Honeywell's cyber security facility
21 July 2015
Honeywell's Industrial cyber security facility opened recently in the US. It aims to help companies develop a more offensive approach to cyber security and to make security a business enabler.
Honeywell’s Industrial Cyber Security Group has built on its existing process industry offerings with the opening of the Honeywell Industrial Cyber Security Lab in the US, to advance development and testing of new technologies and software to defend industrial facilities and operations such as refineries and manufacturing plants from cyber attacks.
According to reports from the US Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), cyber incidents on industrial targets in 2014 continued to increase and are up more than 25% since 2011.
The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT’s) has also stated that in 40% of reported incidents a lack of detection and monitoring capabilities led to experts not knowing how hackers intruded the system. A global survey on cyber security conducted by Ipsos Public Affairs in September 2014 on behalf of Honeywell found that more than 75% of respondents from 10 countries said they were fearful that cyber criminals could disrupt major sectors of the economy, and identified the oil and gas, chemicals and power industries as particularly vulnerable.
Honeywell has offered proprietary cyber protection software and technology for its process automation solutions for over a decade, during which time, the Honeywell Industrial Cyber Security group has delivered more than 1,000 industrial cyber security projects globally. “We have a successful history of providing cyber defence solutions for our industrial customers and this new cyber lab expands our capabilities,” said Jeff Zindel, global business leader for Cyber Security, HPS. “We will be able to validate new solutions faster in a variety of scenarios and increase our customers’ defences against the growing threat of cyber attacks.”
The new US-based lab includes a model of a complete process control network that Honeywell cyber security experts will use for proprietary research, hands-on training, and to develop, test and certify industrial cyber security solutions. The facility will allow engineers to develop security controls and test tools on a working model of a complete process control system environment to accelerate development and availability of new technologies aimed at eliminating the risks of industrial cyber threats and attacks.
Offering an overview of the facility, Mike Spear, global operations manager industrial cyber security, said: “ The laboratory will have three basic functions. Most importantly it will be used for solutions development and testing. It will also provide a vehicle for simulating attacks and also for penetration testing which cannot be achieved in a running process environment. We are now able to take a customer’s configuration system, place it in our environment and run tests to identify any vulnerabilities without affecting production.” The facility will also be used to offer customer demonstrations at the laboratory or virtually, to allow them evaluate real-time security solutions in a process control environment to ensure it meets their specific requirements.
“The laboratory contains everything from a Level 2 environment – the control level, all the way up to Level 4 environment – business control. All levels incorporate multiple nodes and hardware to represent the DCS and a variety of security controls. “For each security control layer we have a minimum of two solutions from leading partners which allows us to provide customers with a choice, based on their risk tolerance and budget to offer a complete replicated process control system.”
With the new facility Honeywell aims to help customers move from what is for most a defensive posture today, towards a more offensive approach, helping them become more proactive as well as dynamic in the way in which they measure cyber security risks, identify vulnerabilities and threats and implement control solutions, policies and procedures as well as technologies. “Rather than addressing cyber threats or activity one at a time we can help implement continuous solutions which are integrated across the technology platform and across their policies, procedures and organisation. We want to help customers, ultimately, to move to a point where security becomes a business enabler and where it can drive productivity and profits and is no longer viewed as a cost,” concluded Zindel.
Contact Details and Archive...
Most Viewed Articles...