ammar alzaher honeywell industrial cyber security
TRANSCRIPT
© 2015 by Honeywell International Inc. All rights reserved.
www.becybersecure.comHONEYWELL INDUSTRIAL CYBER SECURITYAmmar Alzaher
2017
© 2015 by Honeywell International Inc. All rights reserved.
Agenda
• Introductions
• Why Honeywell
• Solutions Overview
• Managed Services
• Cyber Security Lab
• Risk Manager
• Secure Media Exchange (SMX)
• Wrap-up / Q&A
2
© 2015 by Honeywell International Inc. All rights reserved.
Speaker
Ammar Alzaher is Business development Manager of
Industrial Cyber Security for Saudi, Bahrain and North Africa.
He carries 10 years of experience in the industrial automation
sectors where he worked closely with end users and
corporate accounts. Ammar received his BS of Computer
Science and Engineering from King Fahad University of
petroleum and Minerals, Saudi Arabia.
3
In progress…
© 2015 by Honeywell International Inc. All rights reserved.
Industrial Cyber Attacks & Incidents Are Rising
4
Information Stealer Malware
Worm Targeting SCADA and Modifying PLCs
Virus Targeting Energy SectorLargest Wipe Attack
Virus for Targeted Cyber Espionage in Middle East
Worm Targeting ICSInformation Gathering and Stealing
Large-Scale Advanced Persistent Threat Targeting Global Energy
APT Cyber Attack on 20+High Tech, Security & Defense Cos.
Cyber-Espionage Malware Targeting Gov’t & Research Organizations
Industrial Control System Remote Access Trojan & Information Stealer
Security Bug and VulnerabilityExploited by Attackers
Threat Perception of Industrial Customers Will Continue to Grow
© 2015 by Honeywell International Inc. All rights reserved.
Threat Vectors
• Hackers
• Criminals
• Terrorists
• Employees
• Business Partners
• Sub-Contractors
• Software Components
• Network Components
• Technology Advances
• State Sponsored
• Natural Disasters
• Industry Regulations
Threat
Agents
© 2016 by Honeywell International Inc. All rights reserved.
6
• Information Security
• Cyber Security
• Cyber Resilience
Avoid Manage Accept Transfer
•Risk:-
Overview
© 2016 by Honeywell International Inc. All rights reserved.
7
• Cyber Crimes already cost businesses over $400
Billion/year (BIC)
• Average cost of a large company data breach is
$4,800,000
• Juniper research predicted by 2019, the annual
cost of data breach will reach $2.1 Trillion
Globally (4x 2015)
• Why is this happening?
• Years ago, teenagers OR Hacktivists
• Now days, Funded (Cyber Warriors)
• Our security technology is very good,
Attack our people and processes
Overview
© 2015 by Honeywell International Inc. All rights reserved.
Agenda
• Introductions
• Why Honeywell
• Solutions Overview
• Managed Services
• Cyber Security Lab
• Risk Manager
• Secure Media Exchange (SMX)
• Wrap-up / Q&A
8
© 2015 by Honeywell International Inc. All rights reserved.
Why Honeywell Industrial Cyber Security
9
Trusted, Proven Solution Provider
First to obtain ICS product security certification with ISASecure
Largest R&D investment in cyber security solutions and technology
Strategic partnerships with best in class security product vendors
Industry Leading People and Experience
Industry Leading Processes and Expertise
Industry Leading Solutions
Global team of certified experts with deep experience across all industries
Over 1000 successful PCN / Industrial cyber security projects
Leaders in security standards ISA99 / IEC62443 / NIST Cybersecurity Framework
Proprietary methodologies specific for process control environment & operations
Best practices developed through 10 years of delivering solutions
Comprehensive understanding of unique process control security requirements
© 2015 by Honeywell International Inc. All rights reserved.
