By Gregory Hale
It is easy to fall into a level of despair when thinking about securing a manufacturing facility with the ancient control system, people running things the same way for years on end, no real security plan and no one ever really thinking they could be a victim.
It would be very easy to just throw your hands in the air and go out and become a bartender.
But it is not as bad as it seems, because it is possible to put the fate of the facility in the end user’s hands and not the attackers. At least Honeywell feels that way.
“Industry is embracing digital transformation and being connected,” said Jeff Zindel, vice president and general manager of Honeywell Industrial Cyber Security during a meeting at the Honeywell User Group Americas in San Antonio, TX. “They are realizing cybersecurity is important to allow them to do digital transformation.”
The threat of cyberattacks on industrial facilities is on the rise. US-CERT’s warning last week about Hidden Cobra from North Korea is a reminder of the world we live in. Add on top of that the average cost of an average attack is $21 million, which is up from $14 million the year before. In addition, there are four new malware attacks created every second.
The idea of planning ICS attacks is now easier than ever. It is possible to go out and purchase malware on the Dark Web. They even have help desks to offer attack help. And if you have enough funding, you can also hire people to attack.
Couple that with the lack of skilled cybersecurity professionals and that is a recipe for disaster. But it doesn’t have to be that way. That is one way managed security services comes into play.
That is where Honeywell can manage, through secure digital connections, the security from a security operations center.
“Instead of hiring people, which is difficult to do, they go out and bring us in,” said Mark Littlejohn, director of managed security services at Honeywell Process Solutions.
Through the managed services, Littlejohn said, they are able to monitor systems, patch systems, offer remote access and provide multi-vendor security, secure remote access and support, patch and anti-virus automation, security and performance monitoring, security device management and threat detection and vulnerability identification.
Managed security services is just one part of the Honeywell industrial security portfolio, along with professional consulting services, ICS Shield, and Industrial Cyber Security Software.
“We are providing a complete management platform,” Zindel said.
Through its ICS Shield, a manufacturer is able to “leverage insights from a plant level across multiple plant sites. We can provide visibility in all the sites at an individual plant level and across multiple sites,” Zindel said. “We can offer secure file transfer, asset discovery, inventory management and monitoring and alerts.”
This way it can become more efficient and cost effective, especially with the shortage of skilled security professionals, Zindel said. That is one reason why cybersecurity services and managed services are becoming more important and embraced.