rudrajit roy industrial cyber security · • maintain uptime and meet production goals and other...
TRANSCRIPT
A Comprehensive ApproachINDUSTRIAL CYBER SECURITYRudrajit Roy
20 October 2016
Honeywell Confidential - © 2016 by Honeywell International Inc. All rights reserved.
Agenda
• Global Industrial Cyber Security Journey
• Industry Best Practices
• Honeywell Industrial Cyber Security – Who we are, What can we do?
• Honeywell Risk Manager
• Why Honeywell?
• DEMOs at the Technology Center
1
Honeywell Confidential - © 2016 by Honeywell International Inc. All rights reserved.
SAFETY Culture Vs CYBER Security Culture
No Safety, Reliability & Availability without Cyber Security
• Walking through the area without
a hard hat or applicable PPE?
• Beginning to welding without hot
work permit?
• “I don’t have time for the hazard
assessment”
• Configure without security, path
of least resistance
• Connecting untrusted portable
devices to critical
networks/devices
• “I don’t have time to scan”
On the operations floor, which scenario would be considered the more serious violation?
Complacency is not tolerated for safety,
why Cyber?
2
Honeywell Confidential - © 2016 by Honeywell International Inc. All rights reserved.
Global Journey – Industrial Cyber Security
Integral part of Control System Lifecycle
2010 YOUNG &
IMMATURE
1. FEAR
2. AVAILABILITY,
SAFETY and
RELIABILITY
3. STANDARDS and
COMPLIANCE
Starts MATURING
1. STANDARDS and
COMPLIANCE
2. AVAILABILITY,
SAFETY and
RELIABILITY
3. FEAR
• Scientific Discipline
• Integral part of
Control System
Lifecycle
• Never “ Solved “ but
“ Managed “
• Attack Back
PRESENT FUTUREPAST
3
Honeywell Confidential - © 2016 by Honeywell International Inc. All rights reserved.
Industrial Cyber Security Standards
Honeywell Experience
United Arab Emirates
• NESA National Electronic Security Authority
Qatar
• ICT Qatar National Electronic Security Authority
Standards organizations such as
• IEC International Electro technical Commission
• ISA International Society of Automation
• ISASecure ISA Security Compliance Institute
• ISO International Standards Organization
United States of America - Government / semi-government
• NIST National Institute of Standards &Technology
• NERC CIP North American Electric Reliability Corporation / Critical Infrastructure Protection
4
Honeywell Confidential - © 2016 by Honeywell International Inc. All rights reserved.
Industry Best Practice – Purdue model of Controls
• IEC-62443, ISO-99, NIST, ICT Qatar, NESA, etc.
- Demarcation (DMZ Deployment)
- Layered structured
3rd Party PLC Modbus TCP SCADA
Controllers Honeywell C300 3rd Party PLC Modbus TCP SCADA
Controllers
3rd Party DCS Systems
3rd Party DCS
Honeywell C300 PLC Modbus TCP SCADA
Controllers
Advanced Control Systems
Security Management PCN Monitoring
Level 3PCN
EPKS R410.x EPKS R430.x
Experion PKS
Network Monitoring Performance Monitoring Patch & Update Services
HoneywellManaged Services
Proxy / Relay Server
Remote AccessDMZ (PROD)
Honeywell Managed Service Center
IPS Sensor
Remote Users
Internet
Blade Chassis
IPS Sensor
Level 2
Level 2.5
Level 3
Level 3.5
Level 4
Internet
Level 1
IPS Sensor
Business LAN
Dell 01
ICS 201S
Dell 02
ICS 202S
ICS 203S
Dell 03
ICS 204S
Dell 03
ESXi hosts
L2.5 Routers
L3 Routers
L3.5 Firewalls
PCS Historian E-SVR / Collaboration Station
Process ControlDMZ
VPN
Backup & Restore VM Monitoring Passive Vulnerability
Monitoring
Honeywell Virtualization
Honeywell FTE Network
Threat Intelligence Next Generation Firewalls Intrusion Detection System Intrusion Prevention System Data Diode
Risk Manager Security Information & Event
Management (SIEM) Network Performance and Security
Monitoring Network Access Control
Backup & Restore System Hardening VM Performance Monitoring Domain High Security Policy User Access Control Passive Vulnerability Monitoring
OS/Application Vulnerability Management
Application Whitelisting ICS USB Protection Anti-Virus / Malware Protection Security Patch Management
Managed Industrial Cyber Security Services
EPKS R410.x EPKS R430.x
Experion PKS
Status
Power
FirewallCont rol
Honeywell MODBUS/TCP Firewall
Honeywell Control Firewall
Passive Security Monitoring Sensors
Backup & Restore VM Monitoring Passive Vulnerability
Monitoring
Honeywell Virtualization
ProxyFirewall
ESXi hosts
Power
Status
FirewallCont rol
Status
Power
FirewallCont rol
Power
Status
FirewallCont rol
Control
Zone
DMZ
EnterpriseZone
5
Honeywell Confidential - © 2016 by Honeywell International Inc. All rights reserved.
