HUG: Operationalizing Security

Wednesday, June 12, 2019 @ 05:06 PM gHale

By Gregory Hale
A little while ago, a homeowner build a house in the hills of California that was right in the middle of a fire zone. So, to counteract the strong possibility it could get hit by a blaze, the homeowner tried to make it as fireproof as possible. He used special roof tiles to protect against fire embers, the road out front was fire resistant, there were two huge water tanks behind house, heat resistant windows, concreate and steel walls, and no wood exposed.

In the end, 20 percent of the cost of the house went into fire protection.

RELATED STORIES
HUG: How to Define Digital Success
Move Toward IT-OT MSSP Model
Getting Security Data in Context
Manufacturing Report: Financial Attacks on Rise

Compared to that, there was an ancient, historically-protected building in Chinatown in New York city. There were no water tanks, regular windows, brick walls, and exposed wood.

“How do you protect them?” Eric Knapp, director of product innovation at Honeywell Industrial Cyber Security, asked during a presentation Tuesday at the 2019 Honeywell User Group in Dallas, TX. “You can protect and respond and you need a balance of both. If you can protect 100 percent of the time you don’t need a response plan. But that is not possible.”

That is when he talked about operationalization.

“Operationalizing cybersecurity requires balancing protection and response,” he said. “We manage industrial facilities, and unlike wild fires which are more predictable, cyber attacks are not. There is lots of science behind wild fires so we can develop response mechanisms to protect against it. But wild fires are not watching what the defense is doing. Adversaries are. They are actively trying to avoid security defenses, they are trying to stay one step ahead.”

Key Component
Understanding how everything fits together becomes a key component in cybersecurity.

It starts with a threat, which leads to threat detection and protection, leads to data, then tools to filter data out, so people can take action on the data.

“If you don’t have something along this path, you don’t have anything. If you don’t have anybody to take action on anything, you don’t have anything,” he said.

That cybersecurity progression, he said, it is not a linear line. It all depends on what you have in terms of tools, devices, people, and know how.

Protections in Place
“If you don’t have the right protections in place, you might need more people, if your data is not protected, and that is what a hacker wants, then there is a problem. If you don’t have the proper tools, and the latest rage is anomaly detection, then there is a problem. You can buy a Ferrari and just park it in the garage, then it is useless.”

In terms of using technology like anomaly detection, they think it can eliminate people in the process, but Knapp said that is not true. In fact, he added, you need more people to understand anomaly detection.

To help in the security journey, Honeywell at HUG released Forge for Industrial which is software that includes a cybersecurity platform that consists of four quadrants:
• Asset management, that tells the user what they have
• Secure resource management, protocol to see who is able to connect to the user’s network, and verifies authorized participants
• Risk and compliance, audit site
• Threat intelligence, threat management

The platform is another way to prepare for what Knapp said was inevitable.

“The likelihood there will be an attack is 100 percent, everyone is under attack,” Knapp said.

Honeypots Attacked
To buttress that point, Knapp mentioned Honeywell created some honeypots from their Cyber Security Centers of Excellence and they we got hit with 100 gigs of Zero Days within a week.

With the strength and prevalence of attacks hitting the industry, it is strengthening the convergence of IT and OT.

“IT and OT are going to get more connected whether we like it or not,” Knapp said. “If we bought IT tools and implemented them, it would be a disaster. They are similar, but different. IT is focused on confidentiality and integrity and they don’t care as much about availability. But if you take an operational network off line for about an hour, you have a big issue. That leg of the stool becomes more important.”

It is no overstatement to say with this major shift to a more digital environment, there are more security risks. But in the end, it has to be worth it.

“In order to advance technologically and in society, you have to take some risks, but you have to understand what you accept,” Knapp said. “Some risk is acceptable.”



Leave a Reply

You must be logged in to post a comment.