Lifecycle Solutions & Services. Managed Industrial Cyber Security Services

Transcription

1 Lifecycle Solutions & Services Managed Industrial Cyber Security Services

2 Around the world, industrial firms and critical infrastructure operators partner with Honeywell to address the unique requirements of cyber security in process control environments. Honeywell s broad expertise encompasses automation assets and their integrated communication networks a distinct advantage in control system security.

3 Secure Industrial Control Systems and Mitigate Risk with Honeywell s Managed Industrial Cyber Security Services. With cyber security management tools specifically designed for the process control domain, Honeywell s suite of technology infrastructure services helps secure the various aspects of a customer s Distributed Control System (DCS). These services include an array of security defenses integrated to protect the network, workstations, applications, and process equipment. Supervising the operation of the DCS, Honeywell s sophisticated analysis and reporting solutions provide the insights needed to quickly ascertain the status of critical control system assets. This approach results in enhanced operating system security, stability and reliability, ultimately contributing to improved production and safety for complex industrial plant domains.

4 Best Practices for Managing Industrial Control System Security. With the rising threat of industry focused malware, your Industrial Control System (ICS) is vulnerable to attack, disruption and damage. Cyber attacks on plant automation systems have not only increased, but they have grown more sophisticated in recent years. From targeted information gathering and theft, to elimination of crucial data, these intrusions represent a real and present danger to plant productivity, reliability, and safety. For Industrial Sites, Vulnerabilities Can Include: Connections between the corporate IT network and Process Control Network (PCN) Unsecured access for maintenance or 3rd party contractors or vendors Removable media brought into the site including USB drives, external hard drives, and CD/DVDs, as well as laptops and smart phones Out-of-date malware signatures Obsolete or unpatched operating systems Inadequate firewall configurations Unauthorized network activity

5 Honeywell has developed a complete portfolio of Industrial Cyber Security products and services specific to the needs of your control network. These solutions form a cyber defense foundation and operate to safeguard both the business and human interests of the process control environment. Managed Industrial Cyber Security Services Protecting plant operations requires not only robust firewalls, but also additional security measures and defenses. Honeywell s Managed Industrial Cyber Security Services address the security of your ICS and plant assets and include: Secure Connection Secure, customer initiated communication tunnel for services. Honeywell s Managed Industrial Cyber Security solutions provide the services and information needed to reduce the risk of security breaches and manage the essential elements of your process control infrastructure. Intelligence Reporting Delivers insights into the operation and cyber security status of DCS components and the PCN. Continuous Monitoring and Alerting Provides 24/7 monitoring of system, network and cyber security performance and automated alerting against thresholds. Protection Management Provides Honeywell-tested and approved patches and anti-malware definitions. Perimeter and Intrusion Management Offers firewall support, and Intrusion Protection System (IPS) implementation and management.

6 Secure Connection Honeywell s Secure Connection is a secure, customer-initiated connection to Honeywell s Security Service Center (HSSC). It features a certificate-based, bi-directional, two-factor authentication process to create an encrypted tunnel, protecting data even through the site s corporate network. Honeywell s Secure Connection functions very much like a castle s drawbridge. If the site chooses to connect to Honeywell, the drawbridge can be lowered or raised, with the site retaining control of the connection. Honeywell can request, but not initiate a connection. When a site launches Honeywell s Secure Connection, an authenticated, encrypted Virtual Private Network (VPN) is established. This VPN can terminate solely at the HSSC. Only upon creation of a secure connection by the site, can Honeywell then communicate via the Secure Connection tunnel. Under complete site control, the Secure Connection features easy-to-configure security policies dictating the connection frequency to Honeywell s HSSC. Configuration as either an automatic or continuous connection enables the efficient sending of alert conditions for prompt attention. Manual connections, initiated solely by authorized site personnel, may alternatively be selected at any time. Secure Connection security policies can be set to allow the HSSC to view connected devices, including Experion control systems, on the site s PCN for faster identification of potential issues. Configuration can also be set to enable additional diagnostic routines should certain system problems be detected, providing more information on the root cause of an issue. All Secure Connections and actions are captured and recorded with a full, non-optional audit. Leveraging the non-optional audit trail, the Secure Connection can serve as a single point of access for third-party vendors and contractors if desired. Providing policy-based, controlled communications with a record of all actions, the Secure Connection can be a useful tool in tracking third-party activities. Honeywell HSSCs are the only termination points for Honeywell Secure Connect tunnels. Currently, there are centers in Europe and the U.S. for global support. These facilities have added physical and cyber security controls and monitoring in place for secure, encrypted, customer communications. Access is restricted to certificate-authenticated engineers and is tightly managed by Honeywell Service Center personnel. Intelligence Reporting Visibility into the cyber security environment of control networks is a critical element for an effective defense. A robust cyber security strategy requires not only deploying multiple defenses, but also monitoring the security conditions of the network itself. With more sophisticated attacks evading common detection processes, it is crucial to know individual network element trends in order to detect and respond to possible breaches. Honeywell s advanced intelligence technology transforms masses of system statistics into actionable trends. This powerful management reporting solution provides both critical site information and predictive hardware analysis, as well as details on current cyber security vulnerabilities and attacks.

