57
CYBER SECURITY PROGRAM & SOLUTIONS Konstantin Rogalas 19.11.2015

Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your

  • Upload
    others

  • View
    3

  • Download
    1

Embed Size (px)

Citation preview

Page 1: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your

CYBER SECURITY PROGRAM & SOLUTIONS Konstantin Rogalas

19.11.2015

Page 2: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your

© 2015 by Honeywell International Inc. All rights reserved.

Focus: Up to But Not Including Corporate and 3rd Party Networks

Router

ESC ESF EST ACE Experion Server

ESVT Safety

Manager Terminal Server

Qualified Cisco Switches

Optional HSRP Router

Domain Controller

ESF EAS PHD Server

Experion Server

Firewall

3RD Party App Subsystem Interface

Corporate and 3rd Party/Vendor/Contractor/Maintenance Connections

Level 3

Level 3.5 DMZ

Level 4

Terminal Server

Patch Mgmt Server

Anti Virus Server

eServer PHD Shadow Server

Level 2

Domain Controller

Level 1

IT Cyber Security

Industrial Cyber

Security

1

Page 3: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your

© 2015 by Honeywell International Inc. All rights reserved.

Cyber Security follows the Business Risk

IDENTIFY

Risk estimation

RESPONSE

Technical controls

and operational

controls

MONITORING

Key Risk Indicators, trends,

threats

NON-TECHNICAL CONTROLS

Operations, awareness and incident response

TECHNICAL CONTROLS

Design and implementation

Risk to be controlled Immediate

risk facing the plant

New cyber failure scenarios

Decision engine (Business justification)

ENVIRONMENTAL CONTROLS

Physical security controls, HVAC, UPS, ..

Execution engine (IT / OT implementation)

2

Page 4: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your

© 2015 by Honeywell International Inc. All rights reserved.

Agenda

Honeywell Industrial Cyber Security (H-ICS)

Cyber Security Profile

Cyber Security Solutions

Security Operations Center

Conclusions – Open Discussion

3

Page 5: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your

© 2015 by Honeywell International Inc. All rights reserved.

Konstantin Rogalas MSc, MBA

• Business Lead for Honeywell Industrial Cyber Security -

Europe;

• 1989 – 1998 in Discrete Automation & Process Control;

• 1999 – 2012 in Telecommunications: Broadband-M2M/IoT;

• 2013 – Oil&Gas, Energy, Pharmaceuticals & Chemicals

industry Certification study for ENISA in Industrial Cyber

Security;

• 2014 – 2015 ICS Council with policy makers, asset

owners and service providers;

• Member of the European ICS Stakeholders Group.

[email protected]

About the Presenter

4

Page 6: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your

© 2015 by Honeywell International Inc. All rights reserved.

Leading Cyber Security Specialist for ICS

400+ Security assessments

for

Industrial Control Systems

Global team

90+ Certified Cyber Security

Professionals

500+ Remediation Projects

Cyber Security

Products

Multi

Vendor Cyber

Security

Services Cyber Security

Standard driven

IEC 62443 (ISA 99),

ANSSI, BSI, CPNI Numerous

Partners

Embedded

or Stand-alone Cyber lab

350+ Managed Security Networks

5

Page 7: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your

© 2015 by Honeywell International Inc. All rights reserved.

Honeywell ICS

Industries served:

• Oil & gas

• Gas distribution

• Power

• Refineries

• Chemical

Amsterdam

Atlanta Houston

Edmonton

Santiago Perth

Kuala Lumpur

SSC + HICS HICS Office Private LSS SSC HICS Resource(s)

Dubai

Vancouver Montreal

Bracknell

Aberdeen

Bucharest Offenbach

• Water treatment

• Pulp & paper

• Maritime

Global setup to serve

global organizations

as well as local asset

owners

6

Page 8: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your

© 2015 by Honeywell International Inc. All rights reserved.

Honeywell’s Industrial Cyber Security Lab

Flexible model of a complete process control network up to the corporate network

• Honeywell Cyber Security solutions development and test bed

• Demonstration lab for customers ‒ Cyber security related academic programs ‒ Hands-on training ‒ Simulate cyber attacks ‒ Demonstrate Honeywell cyber security solutions

7

Page 9: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your

© 2015 by Honeywell International Inc. All rights reserved.

Typical systems H-ICS have secured

• Distributed Control Systems

- E.g. Chemical, Petrochemical, Refining, Offshore platforms

• Leak Detection Systems, Machine Monitoring Systems, Metering

Systems, Compressor Control Systems

• Supervisory Control and Data Acquisition (SCADA) systems

- E.g. Gas Distribution, Power utilities, Pipelines, oil fields

• Distributed Energy Systems

- E.g. Wind turbines, hydropower

• Maritime systems

- E.g. Harbor systems, shipping

8

Page 10: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your

© 2015 by Honeywell International Inc. All rights reserved.

