A major European oil and gas company that acquires, explores, produces and supplies chemical and petroleum products had a cybersecurity challenge. Company leadership wanted a better way to quantify and respond to the industry’s increasing levels of cybersecurity risk. Pioneers were looking for a new way to better understand and improve their company’s OT cybersecurity.
As part of this effort, pioneers wanted to compare the company’s current levels of protection against a series of hypothetical attacks to identify gaps. With operations in several locations and a supply chain network of over 1,000 gas stations, auditing and improving the company’s cybersecurity would be no small task.
Set of analysis and recommendations
The Honeywell csHAZOP solution is designed to deliver a comprehensive set of analysis
To help overcome these challenges, the company called in Honeywell and, specifically, its csHAZOP services team to perform a detailed design evaluation based on OT cybersecurity risk. The Honeywell csHAZOP solution is designed to deliver a comprehensive set of analysis and recommendations–it goes beyond the standard cybersecurity vulnerability assessment or IEC 62443 compliance audit by adding deeper analysis that is designed to:
- Investigate a significant amount of what can go wrong, including approximately 500+ attack scenarios – evaluating these for multiple threat actors and different consequences,
- Address – via risk assessments – both the likely risk reduction through the regular IT type of countermeasures (AV, firewall, hardening, etc.) and the consequence severity reduction through the implementation of safeguards (e.g., hardwiring critical control signals),
- Estimate residual risk for each hazard, allowing identification and quantification, making mitigation actionable,
- Focus on process automation cybersecurity risk (csHAZOP stage 1) or production process cybersecurity risk (by adding csHAZOP stage 2 vs. cybersecurity production risk) to add a higher level of cybersecurity analysis from an OT perspective unique in the industry.
Send in the csHAZOP experts
Honeywell cyber experts also uncovered some high-risk design deficiencies
The Honeywell OT cybersecurity experts worked with the Honeywell proprietary csHAZOP method to uncover several concrete recommendations for immediate remediation and technical design recommendations in the company’s ICS, to be considered in upcoming ICS migrations. Honeywell cyber experts also uncovered some high-risk design deficiencies. The Honeywell csHAZOP framework was used to identify levels of residual risk to determine which security hazard was more critical to address versus others.
Honeywell provided targeted guidance on several aspects of the study, using experience from real-world cyber attacks in the industry. Honeywell’s csHAZOP service is one of the few cybersecurity assessments available on the market that is designed to apply counterfactual risk analysis.
Honeywell’s csHAZOP report
This evaluation now links OT cybersecurity to loss prevention and process safety
Given a system’s protective measures, this method helps a company evaluate which cyber attacks (based on countermeasures, security protections and type of threat actor) may succeed. This evaluation directly links OT cybersecurity to loss prevention and process safety.
Honeywell’s csHAZOP report for this oil and gas refinery was considered successful by the customer because of its well-defined procedure, the tools Honeywell has specifically designed for OT systems and the team’s experience and efforts in OT cybersecurity.
Results of the csHAZOP assessment
“The results of the csHAZOP assessment from Honeywell went beyond our expectations. We have received a detailed and analytical cybersecurity hazard and operability report concerning both identified risks and realistic recommendations for remediation."
"Additionally, the report is a valuable tool for future upgrades of our systems as well as new projects and the development of an incident response plan. We intend to repeat this assessment periodically, as it is a valuable tool in our continuous efforts to improve security for our systems from the ever-evolving cybersecurity threats,” Major refinery in Europe.