7 Honeywell s Intelligence Reporting capabilities help you stay ahead of potential attacks and take quick protective action when needed. Our system currently provides both quarterly and weekly performance reports. Leveraging statistics presented by Honeywell s Secure Connection, the reports include summaries and charted trends of network and system events. The reports also identify degrading conditions, and predict hardware vulnerabilities. The information also functions as a key source of formatted compliance-related data, all streamlined for quick, timely assessments to improve site and network security, performance, and management. Reporting information provides highlighted parameters, trends, and number of events per device for fast scanning and identification of equipment issues and possible threats. Reported critical information includes: Alerts and availability conditions for controllers, workstations, and servers Failed log-in attempts and credentials Installation status of anti-malware and OS patches on servers, workstations, and systems Security-flagged conditions such as CPU degradation, increased network traffic, firewall status and conditions, and backup availability. Honeywell s Intelligence Reporting highlights system and network actionable information from masses of equipment and network statistics to help plants optimize PCN management and security. Continuous Monitoring and Alerting Modern automation systems monitor and manage manufacturing equipment to optimize production efficiency. But what watches these distributed control systems? A DCS typically includes routers, switches, controllers, and Windowsbased servers and workstations, all communicating on the process control network. Monitoring the PCN, including all attached devices, is crucial not only for process orchestration, but also for the security of the entire site. Compromised security opens a plant to modification of processes and production mixes, potentially affecting the quality of the produced product. These modifications, ultimately stemming from poor ICS security, can result in reduced plant output, unsaleable products, or even far worse consequences. Honeywell s Continuous Monitoring and Alerting monitors the performance and health conditions of the PCN including controllers, servers, and workstations. If an event is detected, or if thresholds are exceeded, an alert is automatically generated. The alert thresholds are different for each system and device to provide accurate and useable event information. Should an alert condition be detected, an or SMS text alert message will automatically be sent to the contact (or contact alias) of the site 24/7 as part of the service. Additionally, alert messages may include attached troubleshooting techniques to help resolve the issue.

8 Protection Management All of Honeywell s Protection Management services include application testing on test bed systems emulating a customer s production environment. Testing and qualification of newly released patches and anti-malware files adds to system stability by identifying and restricting potential ICS conflicts before implementation on site. This helps take the worry out of updates, and customers are assured that installing Honeywell-approved releases will add to the reliability and security of their system. Honeywell s Industrial Secure Connection is used to provide automatic, encrypted delivery of all patches and anti-malware files. This method is designed to reduce the potential for tampering, contamination, or modification of files from transmissions or compromised hand-carried media. Malware Protection Formerly known as anti-virus programs, applications such as McAfee and Symantec are a critical piece of control system defense. These applications function to identify and block harmful code from running on Microsoft Windows operating systems, and work in conjunction with signature files identifying specific viruses, worms, spyware, and trojans. It is imperative that anti-malware programs remain up-to-date; each and every workstation and server should employ the latest release of malware signature files to help prevent intentional failures or deliberate application malfunction of the PCN. A single unprotected piece of hardware has the potential to spread malware and jeopardize other networked devices, with some malware enabling backdoors for unauthorized access to the system. Malware can also include root kits to hide in an operating system to escape detection. Honeywell s Protection Management service includes qualified anti-malware files with encrypted delivery to ensure signatures have not been compromised or contaminated. Installation of current, Honeywellapproved signatures will help keep malware and its potential effects out of the ICS.