Honeywell’s Expertise
Industry Leading Certifications
CISSP Certified Information Systems Security Professional
CRISC Certified in Risk and Information Systems Control
CISM Certified Information Security Manager
CISA Certified Information Systems Auditor
CCIE Cisco Certified Internetwork Expert
CCSP Cisco Certified Security Professional
CCNP Cisco Certified Network Professional
CCDP Cisco Certified Design Professional
CCNAW Cisco Certified Network Associate Wireless
ISO 27001 LI ISO/IEC 27001 Lead Implementer
ITSM Information Technology Infrastructure Library(ITIL)
Service Manager
MCITP Microsoft Certified IT Professional
PMP Project Management Professional
VCP VMware Certified Professional
© 2015 by Honeywell International Inc. All rights reserved.
Agenda
• Introductions
• Why Honeywell
• Solutions Overview
• Managed Services
• Cyber Security Lab
• Risk Manager
• Secure Media Exchange (SMX)
• Wrap-up / Q&A
11
© 2015 by Honeywell International Inc. All rights reserved.
Complete Industrial Cyber Security Solutions
12
• Continuous Monitoring
• Compliance & Reporting
• Cyber Security Risk Manager
• Industrial Security Information& Event Management (SIEM)
• Cyber Security Awareness & Training
Assessments
& Audits
Architecture
& Design
Network
Security
Endpoint
Protection
Situational
Awareness
TECHNOLOGY
Response
& Recovery
• Backup and Recovery
• Incident Response Planning
• Incident Response:On Site & Remote
• Industrial Cyber Security Vulnerability & Risk Assessments
• Network & Wireless Assessments
• Cyber Security & Compliance Audits
• Policy and Procedures Development
• Firewall, Next Gen FW
• Intrusion Detection & Prevention (IDS/IPS)
• Access Control
• Industrial Patching & Anti-Virus
• Industrial Application Whitelisting
• End Node Hardening
• Portable Media/Device/USB Security
• Secure Media Exchange (SMX)
• Current State Analysis
• Secure Design and Optimization
• Zone & Conduit Separation
© 2015 by Honeywell International Inc. All rights reserved.
The First Step to Security Is Understanding
the Current Environment
13
• Customer problems solved/needs addressed:– Identifying and prioritizing the biggest risks
– Meeting industry/government regulations and guidelines
– Finding which systems and devices are the most exposed, and the most vulnerable
– Prioritizing cyber security efforts for the maximum return
• Honeywell Offerings:– Network Assessment
– Wireless Assessment
– Security Assessment SL2 (coincidental & intentional attacks using simple means)
– Security Assessment SL3 (targeted attacks using sophisticated means)
– Compliance Assessments & Reports
Assessments
& Audits
Architecture
& Design
Network
Security
Endpoint
Protection
Situational
Awareness
TECHNOLOGY
Response
& Recovery
© 2015 by Honeywell International Inc. All rights reserved.
Example of using IEC 62443.03.03 Security
Levels
Security
levelSkills Motivation Means Resources
SL 1 Casual
SL 2 Generic Low Simple Low
SL 3 ICS specific Moderate Sophisticated Moderate
SL 4 ICS specific High Sophisticated Extended
ISA 99 / IEC 62443The SL determines the security requirements
Cri
tical
infr
astr
uctu
re
© 2015 by Honeywell International Inc. All rights reserved.
Maturity Indicator levels
15
Maturity
level
MIL1No formal practices exist
MIL2Initial formal practices exist but may be performed in ad hoc manner, however they must be
performed.
MIL3Practices are no longer performed irregular or ad hoc, performance of the practices is
sustained over time and are well documented. Overall performance is measured and
documented.
MIL4Practices have been further institutionalized and are now being managed. Polices exist, the
organization is fully aware and periodic audits and reviews of all activities are I place to
improve and anticipate on new threats.
The MIL determines the Maturity Indicator level Cobit / C2M2
© 2015 by Honeywell International Inc. All rights reserved.
