Hackers gain control of a chemical plant’s furnace control system. They tamper with the temperature settings and cause an explosion. The consequences of an incident like that can be catastrophic, especially since 9.3 million people reside within a 10-kilometre radius of the average chemical plant in the US.
Targeting operational technology (OT) systems has become a typical tactic for bad actors. Cybercriminals and nation-state actors see these critical assets as an open invitation to disrupt operations, cause physical damage and even put public safety at risk.
Average cost of Cyber breach
OT environments require greater connectivity to realise the advantages of an intelligent production environment. “With increased connectivity comes the increased risk of bad actors gaining access to a network. They want to use it as a launching point to deploy malware and cripple the ability to produce products or provide services,” says Chase Carpenter, Chief Security Officer at Honeywell.
Attacks are also costly. According to the Ponemon Institute, the average cost of a cyber breach in critical infrastructure is now $4.5 million. Moreover, 75% of OT organisations experienced at least one intrusion in the past year.
OT cybersecurity starts with visibility
Unfortunately, the solution didn’t provide the visibility required to efficiently identify cyber threats
Honeywell needed to improve security for its own manufacturing environment. Every one of its over 400 facilities depend on OT to function, and in turn, those OT environments depend on cybersecurity programs and solutions to help improve their defences against malware and other cyber attacks that could disrupt or, worse, shut down its manufacturing sites.
Before they can implement a good security program for the OT assets, they need to know what they are and where they are. Honeywell started by using an off-the-shelf cybersecurity solution to monitor OT networks at its various manufacturing locations. Unfortunately, the solution didn’t provide the visibility required to efficiently identify cyber threats. Specifically, the tool could not correctly detect numerous network assets, which might vary between workstations, test devices, control systems, CNC devices and more, depending on the manufacturing site.
Advantage of the situation
Honeywell would have to shut down a factory every time the site was threatened
“Over 49% of our assets were left unclassified,” says Mukesh Saseendran, Director of Cybersecurity at Honeywell. “To get an accurate inventory, we needed an individual to walk down to every single workstation and document everything manually, which in itself is labour intensive and prone to human error.” If an asset is undocumented, it’s a blind spot. It could present a gaping hole for attackers to infiltrate, and no one would know about it until it’s too late. Without the right cyber tools in place, Honeywell would have to shut down a factory every time the site was threatened, resulting in serious revenue leakage.
“If I don’t know about a particular asset, I can’t protect it and that’s a terrifying scenario,” Carpenter says. “There could be bad actors taking advantage of the situation to stage an attack.”
Honeywell taps in-house experience to fight threats
Around the same time that Honeywell realised its commercial off-the-shelf solution was inadequate, the company launched its own OT cyber solution. This software solution – Honeywell Forge Cybersecurity+ | Cyber Insights – came from years of internal development in Honeywell’s OT cybersecurity business, which serves multiple industries with products and services designed to help organisations reduce their industrial cybersecurity risk.
Honeywell tested and evaluated dozens of OT cybersecurity software products in its labs
The reality is that, over the years, Honeywell tested and evaluated dozens of OT cybersecurity software products in its labs – for itself and its customers. The company gained profound insight into what is considered a best-in-class solution and applied that insight as it developed Cyber Insights.
Inventory of assets on the network
Carpenter says he had three must-haves before removing the previous cyber tool and replacing it with Cyber Insights. First, the solution needed to be capable of accurately determining the inventory of assets on the network. Second, he and his team needed the capability to be able to passively detect any malicious activity happening on the network. Third, the solution should be designed to accurately identify the version of the operating system or firmware on each asset and when it needs to be patched or updated.
“Cyber Insights delivered on every one of those must-haves,” says Carpenter. “Honeywell now has far greater visibility into all the assets on the network that manage, monitor and control its industrial infrastructure.”
OT-centric environments
In addition, Cyber Insights is designed to provide a layer of vulnerability defence
“Having this visibility also means that, in case there is an adverse situation, we should have the ability to respond more quickly to the threat,” says Saseendran. In addition, Cyber Insights is designed to provide a layer of vulnerability defence. If an unauthorised system is trying to communicate with another asset, Cyber Insights is designed to raise flags and send alerts about the potential threat.
Cyber Insights is also capable of significantly reducing unnecessary noise, particularly in OT-centric environments. “The previous product discovered 200,000 to 300,000 assets and networks across all our sites, and we didn’t understand why it was discovering so many,” explains Saseendran. “We later realised it was looking at the data and traffic incorrectly and, as a result, generating a lot of noise. When we switched to Cyber Insights and did the audit correctly, we were down to 67,000 assets across those sites. Honeywell now has far greater visibility into all the assets and networks that manage, monitor and control its industrial infrastructure.”
Deployment of Cyber Insights
Cyber insights are designed to make the implementation process easy
Carpenter is the process of deploying Cyber Insights to 120 of Honeywell’s vital manufacturing sites
Another major downside to that original off-the-shelf tool was that it was very difficult and time-consuming to implement. At each site, it took Honeywell four to six months to get up and running with the solution. “There are over 400 factory sites at Honeywell,” says Saseendran. “We simply cannot invest six months per site to implement the solution. That’s why efficient implementation is so critical.” In contrast, Honeywell implemented its first Cyber Insights site in less than a month, with seven sites implemented in two months. Carpenter is now in the process of deploying Cyber Insights to 120 of Honeywell’s most critical manufacturing sites.
Honeywell’s experience indicates that a typical single-site deployment of Cyber Insights takes about 33% less time than the previous solution utilised by Honeywell. In addition to ease of implementation, Cyber Insights’ clear and straightforward representation of the network landscape simplified asset configuration and viewing, which is crucial for asset discovery without resorting to manual audits. Since going live with Cyber Insights, Honeywell observed an 18% to 20% increase in asset discovery within the Honeywell-deployed sites. This is a significant benefit that eliminates the need for manual workstation audits, which are often error-prone and unreliable.
The Honeywell difference
Reality is that OT cybersecurity is lazing because it needs specialised tools and knowledge
Cyber teams have become skilled at implementing solutions, practices and procedures designed to improve security for IT systems; however, the reality is that OT cybersecurity is lagging because it requires specialised tools and knowledge. Organisations simply can’t use the tools they have in the IT space when managing their OT environment
Honeywell has approached this challenge by leveraging its vast experience in the OT world to develop Cyber Insights. “We have a very complex environment, including small sites, large sites and sites around the world,” says Saseendran. “If Cyber Insights works for us in our manufacturing sites, it will very likely work for our customers as well. There is no silver bullet to fully secure your OT environment,” says Carpenter. “However, Honeywell currently offers one of the most complete sets of products and services that can help organisations improve their protection of their critical OT assets.”
Robust cybersecurity solution for the OT environment
Implementing Cyber Insights is like getting a good pair of glasses for the first time – everything becomes clear, and with that clarity comes new speed and efficiency. If there is an attack, Cyber Insights is designed to help cyber teams identify the source and know where to focus, which can help their organisations save valuable time and resources. It is not an install-once and-walk-away solution, but rather a constant companion in the battle against cybercrime.
If they are looking for a comprehensive and robust cybersecurity solution for the OT environment, look no further than Honeywell Forge Cybersecurity+ | Cyber Insights. This solution can help them improve the visibility, control and resilience of the OT network, and help to improve their ability to protect it from cyber threats that could harm the business and reputation.