9 Operating System Patch Management Operating System (OS) patch software is necessary to update a computer s program to fix problems, or more frequently, to close discovered security vulnerabilities. These vulnerabilities are akin to an open door that allows malware to enter. Patch installation closes this door and complements anti-malware programs. Suppliers of operating systems such as Microsoft Windows release patch updates for their software. Too often, however, patch installation takes a lower priority at industrial sites due to time and personnel constraints. Additional planning to accommodate the occasional dreaded reboot is also required. Nevertheless, installation of these patches helps block multiple malware vulnerabilities to reduce system breaches, prevent unauthorized shutdowns, and keep control systems operating properly. Control System Patch Management Honeywell DCS updates are custom-built and based on each site s configuration. Our industrial controls experts determine the specific software needed for each customer location, and only that selected software is sent. This custom software load has no extraneous elements or unnecessary code. The result is a reduced cyber attack profile, and improved system efficiency, reliability, and security. Optional On-Site Patch Deployment On-site patch installation service is available from Honeywell using our technical field experts. Coordinating with site operations, Honeywell technicians will manually patch the designated PCN with the latest tested and approved software releases. Honeywell extensively qualifies all operating system patches on custom test beds before release to our customers. This non-trivial approach is done so that there are no unexpected control system consequences as a result of a patch installation. Additionally, file integrity is maintained through encrypted Secure Connection delivery. These enhancements support continued process stability and production at plant facilities.

10 Perimeter and Intrusion Management Protecting the productivity, reliability, and safety of the plant is of paramount importance. Firewalls are the first line of defense to keep unwanted traffic and potential attackers out of the ICS network. With improved processing speeds and reduced latency, today s high-performance firewalls can now also be deployed between process control levels or zones as additional defensive elements around the process equipment core. An Intrusion Prevention System (IPS) complements firewalls by examining traffic that has made it onto the internal network. It analyzes both the data packets and the network traffic flow and compares these to the patterns, or signatures, commonly seen with malware. Utilizing sophisticated behavior analysis, an IPS monitors and protects the internal network from malware or attacks that may have been well hidden in other legitimate applications. Ideally, firewalls and Intrusion Prevention Systems should be used together to block and remove security threats from process control networks. It is important to remember that firewalls and IPS technology only work well when properly configured and consistently maintained. Honeywell s Perimeter & Intrusion Management expertise provides the appropriate configurations, custom definitions, and ongoing monitoring required for the industrial manufacturing environment adding real security to plant systems and operations. Honeywell-managed firewalls and Intrusion Prevention Systems form a critical barrier, functioning to secure key areas and strengthen ICS defenses. Firewalls, IPS, anti-malware, and patches each have different protection approaches, and Honeywell strongly recommends that all four be deployed and kept up-to-date for optimum PCN protection. Benefits of Honeywell s Managed Industrial Cyber Security Services Honeywell s Managed Industrial Cyber Security Services combine leading engineering analysis with the industrial expertise essential in process control environments. Leveraging an encrypted Secure Connection, the services provide Protection Management, Continuous Monitoring and Alerting, Intelligence Reporting, and Perimeter and Intrusion Management. Additionally, Honeywell s system and security professionals offer the experience and expertise you can rely on to assist you in managing your site s cyber security and system requirements. Honeywell s Managed Industrial Cyber Security Services are designed to provide the requisite tools, services, and solutions needed to lower the risk of security breaches and improve the management of your PCN. With Honeywell s Managed Industrial Cyber Security Services, industrial organizations and critical infrastructure sites can achieve unparalleled visibility and control into the system and cyber security conditions of their control network infrastructure.

11 Additional Honeywell Products and Services Honeywell provides a full range of products and services to help customers manage and secure their industrial control systems. Leveraging our industry leading process control and cyber security experience, our expertise, and technology, Honeywell delivers proven cyber security solutions designed for the specific needs of process control environments. Our cyber security solutions include secure architecture analysis, design and optimization, security assessments and audits, policy development, operational security controls and training, network security, endpoint protection, and response and recovery services. These solutions help protect the availability, safety and reliability of industrial control systems and plant operations. Honeywell Industrial Cyber Security Solutions Response & Recovery Situational Awareness Assessments & Audits PEOPLE PROCESS TECHNOLOGY Architecture & Design Network Security Endpoint Protection

12 For More Information To learn more about Honeywell s Managed Industrial Cyber Security Services, visit or contact your Honeywell account manager. Honeywell Process Solutions Honeywell 1250 West Sam Houston Parkway South Houston, TX Honeywell House, Arlington Business Park Bracknell, Berkshire, England RG12 1EB Shanghai City Centre, 100 Junyi Road Shanghai, China BR ENG October Honeywell International Inc.