While cyberattacks on industrial infrastructure continue to escalate both in frequency and sophistication, many facilities simply lack the skilled manpower and bandwidth needed to properly assess and implement—much less monitor and maintain—an appropriately robust cyber defense.
Indeed, an honest accounting of the time, effort and costs attributable just to timely patching and antivirus updates—much less potential safety, downtime and regulatory compliance implications of a breach—reveals that for many organizations outsourcing some aspects of one’s cyber defense makes sense financially and from a risk-management perspective.
Leveraging its acquisition last year of remote connectivity specialist NextNine, Honeywell has continued to build out the industry-leading range of managed cybersecurity services it can provide on behalf of its customers, including those with a heterogeneous mix of automation solutions from different suppliers.
“The idea behind our CyberVantage Managed Security Services is to deliver a consistent approach to cybersecurity practices,” said Mark Littlejohn, global leader, managed security services for Honeywell Industrial Cyber Security, who discussed the company’s cybersecurity offering at this week’s Honeywell Users Group Americas in San Antonio. “Plus, we provide a team of specialists that can help you out, make sure you’re successful,” Littlejohn said.
The company’s team of cybersecurity specialists now number more than 200, and with the recent opening of a third operations center in Singapore (in addition to Houston and Bucharest), the company can now provide manned, 24x7 support for its customers around the world—including some 400 sites that already are active subscribers.
Secure remote connectivity for the company’s services are provided by ICS Shield, Honeywell’s top-down OT security management platform for remotely securing Industrial Control Systems (ICS)/SCADA environments. Based on NextNine technology proven in more than 6,500 installations over the past 15 years, connectivity is provided by a local Virtual Security Engine (VSE) that routinely polls the Security Center back at the Honeywell operations center. If the VSE discovers that a patch download or connection request is pending at the Security Center, the VSE then initiates a secure outbound tunnel to the Security Center. Because the VSE never accepts an inbound connection, a high degree of security is maintained.
The new CyberVantage Managed Security Services now available over this secure connection include:
- New Threat Detection and Vulnerability Identification – Honeywell collects, monitors, alerts and reports on customer Security Information and Event Management (SIEM) log data, providing expert threat correlation and analysis in combination with an intrusion detection solution.
- New File Transfer Service – Honeywell securely connects and transfers plant information to customer-designated sites or to third-party cloud providers. The security and operational data can then be safely reviewed by experts to uncover plant productivity, reliability and availability insights. Honeywell site-to-site transfers provide added security controls and policies, as well as encryption, offering an alternative to less secure corporate intranet shares.
- Expanded Security Device Management – Honeywell cyber experts help install, configure and manage security devices to support in-house engineering teams, now adding ICS Shield to existing firewall, IDS/IPS, Honeywell Risk Manager and Secure Media Exchange offerings.
- Expanded Multi-Vendor Support – Honeywell cyber experts perform ongoing security services to manage across multiple vendor systems and multiple sites. Multi-vendor support is now available for interactive activity and trend reporting, secure remote access and support, automated patch and antivirus updates, and continuous security and performance monitoring.
“A key aspect of the Honeywell approach is that all these services are provided through a single, secure, outbound-only connection – IT can close down all other ports,” stressed Littlejohn. "As a former chief cybersecurity officer for a refining company, this approach is extremely appealing to me.”