Once You’ve Found a Gap, Fill It
16
• Customer problems solved/needs addressed:
– How to use network design to promote strong security
– Implementing Zones & Conduits (per IEC 62443) to minimize the impact of an incident
• Honeywell Offerings:
– Network Design & Optimization Services
– Wireless Design & Optimization Services
– Cyber Security Design Services
– Zones & Conduits
– Documentation of current architecture and security
Architecture
& Design
Network
Security
Endpoint
Protection
Situational
Awareness
TECHNOLOGY
Response
& Recovery
Assessments
& Audits
© 2015 by Honeywell International Inc. All rights reserved.
Before Assessment (Organic Growth)
© 2015 by Honeywell International Inc. All rights reserved.
Assessment Report Examples
© 2015 by Honeywell International Inc. All rights reserved.
Industrial Cyber Security Good Practices
3rd Party PLC Modbus TCP SCADA
Controllers Honeywell C300 3rd Party PLC Modbus TCP SCADA
Controllers
3rd Party DCS Systems
3rd Party DCS
Honeywell C300 PLC Modbus TCP SCADA
Controllers
Advanced Control Systems
Security Management PCN Monitoring
Level 3PCN
EPKS R410.x EPKS R430.x
Experion PKS
Network Monitoring Performance Monitoring Patch & Update Services
HoneywellManaged Services
Proxy / Relay Server
Remote AccessDMZ (PROD)
Honeywell Managed Service Center
IPS Sensor
Remote Users
Internet
Blade Chassis
IPS Sensor
Level 2
Level 2.5
Level 3
Level 3.5
Level 4
Internet
Level 1
IPS Sensor
Business LAN
Dell 01
ICS 201S
Dell 02
ICS 202S
ICS 203S
Dell 03
ICS 204S
Dell 03
ESXi hosts
L2.5 Routers
L3 Routers
L3.5 Firewalls
PCS Historian E-SVR / Collaboration Station
Process ControlDMZ
VPN
Backup & Restore VM Monitoring Passive Vulnerability
Monitoring
Honeywell Virtualization
Honeywell FTE Network
Threat Intelligence Next Generation Firewalls Intrusion Detection System Intrusion Prevention System Data Diode
Risk Manager Security Information & Event
Management (SIEM) Network Performance and Security
Monitoring Network Access Control
Backup & Restore System Hardening VM Performance Monitoring Domain High Security Policy User Access Control Passive Vulnerability Monitoring
OS/Application Vulnerability Management
Application Whitelisting ICS USB Protection Anti-Virus / Malware Protection Security Patch Management
Managed Industrial Cyber Security Services
EPKS R410.x EPKS R430.x
Experion PKS
Status
Power
FirewallCont rol
Honeywell MODBUS/TCP Firewall
Honeywell Control Firewall
Passive Security Monitoring Sensors
Backup & Restore VM Monitoring Passive Vulnerability
Monitoring
Honeywell Virtualization
ProxyFirewall
ESXi hosts
Power
Status
FirewallCont rol
Status
Power
FirewallCont rol
Power
Status
FirewallCont rol
© 2015 by Honeywell International Inc. All rights reserved.
Most Threats Come from the Network
20
• Customer problems solved/needs addressed:
– How to make it harder for the “bad guys” to get in
– What to do if/when they do get in
• Honeywell Offerings:
– Network Design Services
– Firewall Installation & Configuration
– IPS Installation & Configuration
– Perimeter Security Management
– Policy Development
Architecture
& Design
Network
Security
Endpoint
Protection
Situational
Awareness
TECHNOLOGY
Response
& Recovery
Assessments
& Audits
© 2015 by Honeywell International Inc. All rights reserved.
“Soft” Systems Are Easy Targets
21
• Customer problems solved/needs addressed:
– Identify which PCs and Servers are vulnerable to threats
– Determining if the proper access controls are in place(missing critical patches, AV is out-of-date, etc.)
