konstantin rogalas cyber security program & solutions … · 2015-11-25 · - plan capex and...
TRANSCRIPT
![Page 1: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your](https://reader031.vdocuments.site/reader031/viewer/2022040902/5e736bb08a952940d34ff59a/html5/thumbnails/1.jpg)
CYBER SECURITY PROGRAM & SOLUTIONS Konstantin Rogalas
19.11.2015
![Page 2: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your](https://reader031.vdocuments.site/reader031/viewer/2022040902/5e736bb08a952940d34ff59a/html5/thumbnails/2.jpg)
© 2015 by Honeywell International Inc. All rights reserved.
Focus: Up to But Not Including Corporate and 3rd Party Networks
Router
ESC ESF EST ACE Experion Server
ESVT Safety
Manager Terminal Server
Qualified Cisco Switches
Optional HSRP Router
Domain Controller
ESF EAS PHD Server
Experion Server
Firewall
3RD Party App Subsystem Interface
Corporate and 3rd Party/Vendor/Contractor/Maintenance Connections
Level 3
Level 3.5 DMZ
Level 4
Terminal Server
Patch Mgmt Server
Anti Virus Server
eServer PHD Shadow Server
Level 2
Domain Controller
Level 1
IT Cyber Security
Industrial Cyber
Security
1
![Page 3: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your](https://reader031.vdocuments.site/reader031/viewer/2022040902/5e736bb08a952940d34ff59a/html5/thumbnails/3.jpg)
© 2015 by Honeywell International Inc. All rights reserved.
Cyber Security follows the Business Risk
IDENTIFY
Risk estimation
RESPONSE
Technical controls
and operational
controls
MONITORING
Key Risk Indicators, trends,
threats
NON-TECHNICAL CONTROLS
Operations, awareness and incident response
TECHNICAL CONTROLS
Design and implementation
Risk to be controlled Immediate
risk facing the plant
New cyber failure scenarios
Decision engine (Business justification)
ENVIRONMENTAL CONTROLS
Physical security controls, HVAC, UPS, ..
Execution engine (IT / OT implementation)
2
![Page 4: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your](https://reader031.vdocuments.site/reader031/viewer/2022040902/5e736bb08a952940d34ff59a/html5/thumbnails/4.jpg)
© 2015 by Honeywell International Inc. All rights reserved.
Agenda
Honeywell Industrial Cyber Security (H-ICS)
Cyber Security Profile
Cyber Security Solutions
Security Operations Center
Conclusions – Open Discussion
3
![Page 5: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your](https://reader031.vdocuments.site/reader031/viewer/2022040902/5e736bb08a952940d34ff59a/html5/thumbnails/5.jpg)
© 2015 by Honeywell International Inc. All rights reserved.
Konstantin Rogalas MSc, MBA
• Business Lead for Honeywell Industrial Cyber Security -
Europe;
• 1989 – 1998 in Discrete Automation & Process Control;
• 1999 – 2012 in Telecommunications: Broadband-M2M/IoT;
• 2013 – Oil&Gas, Energy, Pharmaceuticals & Chemicals
industry Certification study for ENISA in Industrial Cyber
Security;
• 2014 – 2015 ICS Council with policy makers, asset
owners and service providers;
• Member of the European ICS Stakeholders Group.
About the Presenter
4
![Page 6: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your](https://reader031.vdocuments.site/reader031/viewer/2022040902/5e736bb08a952940d34ff59a/html5/thumbnails/6.jpg)
© 2015 by Honeywell International Inc. All rights reserved.
Leading Cyber Security Specialist for ICS
400+ Security assessments
for
Industrial Control Systems
Global team
90+ Certified Cyber Security
Professionals
500+ Remediation Projects
Cyber Security
Products
Multi
Vendor Cyber
Security
Services Cyber Security
Standard driven
IEC 62443 (ISA 99),
ANSSI, BSI, CPNI Numerous
Partners
Embedded
or Stand-alone Cyber lab
350+ Managed Security Networks
5
![Page 7: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your](https://reader031.vdocuments.site/reader031/viewer/2022040902/5e736bb08a952940d34ff59a/html5/thumbnails/7.jpg)
© 2015 by Honeywell International Inc. All rights reserved.
Honeywell ICS
Industries served:
• Oil & gas
• Gas distribution
• Power
• Refineries
• Chemical
Amsterdam
Atlanta Houston
Edmonton
Santiago Perth
Kuala Lumpur
SSC + HICS HICS Office Private LSS SSC HICS Resource(s)
Dubai
Vancouver Montreal
Bracknell
Aberdeen
Bucharest Offenbach
• Water treatment
• Pulp & paper
• Maritime
Global setup to serve
global organizations
as well as local asset
owners
6
![Page 8: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your](https://reader031.vdocuments.site/reader031/viewer/2022040902/5e736bb08a952940d34ff59a/html5/thumbnails/8.jpg)
© 2015 by Honeywell International Inc. All rights reserved.