Driven by standards and regulations

• IEC 62443 (Formerly ISA 99)

• Industrial Automation Control Systems (IACS) Security

• Global standard for wide range of industry

• Honeywell ICS is active contributor to the development of the standard through

ISA

• NERC CIP

• North American Power

• ANSSI, BSI, CPNI, MSB, INCIBE, etc.

• European guidelines, best practices and country-specific measures

• JRC & ENISA recommendations

• European Union

• NIST

• US technology standards (SP 800-82)

• And others: ISO, API, OLF

• E.g. ISO 27000, API 1164, OLF 104

• Local regulations

9

Page 11: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your

© 2015 by Honeywell International Inc. All rights reserved.

© 2015 by Honeywell International Inc. All rights reserved.

Honeywell ICS specialists background

• Unique combination of long time experience in process control,

networks and cyber security

• Gain knowledge, demonstrate knowledge and maintain knowledge

- CISSP - CCNA - MCSE - VCP

- CISM - CCNP - MCSA

- CEH - CCIE

- CRISC - CCSP

• Specialists with many backgrounds

- Honeywell - Penetration testing - 14+ Languages

- Yokogawa - IT departments

- Emerson - Telecom providers

- Schneider

- ABB

10

Page 12: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your

© 2015 by Honeywell International Inc. All rights reserved.

Agenda

Honeywell Industrial Cyber Security (H-ICS)

Cyber Security Profile

Cyber Security Solutions

Security Operations Center

Conclusions – Open Discussion

11

Page 13: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your

© 2015 by Honeywell International Inc. All rights reserved.

• Honeywell ICS • CYBER SECURITY PROFILE

12

Page 14: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your

© 2015 by Honeywell International Inc. All rights reserved.

Security Profiling

• Cyber security requires:

- Standardization – consistency in design, implementation, management

and maintenance

- Completeness – effective remediation of all applicable vulnerabilities

based on pertinent threats

- Awareness – monitor the system’s security posture and respond to

changes in security posture and threat environment

- Coherence – the collection of cyber security controls should all work

together to protect the system

- Readiness – keep all system components and security controls up to

date

- Manageability – measure and correct security performance deviations

• Security profile describes:

- What security controls (technical and non-technical) need to be in

place to meet the threat

- How to organize this all in a way to be and stay effective in meeting the

threat

13

Page 15: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your

© 2015 by Honeywell International Inc. All rights reserved.

Typical security level

Skills Motivation Means

ICS

specific Moderate

Sophisti-

cated

(Attack)

Moderate

(groups of

hackers)

Generic Low Simple

Low

(Isolated

individuals)

No attack

skills Mistakes

Non-

intentional

Employee,

contractor

Resources

ICS

Specific High

Sophisti-

cated

(Campaign)

Extended

(multi-

disciplinary

teams)

SL4

SL3

SL2

SL1

Nation-state

Hacktivist,

Terrorist

Cyber crime,

Hacker

Careless

employee,

contractor

IEC 62443

14

Page 16: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your

© 2015 by Honeywell International Inc. All rights reserved.

C2M2 Maturity Indicator Levels

15

Page 17: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your

© 2015 by Honeywell International Inc. All rights reserved.

© 2015 by Honeywell International Inc. All rights reserved.

Cyber Security Profile

Defines the Security Profile

SL1 SL2 SL3 SL4 SL1 SL2 SL3 SL4

1001 Refining process facilities 1401 Fertilizers

1102 O&G LNG terminals 1403 Petrochemicals

1103 O&G processing 1404 Plastics and fibers

1104 O&G production - on-shore 1405 Specialty chemicals

1105 O&G production - off-shore 1406 Biofuels

1108 O&G Marine - LNG IAS 1501 Alumina

1110 Gas To Liquid 1502 Aluminium

1112 Production - Coal bed M 1503 Base materials

1114 Pipeline - Liquid 1504 Cement

1115 Pipeline - Gas 1505 Coal & coal gasification

1201 Pulp 1506 Iron

1203 Paper 1509 Precious metals

1204 CWS 1510 Steel making

1303 Utility power 1508 Other

Cyber Security strength is determined by the security design effectiveness

(Security Level) and security operations effectiveness (Maturity Level)

IEC 62443 standard provides the Security Level, Cobit or C2M2 toolkit

provides the Maturity Level

The Security Profile defines for each facility how to protect and how to

organize

Honeywell ICS has a complete portfolio and services to address each aspect

of the profile (technical, non-technical); typically with SL2/SL3+ assessments

16

13 14 15 16

9 10 11 12

5 6 7 8

1 2 3 4SL1

SL2

SL3

SL4

MIL0 MIL1 MIL2 MIL3

Page 18: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your

© 2015 by Honeywell International Inc. All rights reserved.