• Honeywell Offerings:
– Endpoint Hardening
– Anti-Virus Installation & Configuration
– Application Whitelisting, Installation & Configuration
– Device Control
– Secure Media Exchange (SMX)
Architecture
& Design
Network
Security
Endpoint
Protection
Situational
Awareness
TECHNOLOGY
Response
& Recovery
Assessments
& Audits
© 2015 by Honeywell International Inc. All rights reserved.
Awareness is Critical
22
• Customer problems solved/needs addressed:– Staying diligent with limited security staff &
resources
– Understanding what’s happening, what’s at risk, and why
– Identifying the early-warning signs to prevent incidents
– Knowing what to do if/when an incident does occur
• Honeywell Offerings:– Honeywell Industrial Secure Connection
– Honeywell Industrial Protection Management
– Honeywell Industrial Intrusion Management
– Honeywell Industrial Intelligence Reporting
– Honeywell Industrial Risk Manager
Architecture
& Design
Network
Security
Endpoint
Protection
Situational
Awareness
TECHNOLOGY
Response
& Recovery
Assessments
& Audits
© 2015 by Honeywell International Inc. All rights reserved.
“We Have a Problem…”
23
• Customer problems solved/needs addressed:
– What do you do when an incident occurs?
– How do you recover?
– How do you regain safety and reliability?
• Honeywell Offerings:
– Backup & Restore Services
– Incident Response Services
Architecture
& Design
Network
Security
Endpoint
Protection
Situational
Awareness
TECHNOLOGY
Response
& Recovery
Assessments
& Audits
© 2015 by Honeywell International Inc. All rights reserved.
Agenda
• Introductions
• Why Honeywell
• Solutions Overview
• Managed Services
• Cyber Security Lab
• Risk Manager
• Secure Media Exchange (SMX)
• Wrap-up / Q&A
24
© 2015 by Honeywell International Inc. All rights reserved.
Secure Connection
Secure tunnel for services
Perimeter and Intrusion Management
Firewall: Configuration rules + log file review and reporting
IPS: Signature update validation + log file review and reporting
Protection Management
Qualified anti-malware files & operating system patches
Continuous Monitoring and AlertingMonitoring of system, network & cyber security performance
24/7 alerting against thresholds
Intelligence ReportingWeekly compliance and quarterly trend reports
Managed Industrial Cyber Security Services
© 2015 by Honeywell International Inc. All rights reserved.
Agenda
• Introductions
• Why Honeywell
• Solutions Overview
• Managed Services
• Cyber Security Lab
• Risk Manager
• Secure Media Exchange (SMX)
• Wrap-up / Q&A
26
© 2015 by Honeywell International Inc. All rights reserved.
Industrial Cyber Security Solutions Lab
World-Class and Industry Leading Innovation Platform
Flexible model of a complete process control network up to the corporate network
• Cyber Security solutions development and testing
• Training Platform for Cyber Security Engineers
• Demonstration lab for customers
- Simulate cyber attacks; demonstrate our cyber security solutions
© 2015 by Honeywell International Inc. All rights reserved.
Security Management
Intrusion Protection & Threat Intelligence
Application & Endpoint Security
Next Generation Firewall
Network Security
Cyber Security Controls and Tools: Examples
© 2015 by Honeywell International Inc. All rights reserved.
Agenda
• Introductions
• Why Honeywell
• Solutions Overview
• Managed Services
• Cyber Security Lab
• Risk Manager
• Secure Media Exchange (SMX)
• Wrap-up / Q&A
29
Industrial Cyber Security
Risk Manager
© 2015 by Honeywell International Inc. All rights reserved.
Where do I start?
Assess Your Cyber Security Posture
Has something happened that I need to act on?
How risky is my system from a security perspective?
How can I show that we are improving our security posture?
Is my control system up to date?
Am I following best practices?
When something goes wrong, what should I do?
© 2015 by Honeywell International Inc. All rights reserved.
Industrial Cyber Security Risk Manager
Proactively Monitor, Measure, and Manage Industrial Cyber Security Risk.