Honeywell’s Industrial Cyber Security Lab
Flexible model of a complete process control network up to the corporate network
• Honeywell Cyber Security solutions development and test bed
• Demonstration lab for customers ‒ Cyber security related academic programs ‒ Hands-on training ‒ Simulate cyber attacks ‒ Demonstrate Honeywell cyber security solutions
7
![Page 9: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your](https://reader031.vdocuments.site/reader031/viewer/2022040902/5e736bb08a952940d34ff59a/html5/thumbnails/9.jpg)
© 2015 by Honeywell International Inc. All rights reserved.
Typical systems H-ICS have secured
• Distributed Control Systems
- E.g. Chemical, Petrochemical, Refining, Offshore platforms
• Leak Detection Systems, Machine Monitoring Systems, Metering
Systems, Compressor Control Systems
• Supervisory Control and Data Acquisition (SCADA) systems
- E.g. Gas Distribution, Power utilities, Pipelines, oil fields
• Distributed Energy Systems
- E.g. Wind turbines, hydropower
• Maritime systems
- E.g. Harbor systems, shipping
8
![Page 10: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your](https://reader031.vdocuments.site/reader031/viewer/2022040902/5e736bb08a952940d34ff59a/html5/thumbnails/10.jpg)
© 2015 by Honeywell International Inc. All rights reserved.
Driven by standards and regulations
• IEC 62443 (Formerly ISA 99)
• Industrial Automation Control Systems (IACS) Security
• Global standard for wide range of industry
• Honeywell ICS is active contributor to the development of the standard through
ISA
• NERC CIP
• North American Power
• ANSSI, BSI, CPNI, MSB, INCIBE, etc.
• European guidelines, best practices and country-specific measures
• JRC & ENISA recommendations
• European Union
• NIST
• US technology standards (SP 800-82)
• And others: ISO, API, OLF
• E.g. ISO 27000, API 1164, OLF 104
• Local regulations
9
![Page 11: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your](https://reader031.vdocuments.site/reader031/viewer/2022040902/5e736bb08a952940d34ff59a/html5/thumbnails/11.jpg)
© 2015 by Honeywell International Inc. All rights reserved.
© 2015 by Honeywell International Inc. All rights reserved.
Honeywell ICS specialists background
• Unique combination of long time experience in process control,
networks and cyber security
• Gain knowledge, demonstrate knowledge and maintain knowledge
- CISSP - CCNA - MCSE - VCP
- CISM - CCNP - MCSA
- CEH - CCIE
- CRISC - CCSP
• Specialists with many backgrounds
- Honeywell - Penetration testing - 14+ Languages
- Yokogawa - IT departments
- Emerson - Telecom providers
- Schneider
- ABB
10
![Page 12: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your](https://reader031.vdocuments.site/reader031/viewer/2022040902/5e736bb08a952940d34ff59a/html5/thumbnails/12.jpg)
© 2015 by Honeywell International Inc. All rights reserved.
Agenda
Honeywell Industrial Cyber Security (H-ICS)
Cyber Security Profile
Cyber Security Solutions
Security Operations Center
Conclusions – Open Discussion
11
![Page 13: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your](https://reader031.vdocuments.site/reader031/viewer/2022040902/5e736bb08a952940d34ff59a/html5/thumbnails/13.jpg)
© 2015 by Honeywell International Inc. All rights reserved.
• Honeywell ICS • CYBER SECURITY PROFILE
12
![Page 14: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your](https://reader031.vdocuments.site/reader031/viewer/2022040902/5e736bb08a952940d34ff59a/html5/thumbnails/14.jpg)
© 2015 by Honeywell International Inc. All rights reserved.
Security Profiling
• Cyber security requires:
- Standardization – consistency in design, implementation, management
and maintenance
- Completeness – effective remediation of all applicable vulnerabilities
based on pertinent threats
- Awareness – monitor the system’s security posture and respond to
changes in security posture and threat environment
- Coherence – the collection of cyber security controls should all work
together to protect the system
- Readiness – keep all system components and security controls up to
date
- Manageability – measure and correct security performance deviations
• Security profile describes:
- What security controls (technical and non-technical) need to be in
place to meet the threat
- How to organize this all in a way to be and stay effective in meeting the
threat
13
![Page 15: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your](https://reader031.vdocuments.site/reader031/viewer/2022040902/5e736bb08a952940d34ff59a/html5/thumbnails/15.jpg)
© 2015 by Honeywell International Inc. All rights reserved.
