Assessing cyber security risk in real-time
30 November 2015
Suzanne Gill reports on the need for plants to employ a continuous and ongoing cyber security solution and looks at a real-time software solution that automates the task of identifying risk.
Managing risk related to cyber security vulnerabilities is a vital requirement for today’s industrial processes, many of which now implement open networks. This means that publically available search engines, such as Shodan, make it a simple task for possible attackers to identify any industrial control systems (ICS) and devices are connected to the Internet.
The SHINE (SHodan INtelligence Extraction) study has already demonstrated the vulnerabilities of many industrial infrastructures by using the search engine to identify millions of unsecured internet-facing SCADA systems and devices that are utilised as part of mission-critical operations.
Despite the obvious vulnerability of so many processes, according to Honeywell, cyber security risk management in ICS is still lacking. It says that the tools and methods being used by IT cyber security professionals for managing network risk are not being fully adopted by ICS engineering and operations teams. Further, those with industrial legacy systems are ignoring best-practices, avoiding patches and virus protection updates for fear of jeopardising plant stability.
Safdar Akhtar, director business development, cyber security for Middle East & Africa for Honeywell Process Solutions, explained that Honeywell has many customers in the Middle East who have already experienced the effects of cyber security breaches which led to the company gaining an early understanding about the requirements for a successful cyber security solution and it has been offering solutions for many years.
Honeywell has also recently taken a further step and opened the world’s first cyber security laboratory in the US which allows it to monitor and create solutions to both global and local cyber threats as they emerge, helping ensure continuous plant protection for its customers and allowing them to move from a defensive approach to a more proactive one. The facility includes a model of a complete process control network which is used for research, hands-on training, and to develop, test and certify industrial cyber security solutions. The laboratory is being used for solutions development and testing and to simulate attacks as well as for penetration testing which cannot be achieved in a running process environment.
A six life cycle programme
“Honeywell addresses end-to-end Industrial Cyber Security Solutions around people, process and technology into a six life cycle programme, all of which needs to be continuously initiated,” said Akhtar. “The first life cycle is to conduct an assessment and audit. It is important to know how the site works and how controls are laid out. Assessment and audits identify and prioritise the biggest risks, finding which systems and devices are exposed and most vulnerable in a plant environment to uncover passive attacks.
The second life cycle, architecture and design, promotes stronger cyber security design by implementing zones and conducts to minimise the impact of an incident. The third life cycle, network security, is a fully optimised network security solution which makes systems difficult for a hacker to get into and – if they do gain access – will put into action what needs to be done. In this life cycle, Honeywell secures plants using the latest technology, such as firewalls, intrusion prevention, access control and policy development.
The fourth life cycle, endpoint protection, is designed to identify which PCs and servers are vulnerable to threats, and also to determine if the proper access controls are in place. In this life cycle, Honeywell provides tested and approved patched, end-node hardening, portable media and device security. “In an industrial environment many of the accepted standard applications on the network system will not be needed so these should also be disabled,” advised Akhtar. “This helps increase system reliability and network availability.”
The fifth life cycle, situational awareness, helps organisations remain vigilant with limited resources. It also helps them to understand what is happening, what is at risk, why and knowing what to do, if or when an incident does occur. This life cycle includes compliance and reporting, awareness training and managed services along with security information and event management.
The final parts of a cyber security programme will be reporting, which demonstrates what the network looks like and demonstrates that all local and application standards and requirements, in relation to security, have been met. It is also important to instigate ‘back-up systems and restore capabilities into the system to ensure that it is possible to reset the system in the event of a security breach.
“Once instigated, all the different elements of a cyber security programme will need to be continually reassessed because the plant and cyber threats change and evolve rapidly.” Akhtar continued. “The biggest barrier that needs to be overcome when considering cyber security plans is for those involved to understand that dealing with cyber threats demands a continuous initiative. Every day new and ever more sophisticated threats are being identified so it is vital to stay one step ahead of any emerging threats.”
The sixth life cycle, response and recovery, helps with recovery when an incident occurs to regain safety and reliability. Honeywell is able to help its customers in this respect, as it has the knowledge and capabilities to offer a remote managed cyber security service that continually monitors and assesses developments across the globe. “Cyber security must be more than simply installing a firewall,” continued Akhtar. “It is important to create an environment that continually tests and updates the system to counter potential attacks in real-time.
Recent ARC research backs up Honeywell’s claims that operator awareness and support for cyber security programmes remains a problem for many industrial companies and has stated that risk management should form the foundation of an effective industrial cyber security solution. However, it acknowledges that it is not possible to predict when or how a facility might be attacked. The dynamic nature of cyber risks makes its management particularly challenging, with new threats and vulnerabilities arising on a daily basis, which can quickly undermine the effectiveness of established defenses. As a result, cyber security risk management requires ongoing risk assessments and maintenance of cyber defenses.
ARC believes that Honeywell’s recently released Industrial Cyber Security Risk Manager addresses some of the biggest barriers to effective cyber security management. It is designed to help ensure that operators are always aware of their cyber risks and gives them the ability to direct resources to areas that require immediate attention.
The Risk Manager software solution collects information in a similar way to traditional security information and event management products, but goes one step further and converts the information into something that operators can understand and act upon. It provides notifications and alerts whenever security risk issues arise, with a dashboard designed to help operators understand the extent of a risk and what actions are required.
The solution continuously collects security information on an ongoing basis from cyber devices across the plant to provide information on endpoint security, network security, patch status, and backup status which can then be used to assess the risk posed by cyber attacks.
“With Risk Manager we are now able to offer a tool that enables companies to continuously assess cyber threats in real time 24/7 providing them with a proactive cyber security solution,” said Akhtar. This has also removed the need for engineers to become cyber security experts and can help them to better prioritise and focus their efforts on managing risks that matter most, ensure reliable and efficient plant operation.
Contact Details and Archive...
Most Viewed Articles...