PUMPING UP SECURITY

Case Study

Cenit Partners with Honeywell to Increase OT Cybersecurity Resilience and Reduce Cyber Risk

1 | www.honeywell.com

THE FUTUREOF ENERGYFAST FACTS

of pipeline stations O+G company in Columbia9KM 54 #1

Increasingly, oil and gas companies need cost-effective, scalable cybersecurity solutions designed to keep up with ever-changing cyber-attacks.

FINDING THE RIGHT MIXToday’s Industrial Control System (ICS) and Operational Technology (OT) assets increasingly connect to enterprise and Information Technology (IT) systems, bringing improved visibility, better planning and more productivity to industrial organizations. But as cyber threats continue to rise, securing ICS/OT assets from the threat of cyber-attacks is an ever-changing challenge. It takes significant time and attention to help ensure people, processes and performance are secured and business continues without disruption.

Honeywell’s Advanced Monitoring and Incident Response (AMIR) service, an offering within Honeywell Forge Managed Security Services (MSS), provides industrial plant operators with real-time threat monitoring and detection combined with built-in security analytics, in-depth incident investigation, well-defined incident response support and actionable threat insights for enhanced OT security. It proactively identifies, investigates and analyzes cybersecurity threats in the ICS while finding the root cause along with providing mitigation steps to prevent future attacks and minimize overall risk.

For process industry companies like Cenit, a major oil and gas firm based in Columbia, AMIR is a cost-effective, scalable and easy to deploy service tailored to help OT/ICS security teams that may struggle to keep up with the continuing evolution of cyber-attacks. Best of all, this proactive cybersecurity managed solution can be implemented at a fraction of the cost of an equivalent in-house solution.

MAPPING SUCCESSCenit Transporte y Logisitca de Hidrocarburos S.A. (Cenit) is the largest integrated oil and gas company in Colombia. It has petroleum exploration and production activities in Columbia, Brazil, Peru and the United States. Cenit delivers crude oil and petroleum products via its pipeline network to refineries and export terminals.

Currently, Cenit’s pipeline facilities are controlled by Ecopetrol (its majority stakeholder), but the company is working to centralize and optimize its operations. Honeywell will construct a central control room enabling Cenit to manage and improve its Key Performance Indicators (KPIs), gain better visibility of processes, secure and transfer the knowledge of operations personnel, and improve response time in emergencies.

As part of its ongoing collaboration with Cenit, Honeywell has deployed advanced Supervisory Control and Data Acquisition (SCADA) technology and implemented an integrated system so the customer can monitor, control and optimize an entire pipeline network with 54 stations. The system includes installation of Honeywell’s Experion® PKS enterprise automation platform on site, Experion on Cloud as a backup and other equipment that can be used in a contingency situation. The solution also integrates leak detection and control room management systems.

3 | www.honeywell.com

BREAKING THROUGH THE BEDROCKMany industrial organizations lack

the staff, budget and skills to manage

cyber threats proactively, and may

have limited visibility into ICS assets.

With so many potential threats

to these assets, prioritization is a

challenge. However, plant operators

need to understand the importance of

continuous monitoring for OT assets.

Industrial firms like Cenit want

ongoing protection of their ICS

environment but may be unable

to identify threats because there

is too much “background noise”

due to the number of security

events and types of data.

Cenit’s specific cybersecurity

requirements included:

• Industrial-grade secure remote access

• More secure content and data transfer

• Patch and antivirus management

• Comprehensive assessment and audit

• Managed threat detection

Eduardo Pachon, vice president, digital for Cenit, said, “With close to 9,000 kilometers of oil and multi-purpose pipelines, our company was looking for a better way to strengthen its cyber defenses with an ability to detect and respond to potential vulnerabilities or cyber breaches.”.

For industrial organizations like Cenit, the effects of a successful cyber-attack may result in operational shutdowns, damaged equipment, financial loss, intellectual property theft, and substantial health and safety risks. As such, it is imperative that they monitor the right data sets to build an effective threat defense and improve their overall security posture ASSESSING THE RISK Honeywell ’s AMIR service meets the rigorous challenges of today’s industrial enterprise. It enables operating companies to more safely connect networks, assets, devices, and people in the OT environment and keep them secure.

With round-the-clock support, expert OT security analysis and a sophisticated security technology stack, AMIR is a powerful solution to ensure industrial operating assets are better protected.

There are more than 500 Honeywell Forge MSS sites worldwide, leveraging proprietary, OT-specific technology, with 15+ years of experience in industrial cyber-security and thousands of

ICS projects delivered around the globe.

In the case of Cenit, Honeywell has delivered a comprehensive cybersecurity solution that encompasses:

• Security consulting services – assessments and audits

• Managed security services – patch and antivirus management

• Advanced monitoring and incident response

Honeywell ’s AMIR solution contrasts with other third-party MSS providers or in-house solutions that rely on basic monitoring and lack a proactive approach to securing critical assets, as well as IT Security Operations Center (SOC) vendors who do not have OT domain knowledge, including expertise in dealing with different protocols and OT assets.