Developed specifically for industrial environments
© 2015 by Honeywell International Inc. All rights reserved.
Industrial Cyber Security Risk Manager
Proactively Monitor, Measure, and Manage Industrial Cyber Security Risk.
Easy-to-use Interface. No need to be a cyber security expert.
Translates complex cyber security indicators into simple measurements
Generates accurate measurements of risk that align with industry standards and operational goals.
Real time assessment and continuous monitoring for improved situational awareness
Vendor neutral
Low impact technology won’t disrupt operations
First of its Kind for Industrial Environments
© 2015 by Honeywell International Inc. All rights reserved.
At-A-Glance Dashboard Interface
Notifications Site Trend
Risk Level by Source
Site Risk
© 2015 by Honeywell International Inc. All rights reserved.
Out-of-the-Box Benefits
Immediate Improvements.
Translate complex cyber
security indicators into
simple measurements
Prioritize and focus
efforts on managing risks
Real-time assessment of
information from devices
throughout the process
control network
Immediate information for ongoing
situational awareness
© 2015 by Honeywell International Inc. All rights reserved.
No Need To Be Cyber Security Experts
Easy-to-use interface allows users to prioritize and focus on most important risks
Executives* Map key risk indicators to KPIs* Demonstrate value of cyber security investments
Plant Management* Help focus resources on addressing threats* Provide updates on the site’s security posture
Control Systems Engineers* Track / monitor assets according to different zones* Understand how possible attacks might disrupt operations
© 2015 by Honeywell International Inc. All rights reserved.
• SIEMs look for evidence of security threats, primarily in logs
Why Risk Manager?!
Honeywell Risk Manager
SIEM / Log Manager
Vulnerability Scanner
Network Monitor
People /Staff
Assesses Risk
Detects Threats
Detects
Vulnerabilities
Safe for ICS
Context of ICS
Built for ICS/OT
Proactive
Real-time
• Vulnerability scanners probe PCs for knownvulnerabilities in applications
• Network monitors look at networkbehavior and information flow
• Dedicated staff can measurerisk by doing manual data collection, analysis and risk assessment
© 2015 by Honeywell International Inc. All rights reserved.
Agenda
• Introductions
• Why Honeywell
• Solutions Overview
• Managed Services
• Cyber Security Lab
• Risk Manager
• Secure Media Exchange (SMX)
• Wrap-up / Q&A
38
© 2017 by Honeywell International Inc. All rights reserved.
Introducing Secure Media Exchange (SMX)An Industrial Cyber Security Innovation from Honeywell
© 2017 by Honeywell International Inc. All rights reserved. © 2017 by Honeywell International Inc. All rights reserved.
USB Security – A Persistent Challenge for Industrials
© 2017 by Honeywell International Inc. All rights reserved. © 2017 by Honeywell International Inc. All rights reserved.
SMX – How It Works in Your Plant
The contractor works with the “checked in”
removable media, on Windows devices with
SMX Client Software Suite. These Windows
devices are:
• Protected against malicious USB devices
• Able to log USB device and file activity
• Only able to read “checked in” removable media
The contractor is able to complete work and check out
the USB upon leaving the facility
The files are ”checked out” and can be used outside plant
When a contractor checks into the plant, he/she inserts
his/her USB into the SMX Intelligence Gateway, which:
• Inventories the drive
• Verifies inventories against Honeywell’s Advanced Threat
Intelligence Exchange (ATIX)
• Analyzes Unverified files
• Verifies & then checks in the device
No connection to
the customer’s
plant. Private
connection to the
ATIX for constant
detection updates,
patches, etc.
ATIX
_____
© 2017 by Honeywell International Inc. All rights reserved.
© 2017 by Honeywell International Inc. All rights reserved.