Typical security level
Skills Motivation Means
ICS
specific Moderate
Sophisti-
cated
(Attack)
Moderate
(groups of
hackers)
Generic Low Simple
Low
(Isolated
individuals)
No attack
skills Mistakes
Non-
intentional
Employee,
contractor
Resources
ICS
Specific High
Sophisti-
cated
(Campaign)
Extended
(multi-
disciplinary
teams)
SL4
SL3
SL2
SL1
Nation-state
Hacktivist,
Terrorist
Cyber crime,
Hacker
Careless
employee,
contractor
IEC 62443
14
![Page 16: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your](https://reader031.vdocuments.site/reader031/viewer/2022040902/5e736bb08a952940d34ff59a/html5/thumbnails/16.jpg)
© 2015 by Honeywell International Inc. All rights reserved.
C2M2 Maturity Indicator Levels
15
![Page 17: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your](https://reader031.vdocuments.site/reader031/viewer/2022040902/5e736bb08a952940d34ff59a/html5/thumbnails/17.jpg)
© 2015 by Honeywell International Inc. All rights reserved.
© 2015 by Honeywell International Inc. All rights reserved.
Cyber Security Profile
Defines the Security Profile
SL1 SL2 SL3 SL4 SL1 SL2 SL3 SL4
1001 Refining process facilities 1401 Fertilizers
1102 O&G LNG terminals 1403 Petrochemicals
1103 O&G processing 1404 Plastics and fibers
1104 O&G production - on-shore 1405 Specialty chemicals
1105 O&G production - off-shore 1406 Biofuels
1108 O&G Marine - LNG IAS 1501 Alumina
1110 Gas To Liquid 1502 Aluminium
1112 Production - Coal bed M 1503 Base materials
1114 Pipeline - Liquid 1504 Cement
1115 Pipeline - Gas 1505 Coal & coal gasification
1201 Pulp 1506 Iron
1203 Paper 1509 Precious metals
1204 CWS 1510 Steel making
1303 Utility power 1508 Other
Cyber Security strength is determined by the security design effectiveness
(Security Level) and security operations effectiveness (Maturity Level)
IEC 62443 standard provides the Security Level, Cobit or C2M2 toolkit
provides the Maturity Level
The Security Profile defines for each facility how to protect and how to
organize
Honeywell ICS has a complete portfolio and services to address each aspect
of the profile (technical, non-technical); typically with SL2/SL3+ assessments
16
13 14 15 16
9 10 11 12
5 6 7 8
1 2 3 4SL1
SL2
SL3
SL4
MIL0 MIL1 MIL2 MIL3
![Page 18: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your](https://reader031.vdocuments.site/reader031/viewer/2022040902/5e736bb08a952940d34ff59a/html5/thumbnails/18.jpg)
© 2015 by Honeywell International Inc. All rights reserved.
Security profile and objectives
• Create overview
• Tighten control
• Measure performance
• Monitor and manage risk
• Create control
• Standardize
• Document
• Maintain
17
![Page 19: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your](https://reader031.vdocuments.site/reader031/viewer/2022040902/5e736bb08a952940d34ff59a/html5/thumbnails/19.jpg)
© 2015 by Honeywell International Inc. All rights reserved.
Security profile and countermeasures
Create Control • Access filters (Identification, FW, ACL,
traffic policies (H)IPS)
• Antivirus (Blacklisting)
• Use control (Authorization, media use)
Standardize • Create reference architecture,
baseline
• Best practices, standards
Document • Policies and procedures
• Guidelines
• Roles and responsibilities
Maintain • Make back-ups
• Maintain Antivirus, security patches
(Service Node, EPO, WSUS)
• Maintain vaccine, TI
Tighten Control • Access filters (Multi-factor
authentication, NGFW (application
filters, User ID filters), data diode)
• Check program code integrity (AWL)
• Correlate events (SIEM)
Create overview • Consolidate logs / events (SIEM)
• Consolidate threat intelligence (TIE)
Measure performance • Measure security readiness (Risk
Manager, Service Node, EPO, WSUS)
• Maintain dashboard
Monitor and manage risk • Monitor changes in risk (Risk
manager)
18
![Page 20: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your](https://reader031.vdocuments.site/reader031/viewer/2022040902/5e736bb08a952940d34ff59a/html5/thumbnails/20.jpg)
© 2015 by Honeywell International Inc. All rights reserved.
© 2015 by Honeywell International Inc. All rights reserved.
Sustainable security requires a Program
If you run too fast or jump too high you might trip
SP 16
SP 15
4
3
2
1SP 5
SP 6
SP 7
SP 10
SP 11
SP 12
Q1 Q2 Q3 Q4
SP 1
SP 2
Q3 Q4 Q1 Q2 Q3 Q4Q1 Q2 Q3 Q4 Q1 Q2
Increase
security level
Increase
maturity level
Increase
security level
Increase
maturity level
19
![Page 21: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your](https://reader031.vdocuments.site/reader031/viewer/2022040902/5e736bb08a952940d34ff59a/html5/thumbnails/21.jpg)
© 2015 by Honeywell International Inc. All rights reserved.
