Download PDF version Contact company

Cybersecurity threats targeting organisations' industrial control systems (ICS) are not always direct. Instead, the most vulnerable entries to an ICS can start with external partners, like suppliers and vendors. 

Honeywell's customer, a global pharmaceutical company, realised that potential vulnerabilities like these might be in its partner ecosystem. Therefore, the pharmaceutical company wanted to get ahead of a potential breach so they trusted Honeywell to do a thorough assessment of its suppliers’ operational technology (OT) cybersecurity gaps.

Why did the customer choose Honeywell? 

First, Honeywell's OT cybersecurity experts took the time to understand the customer’s processes at more than 100 sites around the globe. Second, Honeywell experts used their knowledge and experience along with the customer process insight to conduct assessments that met their unique needs.

Many of the competitors are simply IT vendors dabbling in the world of OT. Honeywell, however, has the knowledge and the experience to better meet the demands of OT. The pharmaceutical company chose Honeywell over the competitors based on the quality and wealth of OT knowledge the experts provided.

Spreading security

The Cybersecurity Vulnerability Assessment is part of a global two to three-phase project that covers over 100 sites

This was not to be a small or limited undertaking. This Cybersecurity Vulnerability Assessment is part of a global two to three-phase project that covers more than 100 sites.

The first assessment was completed for the company’s site in India with other sites being covered in later phases.

Vulnerability assessment

Honeywell’s OT cybersecurity experts conducted the vulnerability assessment to help capture the customer’s control system vulnerabilities and potential weak spots. The assessment performed was a holistic technical review of the ICS infrastructure.

It focused on analysing their cybersecurity processes, procedures, and safeguards to better protect their industrial control systems(ICS) from internal and external threats. Because Honeywell focuses on OT as opposed to IT only, Honeywell experts are skilled in considering the entirety of an ecosystem. This means including people, processes, and any technical issues that can impact the ICS cybersecurity posture.

Digging in to reduce risks 

The Honeywell team was able to holistically assess the customer’s ICS environment, documenting observations 

The Honeywell team has deep expertise across IEC 62443 standards and other industry-specific guidelines, as well as invaluable experience with control systems.

Because of this expertise, the Honeywell team was able to holistically assess the customer’s ICS environment, documenting observations and recommendations to help reduce cybersecurity risks.

Physical site review

Honeywell team first conducted a physical site review to assess to uncover issues such as control room doors left unlocked, passwords in the line of sight, and other security compliance violations.

The team also reviewed the customer’s network equipment from third parties such as switches, routers, and firewalls; reviewed the infrastructure configurations; and checked installation processes.

Site-specific recommendations

The report detailed best practices and site-specific recommendations to help the customer help mitigate and prioritise

All the vulnerabilities, severity levels, and remediation details were included in the Cybersecurity Vulnerability Assessment report.

The report also detailed best practices and site-specific recommendations to help the customer help mitigate and prioritise any identified threats or vulnerabilities and notes regarding how and where each step can serve as a foundation for the best practice architecture.

Challenges and successes

Honeywell experts remained diligent in exceeding the customer’s expectations despite the shutdown in India due to the pandemic and the unexpected need to assess and remediate assets.

Honeywell also had one secret weapon: one of the OT cybersecurity experts had real-life experience in the pharmaceutical industry. This made it possible for the team to better tailor the assessment (and recommendations) to this particular customer.

Download PDF version Download PDF version

In case you missed it

Anviz Global expands palm vein tech for security
Anviz Global expands palm vein tech for security

The pattern of veins in the hand contains unique information that can be used for identity. Blood flowing through veins in the human body can absorb light waves of specific wavelen...

Bosch sells security unit to Triton for growth
Bosch sells security unit to Triton for growth

Bosch is selling its Building Technologies division’s product business for security and communications technology to the European investment firm Triton. The transaction enc...

In age of misinformation, SWEAR embeds proof of authenticity into video data
In age of misinformation, SWEAR embeds proof of authenticity into video data

The information age is changing. Today, we are at the center of addressing one of the most critical issues in the digital age: the misinformation age. While most awareness of thi...