Built for industrial environments
Easy to deploy and use
Logs removable media usage
throughout the site and when
used with Industrial Cyber
Security Risk Manager, related
reporting is available
Allows administrator to
understand potential sources of
malware (i.e., who is attempting
to bring infected media to site)
Prohibits malware from being
propagated via removable media
Prevents unverified files from
being read on Windows hosts
Evergreen threat information
reduces potential attack window
Secures open USB ports from
non checked devices like smart
phones and other removable
media
Modernizes plant security
as part of daily site “check in”
process
Secure Media Exchange (SMX)
Extend Industrial Plant Protection to Removable Media/USBs
© 2017 by Honeywell International Inc. All rights reserved. © 2017 by Honeywell International Inc. All rights reserved.
SMX Benefits
Modernizes plant security
Evergreen threat information
reduces potential attack window
Prevents unverified files from
being read on Windows hosts
IEC 62443 compliant
Allows plant personnel and service providers to verify and use
removable media as part of daily site “check in” process, enforcing
corporate policies
Removable media is verified against evergreen threat intelligence,
not waiting on an individual to update signatures
Renders media from “uncontrolled” devices as unreadable to
prevent spread of malware
Securely connects to the cloud for threat updates,
without exposing the plant to any risk of network threats
Alerts detect outbound threats and
log outbound file transfers
Logs event when removable media contains malware upon check out
(i.e., media infected at plant after being verified by SMX at check in)
Prohibits malware from being
propagated via removable mediaVerifies files on removable media for malware. Prevents infected
and suspect files from being accessed on Windows devices. site
© 2017 by Honeywell International Inc. All rights reserved. © 2017 by Honeywell International Inc. All rights reserved.
SMX Use Cases: Enforcing Policy
Protected Server
Malicious USB device
Protected Server
Unapproved device types
Protected Server
Odd USB behavior
Protected Server
USB file transfer activity
Service provider tries to
use USB that is not
verified & checked in
USB Blocked
Media on drive unreadable
Bad actor tries to use USB
with infected media, that is
not verified & checked in
USB Blocked
Media on drive is unreadable
Logs odd USB behavior,
such as repeated attempts
to use quarantined files
Anomalous behavior
with USB is logged
Service provider’s activities
with USB, that is verified &
checked in, can be viewed
by SMX administrator after
check out
USB/User activity is logged
Use Case Device & Media Type Outcome
When a user has infected file
that is found during check inProtected Server
Malicious file quarantined
USB File Blocked
File on drive unreadable
1
2
3
4
5
© 2017 by Honeywell International Inc. All rights reserved. © 2017 by Honeywell International Inc. All rights reserved.
SMX Use Cases…
© 2017 by Honeywell International Inc. All rights reserved. © 2017 by Honeywell International Inc. All rights reserved.
Why Honeywell Industrial Cyber Security
• Global team of certified
industrial Cyber Security
experts
• 100% dedicated to industrial
cyber Security
• Experts in process control cyber
security
• Leaders in security
standards ISA99 / IEC62443 /
NIST
• Beyond Honeywell control
systems, can cover entire
operations infrastructure
• 10+ years of industrial cyber
security
• 1,000+ successful industrial
cyber projects
• 300+ managed industrial cyber
security sites
• Proprietary cyber security
methodologies and tools
• Maintain a robust security
posture with Managed Services
offerings
• Comprehensive portfolio, from
services to advanced risk
medication solutions
• Continued R&D investment
in industrial cyber security
• Integrate best in class and
vetted security solutions, such
as Palo Alto Networks, McAfee,
Cisco, Bit9, Tofino
• Industry first Cyber Security
Risk Manager
• State of art Industrial Cyber
Security Solutions Lab
Industrial Cyber
Security Experts
Proven
Experience
Investment and
Innovation
© 2015 by Honeywell International Inc. All rights reserved.
