Getting a Grasp on Risk

Tuesday, April 21, 2015 @ 09:04 AM gHale

By Gregory Hale
Security awareness has gotten off the couch and users are now looking to see what they can do to understand the levels of risk they have to endure.

That is exactly where Risk Manager comes into play in the face of a rising, more sophisticated risk, Honeywell Process Solutions (HPS) today launched the digital dashboard designed to monitor, measure and manage security risk for control systems.

Honeywell Launches Cyber Lab
Detected Vulnerabilities on Rise: Report
Insider Threat a Security Imperative
Mobile App Security Weak: Report

“This was certainly driven by (user) needs and asking for assistance with a growing complex problem trying to gain visibility into their risk profile,” said Jeff Zindel, global business leader for cyber security at HPS. “They ask ‘can you help me understand and then identify what actions I could and should take given the visibility and understanding?’ The understanding and information they need for the usability makes it useful from a process control engineer to a plant manager all the up to a C-level executive.”

“It will show value and insight across all levels of the organization,” Zindel said. “You don’t have to be an expert to gain value and understanding. At the highest level we are providing the key metrics, the KPIs (key performance indicators) that anyone can understand and the lowest level we are allowing the professional to drill down to find exactly about the root causes to take action.”

The goal of the Honeywell Industrial Cyber Security Risk Manager is to simplify identifying cyber security risk, provide real-time visibility, and understand and make decision support required for action. It monitors and measures cyber security risk in multi-vendor industrial environments.

To take as much confusion as possible out of a security solution, Risk Manager:
• Tracks and inventories assets on the network
• Performs ‘low impact’ discovery of automation assets within the ICS
• Monitors risk continuously in real-time to provide immediate notification when an unacceptable risk is present
• Translates complex indicators of vulnerabilities and threats into metrics control engineers and operators without cyber security experience can understand
• Evaluates indicators of risk to generate accurate risk scores in line with industry risk management standards

The threat of attacks on industrial targets is a major concern according to a global survey on cyber security conducted by Ipsos Public Affairs in September 2014 on behalf of Honeywell. More than 5,000 people in 10 countries responded to a survey about the threat of cyber attacks on critical industries in their countries. Three quarters of respondents said they were fearful that cyber criminals could hack into and control major sectors and elements of the economy. Two-thirds of those surveyed thought the oil and gas, chemicals and power industries were vulnerable to cyber attacks.

“Risk Manager is based on proprietary, patented algorithms and understanding we have gained in the industrial and industrial cyber security space,” Zindel said. “At its core, it is capturing data and running that literally through hundreds of risk indicator calculations. It is built on proprietary understanding and algorithms to help translate what otherwise would be a single data point and taking it instead and looking at it across an entire plant and across many different dimensions.”

Risk Analysis
The workflow allows users to create customized risk notification alerts and perform detailed threat and vulnerability analysis so they can focus on managing risks that are most important for reliable plant operations.

Also, with attacks coming from all areas externally and internally, Risk Manager gathers all types of information to garner intelligence for users.

“Some of the monitoring management would capture anything like malware or a rogue device,” Zindel said. “Things like failed log-in attempts or user accounts with different privileges, who has admin privileges and who doesn’t. It would capture any of those types of threats. Those are some examples of where you are looking at not only the devices but the actions of the users of the networks or on the systems.”

Risk Manager will monitor plant assets within and across all security zones of a plant, including third-party systems. By understanding security zones, Risk Manager falls in line with IEC 62443 and is able to calculate risk scores. Risk Manager’s real-time measurement of risk is in line with industry standard risk management methodologies so risk scores can end up used consistently and accurately.

“It is not plug and play, but it does come out of the box with different recommendations and settings,” Zindel said. “What we are typically doing with configuration is defining their network zones. So that is something that would need to be configured, so which accounts and workstations go in which zones. Another is thresholds. Where do users want to set the thresholds that will set off an alert at a high level or a medium notification. There is tuning that will help set zones and thresholds so that it will set the most valuable notification.”

Understandable Across the Board
The technology is also capable for anyone to use.

“On initial install we are working with the user to install and configure it,” Zindel said. “We provide ongoing services where we can tune it, and audit it on an annual basis. We will be providing a managed service in the future to either co-manage it or manage it for users. Once we provide the initial install or configuration, they would be in the position to be able to do it themselves.”

While always staying on top of security issues, Honeywell has been making a bigger push as the manufacturing automation giant officially launched its Industrial Cyber Security Lab earlier this month.

Users need to know what they have on their systems and how to protect themselves, but they also need to understand the business objectives behind a security solution. That is exactly where the lab comes into play.

“We want to leverage the lab to offer enhanced solutions helping (users) to move to a point to have security act as an enabler to drive profits and not be seen as a cost center,” Zindel said.

“The threat is continuously evolving,” said Eric Knapp, director of technology and solutions at HPS. “Stuxnet was really the beginning and the threat has been evolving ever since.”

The Stuxnet campaign, as ISSSource reported, ended up conducted by the United States and Israel to disable the uranium enrichment plant outside Natanz, Iran, by causing the control system to run wildly out of control causing severe damage to centrifuges.

Security awareness is getting stronger and users need more understanding and education to ensure a secure environment. That is what HPS is looking to convey at the lab. Part of what the lab will offer is:
• Solution development and testing
• Simulated attacks
• User demonstration

“We can take a customer’s configuration and test it to make sure it is running securely,” said Mike Spear, global operations manager for industrial cyber security lifecycle solutions and services at Honeywell Process Solutions (HPS).

“(Users) can come here and they can see the various security controls,” Spear said. “They can see what works for them and find out what they need and what they need to do.”

The goal of the lab is to advance development and testing of new technologies and software. It can also replicate a user’s system and run it in the lab to test and find vulnerabilities, all while testing in a safe environment.

“We can do exercises like this in the lab and not cause a problem at the facility,” Knapp said.

Once they are able to find the vulnerabilities, then it becomes a matter of finding the correct solution.

“If I understand the vulnerabilities of a system, I can protect it,” Knapp said. “Conversely, if I know the vulnerabilities, I can exploit them.”

The Industrial Cyber Security Lab, located in Duluth, GA, includes a model of a complete process control network that Honeywell cyber security researchers will use for research, hands-on training, and to develop, test and certify industrial cyber security solutions. The lab will help accelerate development time of new cyber protection technologies and speed availability to users.

Leave a Reply

You must be logged in to post a comment.