6
Honeywell Industrial Cyber Security
Honeywell Confidential - © 2016 by Honeywell International Inc. All rights reserved.
Honeywell Industrial Cyber Security
Global Operations with Local Focus
Amsterdam
AtlantaHouston
Edmonton
Santiago Perth
Kuala Lumpur
RSC + HICS
HICS Office
Private LSS RSC
HICS Resource(s)
Dubai
Global setup to serve
global organizations
as well as local asset
ownersBucharest
Pune
7
Honeywell Confidential - © 2016 by Honeywell International Inc. All rights reserved.
Complete Industrial Cyber Security Solutions
Proven, Trusted and Industry Leading
• Professional Field Services
- Advisory consulting
- Implementation and systems integration
- Operational service and support
• Managed Cyber Security Services
- Continuous monitoring and alerting
- Secure automated patch & signature updates
- Cyber expert support and co-management
• Honeywell Cyber Security Software
- Industrial Cyber Security Risk Manager
- Monitoring platform and assessment tools
• Integrated Partner Technology
Comprehensive, Holistic and Vendor Neutral
8
Honeywell Confidential - © 2016 by Honeywell International Inc. All rights reserved.
Solutions Addressing Cyber Security End to End• Industrial Cyber Security Vulnerability &
Risk Assessments
• Network & Wireless Assessments
• Cyber Security & Compliance Audits
• Policy and Procedures Development
• Firewall, Next Gen FW
• Intrusion Detection & Prevention (IDS/IPS)
• Access Control
• Industrial Patching & Anti-Virus
• Industrial Application Whitelisting
• End Node Hardening
• Portable Media/Device/USB Security
• Continuous Monitoring
• Compliance & Reporting
• Cyber Security Risk Manager
• Industrial Security Information& Event Management (SIEM)
• Cyber Security Awareness & Training
• Current State Analysis
• Secure Design and Optimization
• Zone & Conduit Separation
• Backup and Recovery
• Incident Response Planning
• Incident Response:On Site & Remote
• Forensics & Analysis
9
Honeywell Confidential - © 2016 by Honeywell International Inc. All rights reserved.
Customer Demonstrations
Training and Certification
Solutions Development
Industrial Cyber Security Solutions Lab
World-Class, Industry Leading Innovation
Flexible Model of Complete Process Control Network
10
Honeywell Confidential - © 2016 by Honeywell International Inc. All rights reserved.
Managed Industrial Cyber Security Services
Monitoring, Reporting and Honeywell Expert Support
Patch and Anti-Virus Automation
Security and Performance Monitoring
Activity and Trend Reporting
Advanced Monitoring and Co-Management
Secure Access
Tested and qualified
patches for
operating systems &
DCS software
Tested and qualified
anti-malware
signature file
updates
Comprehensive
system health &
cybersecurity
monitoring
24x7 alerting
against predefined
thresholds
Automated inventory
Monthly or quarterly
compliance &
performance reports
Identifying critical
issues and chronic
problem areas
Firewalls, Intrusion
Prevention Systems,
etc.