Contacts
Mike SpearGlobal Operations Manager
Phone: +1 (770) 689-1132
Cell: +1 (678) 447-6422
Follow us: www.twitter.com/InSecCulture
Blog: http://insecurity.honeywellprocess.com
Bulletin Board: http://hpsvault.honeywell.com/sites/hpsvault/services/
Website: http://www.becybersecure.com
Safdar AkhtarDirector Business Development
ME, Africa and Asia
Cell: +971 56 418 8706
Ammar AlzaherBusiness Development Manager
KSA, Bahrain, North Africa
Cell: +966 50 209 6662
Alex ShvidunSr. Technical Manager ME
Cell: +971 50 643 6674
© 2015 by Honeywell International Inc. All rights reserved.
Thank YouHoneywell Industrial Cyber Securitywww.becybersecure.com
© 2015 by Honeywell International Inc. All rights reserved.
APPENDIX
49
© 2015 by Honeywell International Inc. All rights reserved.
What Makes the Secure Connection Secure?
• Architecture: Relay Server L3.5 (“DMZ”) & Secure Service Node L3- Supports the ISA99 concepts of zones & conduits, authentication, security logging,
input validation and system integrity checks
- Work together for hardened PCN communications security
• Two-Factor Authentication- Validated both ways – verify really Service Center and really customer site
- Utilizes unique “fingerprints”, Honeywell generated security certificates (not 3rd party), proprietary security certificates and security keys for verification
• Secure, Encrypted Tunnel for Communications (VPN)- Encrypted communication uses licensed SSL
- Tunnel can only connect to Honeywell’s Managed Security Service Center
- Communications not visible on corporate side – encrypted; Wire Shark will tell you nothing
• Customer Controlled Connection & Security Policies- Tunnel can only be initiated by Site’s Secure Service Node
- Permissions can be set per device, person, and/or time, or system wide
• Fully Audited Recording & Reporting of Actions- Replay will show display and mouse movements of session
50
© 2015 by Honeywell International Inc. All rights reserved.
Connection Initiated by Site Secure Service Node
• SSL Encrypted, Two-Factor Authenticated Communication
• Connects to ManagedSecurity Service CenterONLY
• Encrypted communication through corporate network provides additional security
Secure Connection Architecture
51
Internet
Level 3
Level 3.5 DMZ
Level 4
Level 2
Level 1
ACE
ExperionServer
Domain Controller
Domain Controller
ExperionServer
3RD Party Apps
TerminalServer
eServer
EST
ESF
Anti-MalwareServer
DMZ
EngineeringControls
OperatorControls
CORPORATE
WindowsTM
Patch MgmtServer
(WSUS)
CorporateRouter
Communication Server
DMZ
DatabaseServers
Application Servers
CorporateProxyServer
RelayServer
SecureServiceNode
• Relay Server isolates ICS/PCN ensuring no direct communication between Level 3 & Level 4/Corporate Network
• Restricts unauthorized ICS/PCN nodes from sending or receiving data
Managed Security Service CenterIndustrial
Site
© 2015 by Honeywell International Inc. All rights reserved.
Two-Factor Authentication
Machine to Machine
- 1) Site verifies it is connecting to Honeywell
- 2) Honeywell verifies it is connecting to site
- SSL encrypted tunnel (VPN) created
- Certificate based (encrypted), keys needed to decrypt
- User passwords initiate tunnel
52
Site
Encrypted
CertificateEncrypted
Certificate
Key to Read
CertificateKey to Read
Certificate
Secure Service Node
“Fingerprint”
Site Initiates Tunnel (VPN)
12
1
2
© 2015 by Honeywell International Inc. All rights reserved.
Utilize the Secure Connection for 3rd Party
Control
53
• Optional service
• Authorized contractors sent a registered dynamic token
generator
- Generates single-use passwords used as part of login process
• No modification of corporate firewall is required
• Secure Service Node polices set permissions
• Entire session recorded and stored
Site
3rd Party
Contractor
Honeywell requests tunnel
Honeywell provides SafeNet dynamic token
Contractor login with
one time password
• Site policies define 3rd party
access & actions
• Session actions are recorded
and stored 1
23