Where would your Security Profile be? 20
![Page 22: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your](https://reader031.vdocuments.site/reader031/viewer/2022040902/5e736bb08a952940d34ff59a/html5/thumbnails/22.jpg)
© 2015 by Honeywell International Inc. All rights reserved.
© 2015 by Honeywell International Inc. All rights reserved.
Benefits of security profiling
• Enter a defined path
- When to invest into technical controls
- When to invest into organizational improvements
• Assess your multi-year investment
- Cyber security is not a one time action, it is an additional management
task
- Plan Capex and Opex for enhancing your security protection
• Offers sustainable security
- Develop your organization while developing your technical capabilities
- Prevent disappointments by jumping higher than today’s abilities
• Benchmark your plants
- Easy comparison between different plants
- Easy comparison within the industry
Planning is the first step
21
![Page 23: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your](https://reader031.vdocuments.site/reader031/viewer/2022040902/5e736bb08a952940d34ff59a/html5/thumbnails/23.jpg)
© 2015 by Honeywell International Inc. All rights reserved.
Agenda
Honeywell Industrial Cyber Security (H-ICS)
Cyber Security Profile
Cyber Security Solutions
Security Operations Center
Conclusions – Open Discussion
22
![Page 24: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your](https://reader031.vdocuments.site/reader031/viewer/2022040902/5e736bb08a952940d34ff59a/html5/thumbnails/24.jpg)
© 2015 by Honeywell International Inc. All rights reserved.
• Honeywell ICS • H-ICS CYBER SECURITY SOLUTIONS
23
![Page 25: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your](https://reader031.vdocuments.site/reader031/viewer/2022040902/5e736bb08a952940d34ff59a/html5/thumbnails/25.jpg)
© 2015 by Honeywell International Inc. All rights reserved.
• Cyber Security Assessments
• Thread Risk Assessments
• Network & Wireless Assessments
• Audits and Design Reviews
• Firewall, Next Gen FW
• Intrusion Prevention (IPS)
• Network Access Control
• Industrial Anti-Virus & Patching
• End Node Hardening
• Industrial Application Whitelisting
• Portable Media/Device/USB Security
• Risk Manager (in SOC)
• Continuous Monitoring
• Compliance & Reporting
• Industrial Security Information & Event Management (SIEM)
• Security Awareness Training
• Secure Design and Optimization
• Zone & Conduit Separation
• Backup and Recovery
• Incident Response
• Disaster Recovery
24
Our Solution Portfolio
![Page 26: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your](https://reader031.vdocuments.site/reader031/viewer/2022040902/5e736bb08a952940d34ff59a/html5/thumbnails/26.jpg)
© 2015 by Honeywell International Inc. All rights reserved.
The First Step to Security Is Understanding
the Current Environment
• Customer problems solved/needs addressed: – Identifying and prioritizing the biggest risks
– Meeting industry/government regulations and guidelines
– Finding which systems and devices are the most exposed, and the most vulnerable
– Prioritizing cyber security efforts for the maximum return
• Honeywell Offerings: – Risk Assessment
– Cyber Assessment (coincidental & intentional attacks using simple means)
– Risk/Thread Assessment (targeted attacks using sophisticated means)
– Validation Testing – ICS White box / Tandem
– Audits, Compliance Assessments & Reports
– Wireless / Wired Network Assessment
Assessments
& Audits
Architecture
& Design
Network
Security
Endpoint
Protection
Situational
Awareness
TECHNOLOGY
Response
& Recovery
25
![Page 27: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your](https://reader031.vdocuments.site/reader031/viewer/2022040902/5e736bb08a952940d34ff59a/html5/thumbnails/27.jpg)
© 2015 by Honeywell International Inc. All rights reserved.
CYBER SECURITY RISK
SECURITY
RISK
Tactics,
Technologies,
Practices (TTP)
Exposure,
Accessibility,
Technology
Software,
Firmware,
Protocol,
Operation
26
![Page 28: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your](https://reader031.vdocuments.site/reader031/viewer/2022040902/5e736bb08a952940d34ff59a/html5/thumbnails/28.jpg)
© 2015 by Honeywell International Inc. All rights reserved.
