HUG: IT-OT Security Pact
Wednesday, June 24, 2015 @ 11:06 AM gHale
By Gregory Hale
In a move that can help close the gap between IT and OT, Honeywell Process Solutions (HPS) and Intel Security today unveiled a collaboration deal.
While the industrial control systems’ main focus is different from the traditional IT environment, there are key technologies and knowledge Intel Security’s McAfee can bring to the table.
“What we get for the benefit of both is a collaboration to accelerate certification and introduction of Intel products and technologies in a safe and reliable manner in the industrial space,” said Jeff Zindel, global business leader for Honeywell’s Industrial Cyber Security Solutions group at the Honeywell User Group (HUG) in San Antonio, TX.
“There are reseller deals signed every day that don’t have any teeth and don’t mean much,” Zindel said. “This is much more of a collaboration and it starts with the existing portfolio where their security information, their SIEM, their next generation firewall, their app control, device control and more. It is working together to more quickly certify those for industrial, multivendor environments. We will accelerate the qualification of those technologies and products for Honeywell’s environment. The first application of that is their application and device control product we are qualifying on a more rapid basis. On a go-forward basis, they will be a key part of our industrial security technologies lab. We will be working with them directionally on road maps to truly influence what they are developing and what we are developing and how we might leverage their technology to embed on the Honeywell Process Solutions Automation DCS environment.”
IT companies have tried to stake a claim in the industrial market for years, but foundered because of a lack of understanding of what OT really needs and wants. But that is now changing with the heightened threat scenario hanging over the critical infrastructure on a daily basis.
“It goes to the industry as a whole,” Zindel said. “The awareness about (ICS) cyber security threats weren’t that high; the investment was not that high. All of that has changed over the years. The awareness of the threat has grown tremendously. The investment is starting. We are talking about an industry in the corporate and enterprise IT in the tens of billions of dollars. Our industry is a nascent early market in the industrial space. The market size and the available market attracts their attention. IT is a global market and it touches every country in the world in multiple industries. And there is value in applying their products in the right way.
IT companies do have a solid security pedigree, but there is still skepticism when they go out on the plant floor.
“That is still a barrier to entry and that will always be a key barrier to entry and I think that is one of the reasons that led to our partnering together because it is beneficial to both companies,” Zindel said.
“What we are doing is helping close that gap between the IT and OT environments and the decision makers. We are helping bring those two together to figure out the right ways to provide value to benefit both, either through policies and procedures or more importantly through the introduction of technical controls and technologies.”
The growing threat of cyber attacks to industrial targets is a major global concern according to a global survey on cyber security conducted by Ipsos Public Affairs in September 2014 on behalf of Honeywell. Two-thirds of those surveyed thought the oil and gas, chemicals and power industries were vulnerable to attacks.
First out of the gate, Honeywell will qualify Intel Security’s Application Whitelisting and Device Control with its own proprietary cyber security for its Experion Process Knowledge System, providing a fully vetted and qualified solution.
Honeywell is also offering Intel Security’s Enterprise Security Manager and Next Generation Firewall to users.
The products will also end up supported by Honeywell’s Industrial Cyber Security Risk Manager, which provides a continuous evaluation of cyber security risks within industrial environments.