- November 21, 2017
- Honeywell Industrial Automation & Control
By Bill Lydon, Editor, Automation.com
Cyber security remains a prominent concern for many organizations as we continue to move towards a connected industrial future. In this vein, Honeywell recently made a big commitment to Industrial Cyber Security at the 2017 Honeywell Users Group Americas,
By Bill Lydon, Editor, Automation.com
Cyber security remains a prominent concern for many organizations as we continue to move towards a connected industrial future. In this vein, Honeywell recently made a big commitment to Industrial Cyber Security at the 2017 Honeywell Users Group Americas, in June. Jeff Zindel, Vice President and General Manager, Honeywell Industrial Cyber Security for Critical Infrastructure & IIoT and his staff sat down at a private briefing to discuss the effort. “This has been an unbelievably great year for the industrial cyber security business…great advancements,” Zindel opened, “We truly believe Honeywell is the leading provider of industrial cybersecurity solutions and provide a comprehensive set of end to end cybersecurity solutions, services, technologies, and ongoing support focused on industrial critical infrastructure protection”. With Zindel’s described resources including over 150 cybersecurity professionals that are also supported by many other engineers and experts, Honeywell seems off to a good start.
Honeywell industrial cybersecurity’s consulting services combine engineering analysis with their accrued knowledge and knowhow of process control. Leveraging an encrypted Secure Connection service is designed to provide security features such as:
- Protection Management
- Continuous Monitoring and Alerting
- Intelligence Reporting
- Perimeter & Intrusion Management
“We are helping customers continuously monitor what is happening within their process control networks, looking for cyber security vulnerabilities,” explained Zindel, “We are helping them actively manage firewalls, intrusion detection systems, in a range of other items.”
Hands-On Training in Cyber Centers
One such resource that Honeywell leverages is the Honeywell Industrial Cyber Security Labs, which have experts conducting hands-on training, proprietary research, as well as developing, testing, and certifying industrial cyber security solutions, and managed solutions. The first lab was opened in Duluth, Georgia and features a complete Honeywell Distributed Control System (DCS). The company has also built a new industrial cyber security center of excellence (COE) for Asia Pacific in Singapore, which is opening at the end of 2017, and is opening a similar facility in Dubai.
The Nextnine Acquisition
One frequently mentioned aspect of Honeywell’s cybersecurity efforts was the recently announced acquisition of NextNine. Zindel believes that “the Nextnine acquisitions is a tremendous add to our portfolio”. This addition of Nextnine's security solutions and secure remote service capabilities are intended to enhance the existing range of cyber security technologies and significantly increase Honeywell's Connected Plant cyber security customer base. Nextnine's ICS Shield protects industrial sites from cyber security attacks, enables remote monitoring of assets and is used at more than 6,200 sites globally across the oil and gas, utility, chemical, mining and manufacturing sectors. Previously, ICS Shield had to be deployed separately for each control system vendor, resulting in multiple and separate installations at a single customer site. With this acquisition, customers will be able to deploy and operate a single system, with the aim of simplifying, and better securing their entire site with Honeywell's capability to provide multi-vendor solutions.
USB Security with Secure Media Exchange (SMX)
Another pillar of Honeywell’s cybersecurity portfolio, their Secure Media Exchange (SMX) was also demonstrated at HUG 2017. The SMX protects against current and emerging USB-borne threats, securing open USB ports from non-checked devices like smart phones and other removable media. It offers additional threat intelligence through Honeywell’s Advanced Threat Intelligence Exchange (ATIX) cloud, which is designed to reduce the potential attack window and minimize site labor to maintain updates. The reason for this, as Eric Knapp, Honeywell’s Chief Engineer for Cyber Security Solutions and Technology emphasized, “The largest attack vector now is USB media.” To make this all work, a low level code is installed at the kernel level on a facility’s computers that will only allow USB files certified by Honeywell’s Advanced Threat Intelligence Exchange (ATIX) to be accessed. Using SMX only requires inserting a USB drive into the Secure Media Exchange (SMX) Terminal.
Industry Awareness of Cyber Security
The industry has seen a relatively slow adoption of cybersecurity solutions, but from Honeywell’s point of view, this seems to be changing. “We are starting to see significant change as reflected in our backlog and request for proposals, that is growing dramatically,” noted Zindel. He described a number of things that may have created greater awareness, starting with the Sony attack that brought cyber security concerns to the highest level of companies management and boards of directors. This further intensified with the WannaCry ransomware worldwide cyberattack, one that demanded ransom payments in the Bitcoin cryptocurrency and was highly publicized. “We have seen a significant increase in requests for mitigation, remediation, advanced cyber security controls,” shared Zindel, “The pressure is coming from the top down in organizations.”
Touching on the IT/OT Gap
He then touched on recent discussions centering around the divide between Information Technology and Operations Technology groups. Zindel notes that he is seeing a change among organizations. “Big change happening is we are engaging with CIOs; VPs of IT and we are helping to close that gap,” discussed Zindel, “In the most advanced customers we are working with, the CIO is very involved in operations to control the plant.”
Bill’s Thoughts & Observations
During the opening of the 2015 Honeywell Process Solutions (HPS) Industrial Cyber Security Lab in Duluth, Georgia, Zindel then stated that Honeywell was committed to building a significant set of cybersecurity solutions and services. Since that time, under his leadership, the company has been backing up that commitment and has been building out an impressive cybersecurity business.
- Outsourcing Cyber Security Services
- Cyber Breach Insurance for Manufacturer Loss Protection
- Industrial Cyber Security Compliance & Enforcement
- Cyber Security Lessons from a Military Leader
Did you enjoy this great article?
Check out our free e-newsletters to read more great articles..Subscribe