Sources of vulnerability
An ICS has many sources of vulnerability:
• Infrastructure
- Network
- Computer platform
- Computer operating system
- Topology
• Application
- Application components (e.g. database, middleware)
- Authorization levels
- Protocols used
• Embedded components
- Field equipment (Transmitters, actuators)
- Controllers, PLCs, safety controllers
• People
- Plant personnel
- Contractors
• Processes
27
![Page 29: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your](https://reader031.vdocuments.site/reader031/viewer/2022040902/5e736bb08a952940d34ff59a/html5/thumbnails/29.jpg)
© 2015 by Honeywell International Inc. All rights reserved.
The level of effort
Completeness
Th
oro
ug
hn
es
s
RISK
VULNERABLE, BUT
EITHER UNKNOWN,
NOT EXPOSED, OR
INSUFFICIENT
CAPABILITIES TO
EXPLOIT
SL1
SL2
SL3
SL4
Completeness
Th
oro
ug
hn
es
s
SIMPLE GENERIC
EXPLOIT
SL1
SL2
SL3
SL4
COMPLEX ICS
SPECIFIC EXPLOIT
The strength of the attacker
determines the tactics,
technologies and practices (TTP)
used.
• Strong attackers have a very
clear plan and objective
• The risk increases depending on
the strength of the attacker
• The need for thoroughness and
completeness increases when
the strength of the attacker
increases
• The need for very specific skills
increases when the strength of
the attacker increases
28
![Page 30: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your](https://reader031.vdocuments.site/reader031/viewer/2022040902/5e736bb08a952940d34ff59a/html5/thumbnails/30.jpg)
© 2015 by Honeywell International Inc. All rights reserved.
Security levels and security capabilities
SL1 – 58
capabilities
SL2 – 87
capabilities
SL3 – 118
capabilities
SL4 – 128
capabilities
Out of the box
installations,
plus antivirus,
back-up
Requires
additions such
as domain,
deep packet
inspection,
device control
Requires
additions such
as multi-factor
authentication,
IPS, SIEM,
security
monitoring,
white listing
Requires
additions such
as multi-factor
authentication
for all systems,
biometrics, dual
control
29
![Page 31: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your](https://reader031.vdocuments.site/reader031/viewer/2022040902/5e736bb08a952940d34ff59a/html5/thumbnails/31.jpg)
© 2015 by Honeywell International Inc. All rights reserved.
© 2015 by Honeywell International Inc. All rights reserved.
The Threat Landscape Continuously Changes
Security levels and security capabilities
SL3 – 118
capabilities Required capabilities vary based upon applied technology,
exposure, accessibility, and attacker
Risk analysis determines which likely tactics, technologies,
and procedures (TTP) are used based upon attack scenarios
and selects which actual capabilities are needed
List of capabilities grows overtime because of new TTP of
attackers, new technologies used
Cyber Security is not a one time project, it is a lifetime service.
Both changing environment, insufficient maintenance, and
changes require periodic (re-)evaluation
30
![Page 32: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your](https://reader031.vdocuments.site/reader031/viewer/2022040902/5e736bb08a952940d34ff59a/html5/thumbnails/32.jpg)
© 2015 by Honeywell International Inc. All rights reserved.
Different assessments SL2 and SL3+
Completeness
Thoro
ughness
SL1
SL2
SL3
SL4
CHECKLIST
DRIVEN
APPROACH
SCENARIO
(TTP)
DRIVEN
APPROACH
CY
BE
R A
SS
ES
SM
EN
T
TH
RE
AD
/RIS
K A
SS
ES
SM
EN
T
31
![Page 33: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your](https://reader031.vdocuments.site/reader031/viewer/2022040902/5e736bb08a952940d34ff59a/html5/thumbnails/33.jpg)
© 2015 by Honeywell International Inc. All rights reserved.
Once You’ve Found the Gaps, Fill them…
• Customer problems solved/needs
addressed:
– How to use network design to promote strong security
– Implementing Zones & Conduits (per IEC 62443) to minimize the impact of an incident
• Honeywell Offerings:
– Network Design & Optimization Services
– Wireless Design & Optimization Services
– Cyber Security Design Services
– Zones & Conduits
– Documentation of current architecture and security
Architecture
& Design
Network
Security
Endpoint
Protection
Situational
Awareness
TECHNOLOGY
Response
& Recovery
Assessments
& Audits
32
![Page 34: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your](https://reader031.vdocuments.site/reader031/viewer/2022040902/5e736bb08a952940d34ff59a/html5/thumbnails/34.jpg)
© 2015 by Honeywell International Inc. All rights reserved.
Most Threats Come from the Network
• Customer problems solved/needs addressed:
– How to make it harder for the “bad guys” to get in
– What to do if/when they do get in
• Honeywell Offerings:
– Network Design Services
– Firewall/NGFW Installation & Configuration
– IPS Installation & Configuration
– Data Diode
– Network Access Control
– Perimeter Security Management
Architecture
& Design
Network
Security
Endpoint
Protection
Situational
Awareness
TECHNOLOGY
Response
& Recovery
Assessments
& Audits
33
![Page 35: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your](https://reader031.vdocuments.site/reader031/viewer/2022040902/5e736bb08a952940d34ff59a/html5/thumbnails/35.jpg)
© 2015 by Honeywell International Inc. All rights reserved.