Honeywell Industrial
Cyber Security Risk
Manager
Highly secure remote
access solution
Encrypted,
two factor
authentication
Complete auditing:
reporting &
video playback
11
Honeywell Confidential - © 2016 by Honeywell International Inc. All rights reserved.
Honeywell Security Service Center (SSC)
12
Honeywell Confidential - © 2016 by Honeywell International Inc. All rights reserved.
Honeywell SUIT Lab Security Update Investigation Team
Testing & Qualification of Microsoft Patch Updates & Anti-Malware Updates for Honeywell Systems
13
Honeywell Confidential - © 2016 by Honeywell International Inc. All rights reserved.
Honeywell Expertise
Operational Technology Experience
14
Honeywell Confidential - © 2016 by Honeywell International Inc. All rights reserved.
Cyber Security Controls and Tools: Examples
Security Management
Intrusion Protection & Threat Intelligence
Application & Endpoint Security
Next Generation Firewall
Network Security
15
Honeywell Confidential - © 2016 by Honeywell International Inc. All rights reserved.
Roadmap
16
Honeywell Confidential - © 2016 by Honeywell International Inc. All rights reserved.
Cyber Trainings by Automation College
Trained ‘people’ = effective Cyber Program
17
Honeywell Confidential - © 2016 by Honeywell International Inc. All rights reserved.
Honeywell Risk Manager
No Need to be a Cyber Security Expert, made for DCS
Risk Location
WHERE IS IT
COMING FROM?
Risk Indicators
WHAT DO I NEED
TO DO?
Risk Sources
WHAT IS CAUSING
THE RISK?
Risk Trends
HOW AM I DOING?
18
Honeywell Confidential - © 2016 by Honeywell International Inc. All rights reserved.
Proven and Trusted
• Continuously & Real-time
• Identify & Analyze
Vulnerabilities and Threats
• Inside and Outside attacks
• Employee actions
• Devices on Network
• Network Traffic
• Rogue Devices
• Immediate Notifications
Monitor
• Time to implement security
patches
• % of endpoints free of
malware and viruses
• Reduction in unplanned
system downtime
• Reduction in number of known
vulnerabilities & Threats
• Percentage of recurring
incidents
• Improvements in overall site
risk
Measure
• Reactive to proactive cyber
security planning
• Accurately track
improvements
• Generate correct reports
• Trending help you gauge the
impact of decisions
• Manage workflow and
prioritize resources based on
risk severity
• No reconfiguration of system
with each upgrade
Configuration data and risk
settings are preserved
Manage
19
Honeywell Confidential - © 2016 by Honeywell International Inc. All rights reserved.
Value Proposition
20
Honeywell Confidential - © 2016 by Honeywell International Inc. All rights reserved.
Addresses Stakeholder Responsibilities
Proven and Trusted
• Provide updates on the site’s
security posture
• Have accurate measurements of
risk aligned with industry standards
• Help focus resources on addressing
threats
• Maintain uptime and meet
production goals and other core
business objectives
• Gain the know-how to prioritize
efforts to manage risk
• Assess the impact of security
controls on automation
performance
• Establish and improve metrics for
out-of-date patches and anti-
malware.
• Anticipate cyber security scenarios
• Plan for protective measures/safe
operating procedures
• Understand how possible attacks
might disrupt operations
• Monitor the IACS for indicators of
threats
• Track/monitor assets according to
different zones.
• Demonstrate cyber security due
diligence to board of directors,
investors and regulators
• Map key risk indicators to KPIs
• Demonstrate the value of cyber
security investments
• Incorporate meaningful cyber
security risk ratings into risk
management frameworks and
evaluate compliance efforts
Control Engineers ExecutivesPlant Management
21
Honeywell Confidential - © 2016 by Honeywell International Inc. All rights reserved.
Proven
Experience
• Global team of certified Industrial
Cyber Security experts
• 100% dedicated to Industrial Cyber
Security
• Experts in process control cyber
security
• Leaders in security
standards ISA99 / IEC62443 / NIST
• 10+ years industrial cyber security
• 1,000+ successful industrial cyber
projects
• 350+ managed industrial cyber
security sites
• Proprietary cyber security
methodologies and tools
• Largest R&D investment
in industrial cyber security
• Strategic partnerships with leading
cyber security
product vendors
• Industry first Cyber Security Risk
Manager
• State of art Industrial Cyber Security
Solutions Lab
Investment and InnovationIndustrial Cyber
Security Experts
Why Honeywell?
