By Gregory Hale
Yet another solid approach to security just hit the industry this week when Honeywell launched its Industrial Cyber Security Lab.
As security awareness skyrockets around the globe, users need to know what they have on their systems and how to protect themselves, but they also need to understand the business objectives behind a security solution. That is exactly where the lab comes into play.
“We want to leverage the lab to offer enhanced solutions helping (users) to move to a point to have security act as an enabler to drive profits and not be seen as a cost center,” said Jeff Zindel, global business leader for Cyber Security, HPS. “We know what works and does not work.”
“The threat is continuously evolving,” said Eric Knapp, director of technology and solutions at HPS. “Stuxnet was really the beginning and the threat has been evolving ever since.”
The Stuxnet campaign, as ISSSource reported, ended up conducted by the United States and Israel to disable the uranium enrichment plants outside Natanz, Iran, by causing the control system to run wildly out of control causing severe damage to centrifuges.
Security awareness is getting stronger and users need more understanding and education to ensure a secure environment. That is what HPS is looking to convey at the lab. Part of what the lab will offer is:
• Solution development and testing
• Simulated attacks
• User demonstration
“We can take a customer’s configuration and test it to make sure it is running securely,” said Mike Spear, global operations manager for industrial cyber security lifecycle solutions and services at Honeywell Process Solutions (HPS).
“We can demo and show real things,” Zindel added.
“(Users) can come here and they can see the various security controls,” Spear said. “They can see what works for them and find out what they need and what they need to do.”
The goal of the lab is to advance development and testing of new technologies and software. It can also replicate a user’s system and run it in the lab to test and find vulnerabilities, all while testing in a safe environment.
“We can do exercises like this in the lab and not cause a problem at the facility,” Knapp said.
Once they are able to find the vulnerabilities, then it becomes a matter of finding the correct solution.
“If I understand the vulnerabilities of a system, I can protect it,” Knapp said. “Conversely, if I know the vulnerabilities, I can exploit them.”
That is exactly what the bad guys are doing as attacks are on the rise and the sophistication levels continue to ratchet upward.
In a survey conducted by Ipsos Public Affairs last September on behalf of Honeywell, it showed over 75 percent of respondents from 10 countries said they feared cyber criminals could disrupt major sectors of the economy, and identified the oil and gas, chemicals and power industries as being vulnerable.
The Industrial Cyber Security Lab, located in Duluth, GA, includes a model of a complete process control network that Honeywell cyber security researchers will use for research, hands-on training, and to develop, test and certify industrial cyber security solutions. This lab will help accelerate development time of new cyber protection technologies and speed availability to users.