“Soft” Systems Are Easy Targets
• Customer problems solved/needs addressed:
– Identify which PCs and Servers are vulnerable to threats
– Determining if the proper access controls are in place (missing critical patches, AV is out-of-date, etc.)
• Honeywell Offerings:
– Endpoint Hardening
– Anti-Virus Installation & Configuration
– Application Whitelisting, Installation & Configuration
Architecture
& Design
Network
Security
Endpoint
Protection
Situational
Awareness
TECHNOLOGY
Response
& Recovery
Assessments
& Audits
34
![Page 36: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your](https://reader031.vdocuments.site/reader031/viewer/2022040902/5e736bb08a952940d34ff59a/html5/thumbnails/36.jpg)
© 2015 by Honeywell International Inc. All rights reserved.
Endpoint Hardening
Restrict access to
all apps unless authorized via approved list
Whitelisting
Reduce inadvertent cyber
intrusions via memory
stick
USB Port Disable
Enhanced DSA
Security
Authentication with flexible account
using least privilege
Encrypted and authenticated
communications
Secure Communications
35
![Page 37: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your](https://reader031.vdocuments.site/reader031/viewer/2022040902/5e736bb08a952940d34ff59a/html5/thumbnails/37.jpg)
© 2015 by Honeywell International Inc. All rights reserved.
Awareness Is Critical
• Customer problems solved/needs addressed:
– Staying diligent with limited security staff & resources
– Understanding what’s happening, what’s at risk, and why
– Identifying the early-warning signs to prevent incidents
– Knowing what to do if/when an incident does occur
• Honeywell Offerings:
– Risk Manager (further discussed in SOC section)
– Security Information and Event Management (SIEM)
– Continuous Monitoring
– Compliance & Reporting
– Security Awareness Training
Architecture
& Design
Network
Security
Endpoint
Protection
Situational
Awareness
TECHNOLOGY
Response
& Recovery
Assessments
& Audits
36
![Page 38: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your](https://reader031.vdocuments.site/reader031/viewer/2022040902/5e736bb08a952940d34ff59a/html5/thumbnails/38.jpg)
© 2015 by Honeywell International Inc. All rights reserved.
“We Have a Problem…”
• Customer problems solved/needs addressed:
– What do you do when an incident occurs?
– How do you recover?
– How do you regain safety and reliability?
• Honeywell Offerings:
– Backup & Restore Services
– (Security) Incident Response Services – 24 x 7
Architecture
& Design
Network
Security
Endpoint
Protection
Situational
Awareness
TECHNOLOGY
Response
& Recovery
Assessments
& Audits
37
![Page 39: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your](https://reader031.vdocuments.site/reader031/viewer/2022040902/5e736bb08a952940d34ff59a/html5/thumbnails/39.jpg)
© 2015 by Honeywell International Inc. All rights reserved.
Disaster recovery solutions
Business success depends on consolidating cost and equipment,
reducing management time, and ensuring process control
applications are always available when disaster strikes
Backup control centers (BCCs) are used in the event the main
control center (MCC)
becomes inoperable, and
operations must be switched
to a backup location
38
![Page 40: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your](https://reader031.vdocuments.site/reader031/viewer/2022040902/5e736bb08a952940d34ff59a/html5/thumbnails/40.jpg)
© 2015 by Honeywell International Inc. All rights reserved.
Honeywell Security Service Center (HSSC)
Amsterdam
Houston
39
Amsterdam
Bucharest
Houston
![Page 41: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your](https://reader031.vdocuments.site/reader031/viewer/2022040902/5e736bb08a952940d34ff59a/html5/thumbnails/41.jpg)
© 2015 by Honeywell International Inc. All rights reserved.
Managed Industrial Cyber Security Services
Monitoring, Reporting and Honeywell Expert Support
Patch and Anti-Virus Automation
Security and Performance Monitoring
Activity and Trend Reporting
Advanced Monitoring and Co-Management
Secure Access
Tested and
qualified patches
for operating
systems & DCS
software
Tested and
qualified anti-
malware
signature file
updates
Comprehensive
system health &
cybersecurity
monitoring
24x7 alerting
against
predefined
thresholds
Monthly or
quarterly
compliance &
performance
reports
Identifying
critical issues
and chronic
problem areas
Honeywell
Industrial Cyber
Security Risk
Manager
Firewalls,
Intrusion
Prevention
Systems, etc.
