A litany of highly publicized cyber attacks over the past several years clearly demonstrates that the threat to industrial IT and control systems is rising, both in terms of sophistication and specificity.
For would-be attackers, technology costs are decreasing, network connections are multiplying and information sharing has grown, said Jeff Zindel, global cyber security business leader for Honeywell Process Solutions, in his keynote address to more than 1,000 delegates from Europe, the Middle East and Africa (EMEA) gathered for the company's regional Honeywell Users Group (HUG) meeting, November 4-7, in Nice, France.
Also Read: A Shared Stake in Customer Success
"Crooks first learned they could make money from spamming, then credit card fraud, identify theft and cyber espionage," Zindel said. "It's become a profitable and thriving industry over past couple years--the bad guys are winning and we must take action."
Honeywell can bring to bear significant domain expertise and industry experience on behalf of its user base, Zindel added. "We provide a full range of cyber security solutions--from consulting services to turnkey execution--that are cost effective, practical and flexible," he said.
And while Honeywell has done much to build security into its current generation of systems, including standing alone as the only automation company to have its control and safety systems independently certified to the ISASecure benchmark, "Embedded security in products is not enough," Zindel stressed. Honeywell also provides the continuous monitoring services, both on site and remote, to help detect and ameliorate intrusions, Zindel said.
"A paradigm shift is required," Zindel added, explaining that cyber security must be treated as a continuous program, not as an event or series of events. "Building a fortress is not enough. Hard shells and air-gapped islands are being compromised--even a turtle has a soft underbelly."
Zindel further recommended that users take a proactive, holistic approach to cyber security that encompasses people, processes and technology. "Implement policies and procedures with the rigor of a safety program," he said. "Identify vulnerabilities, take steps to reduce risk, benchmark and measure performance, and strive to continuously improve."