Honeywell ’s engagement with Cenit started with an assessment and audit of the company’s existing OT environment to determine any gaps in security coverage and plan a roadmap for an improved overall cybersecurity posture. The end-to-end AMIR solution operates as the brain of the OT security program, securely collecting and analyzing event log data 24x7 from multiple sources, including firewalls, IDS/IPS, routers, switches, Windows, Linux, the Honeywell Experion PKS system, and other lower level ICS

assets. AMIR proactively automates and orchestrates the detection of suspicious and anomalous behavior, alerting Honeywell cybersecurity analysts immediately if deeper forensic investigative analysis is required. Customer personnel receive a detailed security incident report on the specific cybersecurity event, which offers threat insights to help them oversee and better protect crucial OT assets.

The AMIR service is integrated with Honeywell ’s proprietary remote connectivity solution powered by the Honeywell Forge Cybersecurity Suite, which provides a single, secure Transport Layer Security (TLS)-encrypted connectivity tunnel used to enable a trusted channel for transferring security event log data to the AMIR service. Advanced monitoring security logs and event information then connect with the AMIR technology stack to create a versatile, layered defense for the OT environment.

Honeywell ’s recognized experts in cybersecurity for industrial control architectures deliver the comprehensive AMIR solution. These services merge human decision-making and machine intelligence to provide an efficient, scalable and modular approach to protecting a wide range of control system infrastructures and meeting corporate cybersecurity objectives.

• 24/7/365 monitoring

• Threat alerts and reporting

• Incident investigation

• Log collection and analysis

• Solid remote monitoring support

Cenit wanted to implement a two-pronged approach of cybersecurity assessment/audit and strategy implementation to keep its control system safer, meet compliance requirements and better secure the connections required for smooth operations and enhanced performance.

For more information Learn more about how Honeywell Forge

Managed Security Services can improve

performance, visit

www.becybersecure.com or contact

your Honeywell Account Manager,

Distributor or System Integrator.

Honeywell Connected Enterprise 715 Peachtree Street NE

Atlanta, Georgia 30308

www.honeywell.comTechnology That Comforts Case Study | Rev 1 | 4/2021©2021 Honeywell International Inc.

FROM THE GROUND UPWhen something as critical as pipeline infrastructure is at stake, keeping a watchful eye out for any cyber-attacks isn’t just wise—it’s the right thing to do.

For Cenit’s pipeline operations in Columbia, Honeywell ’s AMIR service provides a simple, cost-effective solution that proactively monitors OT/ICS critical infrastructures for cybersecurity threats. It delivers 24x7 real-time threat monitoring and detection combined with built-in advanced security analytics, in-depth incident investigation, orchestrated incident response automation processes and actionable threat insight for enhanced OT security—accelerating the detection of cybersecurity anomalies in a constantly evolving threat landscape.

As the digital leader within Cenit, Eduardo Pachon commented, “Cenit has benefitted from the OT cybersecurity expertise of Honeywell Forge Managed Security Services. Much more than a simple ‘set it and forget it’ installation job, they emphasized the importance of continuous monitoring for OT assets.”

With Honeywell ’s assistance, Cenit will accelerate and operationalize its OT/ICS incident detection and response without the need to implement its own premise-based security technologies. Proactive monitoring for suspicious behavior or indicators of compromise will increase the likelihood of detecting a potential threat actor and significantly reduce the severity of impact.

By utilizing the AMIR service, Cenit’s operating personnel can:

• Identify, mitigate and manage a wide range of cyber threats

• Monitor critical ICS assets on a continuous basis

• Proactively analyze, investigate and identify malicious activity

• Increase threat visibility and awareness

• Collect threat-related data from a range of assets

• Detect signs of compromise before an incident happens

• Better prevent future attacks and minimize overall risk

• Understand vulnerabilities and priorities

• Augment in-house expertise

• Lower the cost of security operations

Honeywell provides Cenit with 24/7 “eyes-on-glass” cybersecurity monitoring and incident response. The use of incident response automation is key to expediting typical responses and repetitive tasks so minimal human intervention is required to detect and respond to security threats and incidents.

A WELL OF INFORMATION For major process industry organizations such as Cenit, Honeywell ’s Industrial Cybersecurity Solutions help defend the availability, reliability and safety of their critical plant operations. Honeywell ’s AMIR solution is built upon our legacy of excellence in industrial automation, security, and safety. It provides robust security monitoring, alerting, and incident response capabilities powered by an industry-leading technology stack, human heuristics, OT operational knowledge and industry best practices to improve the customer’s security posture and reduce cyber-attack surfaces.