Highly secure
remote access
solution
Encrypted,
two factor
authentication
Complete
auditing:
reporting &
video playback
40
![Page 42: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your](https://reader031.vdocuments.site/reader031/viewer/2022040902/5e736bb08a952940d34ff59a/html5/thumbnails/42.jpg)
© 2015 by Honeywell International Inc. All rights reserved.
EMEA Managed Security Service Center
Portugal
Germany
Norway
Zambia
South Africa
North Sea
France
Sweden
Belgium
Italy
Romania
Cameroun
Tunisi
Kuwait
Slovakia
Namibia
Abu Dhabi
Saudi Arabia
Egypt
Finland
Poland
Estonia
Spain
Austria
United Kingdom
Zwitserland
Oman
Sites 203
Protection Management 147
Monitoring 112
SSC EMEA support Locations:
• Amsterdam – The Netherlands
• Bucharest - Romania
SSC Support
team
SSC and
support
team
41
![Page 43: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your](https://reader031.vdocuments.site/reader031/viewer/2022040902/5e736bb08a952940d34ff59a/html5/thumbnails/43.jpg)
© 2015 by Honeywell International Inc. All rights reserved.
Agenda
Honeywell Industrial Cyber Security (H-ICS)
Cyber Security Profile
Cyber Security Solutions
Security Operations Center
Conclusions – Open Discussion
42
![Page 44: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your](https://reader031.vdocuments.site/reader031/viewer/2022040902/5e736bb08a952940d34ff59a/html5/thumbnails/44.jpg)
© 2015 by Honeywell International Inc. All rights reserved.
• Managed Security Services & Risk Manager
• Honeywell ICS • SECURITY OPERATIONS CENTER
43
![Page 45: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your](https://reader031.vdocuments.site/reader031/viewer/2022040902/5e736bb08a952940d34ff59a/html5/thumbnails/45.jpg)
© 2015 by Honeywell International Inc. All rights reserved.
© 2015 by Honeywell International Inc. All rights reserved.
Security Operations Center
Honeywell ICS connects both worlds
• Security challenges
- Onslaught of security data from disparate systems, security controls,
and applications
- Numerous point solutions (AV, AWL, firewall, IPS, NAC, HIPS, etc)
- Threats growing
- Regulatory compliance coming
- Shortage of specialist cyber security skills
- Dynamic world
• The answer is Security Operations Center (SOC)
- Provides consolidation of information
- Provides continuous protection
- Provides continuous detection
- Provides response capabilities
- Optimizes use of specialist cyber security skills
44
![Page 46: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your](https://reader031.vdocuments.site/reader031/viewer/2022040902/5e736bb08a952940d34ff59a/html5/thumbnails/46.jpg)
© 2015 by Honeywell International Inc. All rights reserved.
© 2015 by Honeywell International Inc. All rights reserved.
Typical ICS SOC
Honeywell understands cyber security in ICS
Production management, operations management
Data acquisition layer
Threat
Intelligence
Logs
Events
Security management, compliance management, network management
(analysis, correlation, policy management, (remote) access management)
Performance
indicators Policy
Vendor A ICS Vendor B ICS
Risk
indicators
45
![Page 47: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your](https://reader031.vdocuments.site/reader031/viewer/2022040902/5e736bb08a952940d34ff59a/html5/thumbnails/47.jpg)
© 2015 by Honeywell International Inc. All rights reserved.
• Honeywell ICS • CYBER SECURITY RISK MANAGER
46
![Page 48: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your](https://reader031.vdocuments.site/reader031/viewer/2022040902/5e736bb08a952940d34ff59a/html5/thumbnails/48.jpg)
© 2015 by Honeywell International Inc. All rights reserved.
Translate complex cyber
security indicators into
simple measurements for
ongoing situational
awareness
No need to be a cyber
security expert. Easy
to use interface
Designed by people who
know industrial control and
cyber security
Accurate measurement
of risk
Quick, intuitive workflow
from risk notification to
detailed threat and
vulnerability analysis
Vendor-neutral. Low impact
technology
Honeywell Risk Manager
47
![Page 49: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your](https://reader031.vdocuments.site/reader031/viewer/2022040902/5e736bb08a952940d34ff59a/html5/thumbnails/49.jpg)
© 2015 by Honeywell International Inc. All rights reserved.
Honeywell Risk Manager
Risk Manager evaluates indicators of risk using
patented algorithms to generate accurate risk
scores in line with industrial risk management
standards
48
![Page 50: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your](https://reader031.vdocuments.site/reader031/viewer/2022040902/5e736bb08a952940d34ff59a/html5/thumbnails/50.jpg)
© 2015 by Honeywell International Inc. All rights reserved.