Security profile and objectives

• Create overview

• Tighten control

• Measure performance

• Monitor and manage risk

• Create control

• Standardize

• Document

• Maintain

17

Page 19: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your

© 2015 by Honeywell International Inc. All rights reserved.

Security profile and countermeasures

Create Control • Access filters (Identification, FW, ACL,

traffic policies (H)IPS)

• Antivirus (Blacklisting)

• Use control (Authorization, media use)

Standardize • Create reference architecture,

baseline

• Best practices, standards

Document • Policies and procedures

• Guidelines

• Roles and responsibilities

Maintain • Make back-ups

• Maintain Antivirus, security patches

(Service Node, EPO, WSUS)

• Maintain vaccine, TI

Tighten Control • Access filters (Multi-factor

authentication, NGFW (application

filters, User ID filters), data diode)

• Check program code integrity (AWL)

• Correlate events (SIEM)

Create overview • Consolidate logs / events (SIEM)

• Consolidate threat intelligence (TIE)

Measure performance • Measure security readiness (Risk

Manager, Service Node, EPO, WSUS)

• Maintain dashboard

Monitor and manage risk • Monitor changes in risk (Risk

manager)

18

Page 20: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your

© 2015 by Honeywell International Inc. All rights reserved.

© 2015 by Honeywell International Inc. All rights reserved.

Sustainable security requires a Program

If you run too fast or jump too high you might trip

SP 16

SP 15

4

3

2

1SP 5

SP 6

SP 7

SP 10

SP 11

SP 12

Q1 Q2 Q3 Q4

SP 1

SP 2

Q3 Q4 Q1 Q2 Q3 Q4Q1 Q2 Q3 Q4 Q1 Q2

Increase

security level

Increase

maturity level

Increase

security level

Increase

maturity level

19

Page 21: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your

© 2015 by Honeywell International Inc. All rights reserved.

Where would your Security Profile be? 20

Page 22: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your

© 2015 by Honeywell International Inc. All rights reserved.

© 2015 by Honeywell International Inc. All rights reserved.

Benefits of security profiling

• Enter a defined path

- When to invest into technical controls

- When to invest into organizational improvements

• Assess your multi-year investment

- Cyber security is not a one time action, it is an additional management

task

- Plan Capex and Opex for enhancing your security protection

• Offers sustainable security

- Develop your organization while developing your technical capabilities

- Prevent disappointments by jumping higher than today’s abilities

• Benchmark your plants

- Easy comparison between different plants

- Easy comparison within the industry

Planning is the first step

21

Page 23: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your

© 2015 by Honeywell International Inc. All rights reserved.

Agenda

Honeywell Industrial Cyber Security (H-ICS)

Cyber Security Profile

Cyber Security Solutions

Security Operations Center

Conclusions – Open Discussion

22

Page 24: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your

© 2015 by Honeywell International Inc. All rights reserved.

• Honeywell ICS • H-ICS CYBER SECURITY SOLUTIONS

23

Page 25: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your

© 2015 by Honeywell International Inc. All rights reserved.

• Cyber Security Assessments

• Thread Risk Assessments

• Network & Wireless Assessments

• Audits and Design Reviews

• Firewall, Next Gen FW

• Intrusion Prevention (IPS)

• Network Access Control

• Industrial Anti-Virus & Patching

• End Node Hardening

• Industrial Application Whitelisting

• Portable Media/Device/USB Security

• Risk Manager (in SOC)

• Continuous Monitoring

• Compliance & Reporting

• Industrial Security Information & Event Management (SIEM)

• Security Awareness Training

• Secure Design and Optimization

• Zone & Conduit Separation

• Backup and Recovery

• Incident Response

• Disaster Recovery

24

Our Solution Portfolio

Page 26: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your

© 2015 by Honeywell International Inc. All rights reserved.

The First Step to Security Is Understanding

the Current Environment

• Customer problems solved/needs addressed: – Identifying and prioritizing the biggest risks

– Meeting industry/government regulations and guidelines

– Finding which systems and devices are the most exposed, and the most vulnerable

– Prioritizing cyber security efforts for the maximum return

• Honeywell Offerings: – Risk Assessment

– Cyber Assessment (coincidental & intentional attacks using simple means)

– Risk/Thread Assessment (targeted attacks using sophisticated means)

– Validation Testing – ICS White box / Tandem

– Audits, Compliance Assessments & Reports

– Wireless / Wired Network Assessment

Assessments

& Audits

Architecture

& Design

Network

Security

Endpoint

Protection

Situational

Awareness

TECHNOLOGY

Response

& Recovery

25

Page 27: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your

© 2015 by Honeywell International Inc. All rights reserved.