Proven Industrial Cyber Security Solution Provider
Minerals,
Metals & Mining
Refining &
Petrochemical Chemicals Power Generation Pulp & PaperOil & Gas
22
Honeywell Confidential - © 2016 by Honeywell International Inc. All rights reserved.
Demo @ Technology Center
23
Honeywell Confidential - © 2016 by Honeywell International Inc. All rights reserved.
Industrial Cyber Security Risk Manager
Proactively Monitor, Measure, and Manage Industrial Cyber Security Risk
Easy-to-use interface and built in guidance eliminates need to be a cyber security expert
Real time data collection and analytics, continuously monitors for indicators of cyber security risk
Internal health monitoring helps ensure the system is operating at optimum level
Low impact monitoring won’t disrupt plant operations or cause network delays
First and only of its kind for
Industrial Environments
Available Globally
Proactively identifies vulnerabilities & detects threats that could impact the ICS
24
Honeywell Confidential - © 2016 by Honeywell International Inc. All rights reserved.
Managed Industrial Cyber Security Services
Database Servers
Application Servers
Communication Server
Experion Servers
Domain Controller
EST/ESF
ACE
Relay Node
Service Node
Domain Controller
eServerTerminal Server
EST/ESF 3rd Party Historian
Level 4
Level 3.5
Level 3
Level 2
Level 1
Corporate Proxy Server
Anti malwarePatch ManagementMonitoringSecure access
SSL Encrypted communication
Connects to Honeywell Security Service Center ONLY!
Isolates ICS/PCN
Restricts unauthorized ICS/PCN nodes from sending or receiving data
Ensures no direct communication between L3 and L4
Security Service CenterIndustrial Site Internet
Ge
t u
pd
ate
s
Sen
d d
ata
Ge
t u
pd
ate
s
Co
llect
mo
nit
ori
ng
da
ta
25
Honeywell Confidential - © 2016 by Honeywell International Inc. All rights reserved.
Honeywell Industrial Cyber Security
Follow us: www.twitter.com/InSecCulture
Blog: http://insecurity.honeywellprocess.com
Bulletin Board: http://hpsvault.honeywell.com/sites/hpsvault/services/
Website: http://www.becybersecure.com
Safdar Akhtar
Director Business Development
ME, Africa and Asia Pacific
cell: +971 56 418 8706
Rudrajit Roy
Business Development Manager
India and SEA
cell: +602 4646915
Mike Spear
Global Operations Manager
phone: +1 (770) 689-1132
cell: +1 (678) 447-6422
Chee Ban Ngai
APAC Operations Manager
cell: +60-122330915
26
Honeywell Confidential - © 2016 by Honeywell International Inc. All rights reserved.
Thank You
www.becybersecure.com
Honeywell Confidential - © 2016 by Honeywell International Inc. All rights reserved.
Backup Slides
28
Honeywell Confidential - © 2016 by Honeywell International Inc. All rights reserved.
IT Vs OT
Corporate
IT
Industrial Controls Systems
OT
Risk Non life threatening Safety
Availability &
ReliabilityImportant – Down time is acceptable Critical – Downtime is not acceptable
Architecture & Traffic
type
Voice, Video, Data over business IT
infrastructure
Events drive, real-time, Industrial embedded HD
and SW. Controls, safety, motion, time
synchronization, etc.
Interfaces
OS and applications, Unix, terminals,
keyboards, web browsers, Graphical
user interfaces, etc.
Servers, Sensors, E/M switches, actuators, relays,
PLC, DCS, SCADA, etc.
Customized embedded OS
Communication
connectivity
LAN based on dynamic IP, WAN Based
on optical, etc.
Plant based on static IP over ethernet or
customized twisted pair, etc.
Roles &
Responsibilities
Support and protect business
applications
Support plant critical processes
Availability, reliability and safety
29