When it comes to cyber security, there's no set it and forget it. Today's malicious probes, intrusions and attacks don't just multiply, but constantly shift and evolve. This means cyber security solutions must also continuously update their awareness, coverage and responses to shield their users.
This can be a scary environment, especially for operators and managers responsible for process control systems. Luckily, with help from powerful allies like Honeywell Process Solutions, they can access a wealth of expertise and the latest cyber security solutions for protecting their applications, personnel and facilities.
"Hackers don't ask permission before taking control, and cyber attacks are happening all the time worldwide, so we need to understand how they work to protect our customers' networks, whether it's from customized malware, illegitimate access credentials bought on black markets, new zero-day threats or malware that can change itself and delete its tracks," said Eric Knapp, global director of cyber security solutions and technology at Honeywell.
"These threats are increasingly targeting process control systems and applications, but Honeywell's team of cybersecurity experts and worldwide research labs – aided by cloud-based monitoring systems – can help monitor primary attack vectors and help users to respond. For example, while many networks are more secure than in past years, increased use of removable media is enabling more malware to come in on USB drives."
Knapp spoke during the Tuesday’s keynote session and presented "New Thinking for a Practical Approach to Cyber Security" this week at the Honeywell Users Group Americas 2016 in San Antonio.
New security tools
To combat the threat of malware on USB sticks, Knapp reported that Honeywell is introducing its Secure Media eXchange (SMX) software and device, which let users plug in a USB stick, scan and remove any malware, and update their plant’s Risk Manager and other colleagues. "SMX allows users to examine removable media before allowing it to come into their plant," said Knapp.
Beyond developing new and ongoing cybersecurity solutions, Knapp emphasized it's also crucial for Honeywell and its customer to partner with other cybersecurity providers to develop the most useful protections. "Zero days and other malware evolve faster than any responses, and so our research lab has been working with Cisco, Intel, Tofino, Palo Alto Networks and others to develop a unique and effective cyber security approach, as well as the broadest range of cyber security products and services," he added. "These include offering cybersecurity audits and assessments, making architectures and product designs inherently secure, improving overall network security, protecting endpoints better, and offering remotely deployed cyber security services and management."
Knapp also announced the release Tuesday of a new version of Honeywell's Risk Manager software. "We've been working closely with Palo Alto Networks on how we could protect Honeywell's systems, and so Risk Manager now has Palo Alto's cutting-edge inspection technology inside," he explained.
Continuous security mindset
Beyond employing existing cyber security strategies and the latest solutions, Knapp explained that Honeywell is also helping customers develop the perspective they need to keep on addressing cyber security challenges in the future.
"We've all been talking about cyber security for a long time, and it's true that we're doing a lot well and better than before, but most cyber security efforts are still very reactive, such as using antivirus software, which is only as good as the electronic software signatures on which it's based," said Knapp. "We also have perimeter solutions like firewalls and intrusion detection software, which must be used, but they're typically static and reactive, too. Unfortunately, malware just evolves faster and finds new paths, and so Honeywell's cybersecurity team and labs research these trends, which helps produce solutions like SMX.
"We also take a risk management approach to cybersecurity to find the biggest bang for the buck, which is efficient because we focus on the highest-value areas. However, we must also find a way prioritize these high-priority cyber security tasks, and then develop a more future-focused approach to cyber security to protect against unknown threats. This means adopting cyber security software that updates several times per day or even several dozen times per day. This is what's needed to operationalize threat intelligence, and create solutions like SMX and Risk Manager. We're investing in out-of-the-box thinking at our lab in Duluth, Georgia, and finding new ways to infiltrate and manipulate control systems. We want to discover the next big threat, so we can protect against it."
Knapp added that many traditional, network-based threats have been addressed in recent years, and so more recent efforts are concentrating on cyber-physical systems. "Previously, many more networks had unsupervised Internet connections, and many of those vulnerabilities have been resolved," he added. "However, even though a user may have firewalls, demilitarized zones, antivirus and whitelisting software—and must still employ them—a physical vulnerability, such as an infected USB drive, can still make those barriers irrelevant."
Future cyber security efforts will depend on examining sensors, instruments, controllers and their networks more closely, and evaluating how they all work together to improve overall cyber security. "The best methods will likely be making all of them more cyber secure together,” Knapp said. “Along with increasing the awareness of users, it may require embracing the skills sets of hackers and turning them into good guys.”