Honeywell Risk Manager
Trends reflect risk appetite and risk tolerance for that particular site
Risk Appetite ‒ The amount and
type of risk an organization is willing to
accept in pursuit of its business
objectives
Risk Tolerance ‒ The specific maximum
risk that an organization is willing to take
regarding each relevant risk
49
![Page 51: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your](https://reader031.vdocuments.site/reader031/viewer/2022040902/5e736bb08a952940d34ff59a/html5/thumbnails/51.jpg)
© 2015 by Honeywell International Inc. All rights reserved.
Agenda
Honeywell Industrial Cyber Security (H-ICS)
Cyber Security Profile
Cyber Security Solutions
Security Operations Center
Conclusions – Open Discussion
50
![Page 52: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your](https://reader031.vdocuments.site/reader031/viewer/2022040902/5e736bb08a952940d34ff59a/html5/thumbnails/52.jpg)
© 2015 by Honeywell International Inc. All rights reserved.
© 2015 by Honeywell International Inc. All rights reserved.
Cyber Security Profile
Manageability requires a S.M.A.R.T. and holistic approach
13 14 15 16
9 10 11 12
5 6 7 8
1 2 3 4 SL1
SL2
SL3
SL4
MIL0 MIL1 MIL2 MIL3
51
![Page 53: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your](https://reader031.vdocuments.site/reader031/viewer/2022040902/5e736bb08a952940d34ff59a/html5/thumbnails/53.jpg)
© 2015 by Honeywell International Inc. All rights reserved.
© 2015 by Honeywell International Inc. All rights reserved.
Security solutions
Manageability requires a S.M.A.R.T. and holistic approach
13 14 15 16
9 10 11 12
5 6 7 8
1 2 3 4 SL1
SL2
SL3
SL4
MIL0 MIL1 MIL2 MIL3
SOC
52
![Page 54: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your](https://reader031.vdocuments.site/reader031/viewer/2022040902/5e736bb08a952940d34ff59a/html5/thumbnails/54.jpg)
© 2015 by Honeywell International Inc. All rights reserved.
© 2015 by Honeywell International Inc. All rights reserved.
Technical controls
Available capabilities for SL3+ security requirements
• 3rd generation Firewall
• Next Generation Firewall
• Security Management Console
• Microsoft Workgroup
• Microsoft Active Directory
• Microsoft RADIUS
• Intrusion Prevention System
• Intel Security SIEM
• Cisco Access Point
• Cisco WLC
• Network Admittance Control
• Microsoft Windows
• Secure Access Portal
• RSA multifactor authentication
• Cisco Catalyst IOS
• Threat Intelligence Exchange (TIE)
• Antivirus black listing
• Endpoint protection white listing
• Endpoint protection device control
• Endpoint protection host IPS
• Honeywell Risk Manager
• Honeywell Experion Backup Recovery
• Honeywell Service Node AV update
• Honeywell Service Node Vaccine update
• Honeywell Service Node TI update
• Honeywell EPKS Secure Communications
• Honeywell EPKS
• Modbus firewall RO
• Modbus firewall RW
• OPC firewall
• DNP3 firewall
• Data Diode
• Bi-directional Data Diode
• Bluecoat USB protection
53
![Page 55: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your](https://reader031.vdocuments.site/reader031/viewer/2022040902/5e736bb08a952940d34ff59a/html5/thumbnails/55.jpg)
© 2015 by Honeywell International Inc. All rights reserved.
54
Industry-Leading Industrial Cyber Security
• Global team of certified Industrial Cyber Security experts
• 100% dedicated to Industrial Cyber Security
• Experts in process control cyber security
• Leaders in security standards ISA99 / IEC62443 / NIST
• 10+ years industrial cyber security
• 1,000+ successful industrial cyber projects
• 300+ managed industrial cyber security sites
• Proprietary cyber security methodologies and tools
• Largest R&D investment in industrial cyber security
• Partnerships with leading cyber security vendors
• Industry first Risk Manager
• First to obtain ISASecure security for ICS product
• State of art Industrial Cyber Security Solutions Lab
Proven Experience
Investment and Innovation
Industrial Cyber Security Experts
Proven Industrial Cyber Security Solution Provider
Minerals, Metals & Mining
Refining & Petrochemical Chemicals Power Generation Pulp & Paper Oil & Gas
54
![Page 56: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your](https://reader031.vdocuments.site/reader031/viewer/2022040902/5e736bb08a952940d34ff59a/html5/thumbnails/56.jpg)
© 2015 by Honeywell International Inc. All rights reserved.
This is what we do:
Open Discussion
55
![Page 57: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your](https://reader031.vdocuments.site/reader031/viewer/2022040902/5e736bb08a952940d34ff59a/html5/thumbnails/57.jpg)
© 2015 by Honeywell International Inc. All rights reserved.
WWW.BECYBERSECURE.COM
56