awareness across your facility, fleets, sites, personnel, and data. If the inevitable happens Adversaries and attack technologies are always changing. Planning for a cyber incident can help ensure critical data is backed up, systems can reboot more quickly, and personnel can act effectively and efficiently in the moment. Our Response & Recovery services promotes organizational readiness. Our experts can review your process, policy, and people roles to plug the holes that attackers exploit. And they can implement backup systems to ensure the impacts of data losses are minimized. We also provide forensics and analytics services, tapping into our 200+ cyber security experts working in the field every day to get you back up and running.

7

8 Strength and Depth: CyberVantage Services CyberVantage Security Consulting Services customers benefit from our: Ongoing investments in developing cyber security insights and expertise Worldwide reach Support for third party hardware, software and services Wide portfolio of cyber security software and solutions. Honeywell Centers of Excellence Honeywell Industrial Cyber Security Centers of Excellence (COE) provide state-of-the-art facilities and specialized technical personnel to help you simulate, validate, and accelerate your industrial cyber security initiatives all in an exciting setting with world-class demonstration capabilities. With our COE resources, you can save time, develop more efficient solutions, and avoid costly security mistakes as you improve your organization s industrial cyber security maturity Honeywell COEs specific to industrial cyber security are currently available in Atlanta, Georgia (USA), Dubai (UAE), and Singapore, and are open to any customer or interested party around the world. Our COE footprint continues to expand to meet customer needs: Safe off-production ICS test bed State-of-the-art ICS equipment Skilled expertise in control systems and ICS security Group ICS security training facilities (varies per location). CyberVantage Managed Security Services In addition to consulting services, Honeywell provides CyberVantage Managed Security Services for 24/7 remote monitoring of industrial systems to detect threats and identify vulnerabilities. With facilities in Houston (USA), Bucharest (Europe), and Singapore, customers have access to cyber security experts for continuous security and performance monitoring and delivery of patches and antivirus updates to their systems. Customers gain complete peace of mind, putting their cyber security in the hands of leading experts with the most advanced solutions. Why Honeywell? 50 years experience in industrial automation 15 years OT cyber security expertise 100s of cyber security projects every year 3 Industrial Cyber Security Centres of Excellence 200+ cyber security experts globally 1 stop for your automation and cyber security needs. Safe on site Combination of operational systems knowledge together with industrial cyber security skills

9 Honeywell s ICS Shield TM platform for cyber security operations provides a centralized solution to simplify and deliver ICS security. Providing top-down ICS and DCS security management, ICS Shield automates an integrated approach for deployment and enforcement of plant-wide security controls: Detect and discover what s on the network Connect with secure remote access to field assets for personnel, third-parties and machines Protect with unified and automated policy management processes Scale with multi-site, multi-vendor deployment, with all sites connected to the security and operations center via Honeywell s Secure Tunnel. Industrial Cyber Security Risk Manager is the first solution to proactively monitor, measure and manage cyber security risks in industrial environments. Consolidating cyber threat and vulnerability data into a single view, Risk Manager promotes better decisions about cyber security and enables industrial operators to focus on the key risks to their enterprise. With Enterprise Risk Manager (ERM), Risk Manager users can gain real-time visibility of over 20 different Risk Manager sites in a single dashboard at the Level 4 Business Network. Secure Media Exchange (SMX) reduces the cyber security risk and operational disruption from removable media and USB ports. Managing USB ports across any industrial facility against cyber risk and unauthorized usage, SMX verifies the security of removable media and logs its usage in the plant. Plant owners and operators gain unprecedented control and visibility into the secure use of removable media, reducing cyber risk to process control networks globally. Advanced Threat Intelligence Exchange (ATIX), Honeywell s secure, hybrid-cloud threat analysis service, fuels SMX for evergreen threat updates across your enterprise. Third party partnerships As well as its own comprehensive portfolio, Honeywell partners with some of the leading players in cyber security. These partnerships enable us to bring customers the best tried and tested offerings that work seamlessly with our own and third party solutions in the OT environment: McAfee and Symantec Anti-Virus programs and software patches, supported for Microsoft OS, Adobe Products and Control System Cisco secure hardware to build your wireless infrastructure, including wireless access points Palo Alto Networks next-generation firewalls for unrivalled process network traffic monitoring and advanced threat prevention across the automation environment.

10 Why CyberVantage Security Consulting Services? Skilled resources to design and implement your critical industrial cyber security work -- Reduces risks of non-compliant work, which can trigger fines of up to $1.7M -- Enables competent implementation of key innovation strategies including digital transformation, Connected Plants, Industry 4.0 and Industrial Internet of Things (IIoT) On demand cyber security expertise -- Vital amidst cyber security skills shortages, 3.5 million unfilled cyber security positions by 2021 (cyber security ventures) - - Avoids anywhere from 7-10 years average team-building time with no need to train and manage inhouse staff

11 Customer Success Stories Global Critical Infrastructure Provider CyberVantage experts delivered a collaborative Technical Design Workshop to identify security needs across all company sites The delivered Reference Architecture and remediation work scoping has simplified visibility, management, and control of ICS security across sites Understanding critical infrastructure security level (SL3) and the latest industry standards has helped the customer clarify the path forward, saving them from costly mistakes and non-compliance. Binh Son Refining & Petrochemical Active monitoring and secure remote access has been provided to multiple remote sites for over eight years. Due to the success of this work, the company has expanded investments on Honeywell cyber security. PCN security updates are better managed and constantly kept up to date. Downtime has been reduced and the business is more responsive to issues before further deterioration. Secure remote support with full recording and audit trail of all activities allows for internal and external resources to safely perform work.. Greenfield Energy Facility in North America Strategic resources were needed to design a new facility network architecture to handle both current and future needs. Security overhead on the company s system administrators was reduced through security technology standardization across business units, enabling one centralized admin team Productivity increased as software was implemented to automate and simplify daily operational work, such as patching to close vulnerabilities or update anti-virus A formerly flat network has been replaced with a defense-in-depth design and segmentation that better protects assets based on risk prioritization. Honeywell Performance Materials and Technology Cyber Security Assessments helped locate gaps, and associated risks; and establish an overview of the cyber security posture. Automated patch and anti-virus definition delivery has significantly increased server and workstation security. Honeywell technology monitors, protects and logs use of USB removable media throughout the facility.

12 For More Information To learn more about Honeywell s CyberVantage Security Services, visit or contact your Honeywell account manager. Honeywell Process Solutions Honeywell 1250 West Sam Houston Parkway South Houston, TX Honeywell House, Arlington Business Park Bracknell, Berkshire, England RG12 1EB Shanghai City Centre, 100 Junyi Road Shanghai, China BR ENG I 09/ Honeywell International Inc.