HUG: Threats Hike, but there are Solutions

Tuesday, June 21, 2016 @ 07:06 PM gHale

By Gregory Hale
Cyber security threats continue to grow and escalate in terms of frequency and sophistication, which means users need to get on board with a program that starts the evolution process.

“Hackers don’t ask permission before they take control,” said Eric Knapp, chief cybersecurity engineer at Honeywell Process Solutions (HPS) during his presentation at the 2016 Honeywell Users Group Americas conference in San Antonio, TX. “Cyber attacks happen all the time. We need to understand how attacks work to protect (users’) networks.”

HUG: IIoT Hinges on Security
How to Handle IT-OT Convergence
Insurance Concern with ICS Vulnerabilities
Security Alert: Securing Supply Chain
ICSJWG: ‘Need to Rethink Game Plan’

One of those types of attacks are the classic malware attacks via a USB drive.

“New threats are designed to bypass our defenses,” Knapp said. “These threats are targeting our control systems. The good news is we can do a lot to protect (users).

“The biggest threat to control systems is the USB drive,” he said. Because users have done such a good job locking down systems, for engineers to get new files, they have to use USB drives to transfer file or code from one computer to the other.

The USB drive, if not handled properly, is easy prey to pick up and spread malware.

That is why Honeywell introduced its Secure Media Exchange (SMX).

With SMX, the user plugs the USB drive into the module and then it scans the device to look for and remove malware. If the malware’s signature is unknown, the device will send the signature to the managed services center in Houston. It will then look for signatures there and will place the suspicious code in a sand box to see what happens. Even if the malware is a Zero Day, the module will look and see if the code appears suspicious and place it in a sand box and see if it acts in a malicious manner.

“The sun never sets on our security centers across the world,” Knapp said.

Once SMX approves and removes the malware or virus, the user can then check it out on the specified workstation. At that point, however, the USB drive will only work on that specific workstation. For the user to be able to use it again on any other computer they will have to plug it back in to the module and check it back out. At that point it should be good to go on any other computer, except the specific workstation.

In addition to the SMX, Knapp also said they were issuing a new release of their Risk Manager, which monitors, measures and manages security risk for control systems.

Part of the update includes technology from Palo Alto Networks that works in conjunction with Risk Manager. Honeywell will incorporate a Palo Alto Networks firewall featuring deep packet inspection into Risk Manager.

Honeywell inked a partnership deal with Palo Alto last year to add another tool in the effort to to prevent cyber attacks against process control networks and operational technology environments.

Risk Manager gives users actionable intelligence. It is monitoring systems in real-time looking out for cyber security risks.

The goal of Risk Manager is to simplify identifying cyber security risk, provide real-time visibility, and understand and make decision support required for action. It monitors and measures cyber security risk in multi-vendor industrial environments.

To take as much confusion as possible out of a security solution, Risk Manager:
• Tracks and inventories assets on the network
• Performs ‘low impact’ discovery of automation assets within the ICS
• Monitors risk continuously in real-time to provide immediate notification when an unacceptable risk is present
• Translates complex indicators of vulnerabilities and threats into metrics control engineers and operators without cyber security experience can understand
• Evaluates indicators of risk to generate accurate risk scores in line with industry risk management standards