CYBER SECURITY RISK

SECURITY

RISK

Tactics,

Technologies,

Practices (TTP)

Exposure,

Accessibility,

Technology

Software,

Firmware,

Protocol,

Operation

26

Page 28: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your

© 2015 by Honeywell International Inc. All rights reserved.

Sources of vulnerability

An ICS has many sources of vulnerability:

• Infrastructure

- Network

- Computer platform

- Computer operating system

- Topology

• Application

- Application components (e.g. database, middleware)

- Authorization levels

- Protocols used

• Embedded components

- Field equipment (Transmitters, actuators)

- Controllers, PLCs, safety controllers

• People

- Plant personnel

- Contractors

• Processes

27

Page 29: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your

© 2015 by Honeywell International Inc. All rights reserved.

The level of effort

Completeness

Th

oro

ug

hn

es

s

RISK

VULNERABLE, BUT

EITHER UNKNOWN,

NOT EXPOSED, OR

INSUFFICIENT

CAPABILITIES TO

EXPLOIT

SL1

SL2

SL3

SL4

Completeness

Th

oro

ug

hn

es

s

SIMPLE GENERIC

EXPLOIT

SL1

SL2

SL3

SL4

COMPLEX ICS

SPECIFIC EXPLOIT

The strength of the attacker

determines the tactics,

technologies and practices (TTP)

used.

• Strong attackers have a very

clear plan and objective

• The risk increases depending on

the strength of the attacker

• The need for thoroughness and

completeness increases when

the strength of the attacker

increases

• The need for very specific skills

increases when the strength of

the attacker increases

28

Page 30: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your

© 2015 by Honeywell International Inc. All rights reserved.

Security levels and security capabilities

SL1 – 58

capabilities

SL2 – 87

capabilities

SL3 – 118

capabilities

SL4 – 128

capabilities

Out of the box

installations,

plus antivirus,

back-up

Requires

additions such

as domain,

deep packet

inspection,

device control

Requires

additions such

as multi-factor

authentication,

IPS, SIEM,

security

monitoring,

white listing

Requires

additions such

as multi-factor

authentication

for all systems,

biometrics, dual

control

29

Page 31: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your

© 2015 by Honeywell International Inc. All rights reserved.

© 2015 by Honeywell International Inc. All rights reserved.

The Threat Landscape Continuously Changes

Security levels and security capabilities

SL3 – 118

capabilities Required capabilities vary based upon applied technology,

exposure, accessibility, and attacker

Risk analysis determines which likely tactics, technologies,

and procedures (TTP) are used based upon attack scenarios

and selects which actual capabilities are needed

List of capabilities grows overtime because of new TTP of

attackers, new technologies used

Cyber Security is not a one time project, it is a lifetime service.

Both changing environment, insufficient maintenance, and

changes require periodic (re-)evaluation

30

Page 32: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your

© 2015 by Honeywell International Inc. All rights reserved.

Different assessments SL2 and SL3+

Completeness

Thoro

ughness

SL1

SL2

SL3

SL4

CHECKLIST

DRIVEN

APPROACH

SCENARIO

(TTP)

DRIVEN

APPROACH

CY

BE

R A

SS

ES

SM

EN

T

TH

RE

AD

/RIS

K A

SS

ES

SM

EN

T

31

Page 33: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your

© 2015 by Honeywell International Inc. All rights reserved.

Once You’ve Found the Gaps, Fill them…

• Customer problems solved/needs

addressed:

– How to use network design to promote strong security

– Implementing Zones & Conduits (per IEC 62443) to minimize the impact of an incident

• Honeywell Offerings:

– Network Design & Optimization Services

– Wireless Design & Optimization Services

– Cyber Security Design Services

– Zones & Conduits

– Documentation of current architecture and security

Architecture

& Design

Network

Security

Endpoint

Protection

Situational

Awareness

TECHNOLOGY

Response

& Recovery

Assessments

& Audits

32

Page 34: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your

© 2015 by Honeywell International Inc. All rights reserved.

Most Threats Come from the Network

• Customer problems solved/needs addressed:

– How to make it harder for the “bad guys” to get in

– What to do if/when they do get in

• Honeywell Offerings:

– Network Design Services

– Firewall/NGFW Installation & Configuration

– IPS Installation & Configuration

– Data Diode

– Network Access Control

– Perimeter Security Management

Architecture

& Design

Network

Security

Endpoint

Protection

Situational

Awareness

TECHNOLOGY

Response

& Recovery

Assessments

& Audits

33

Page 35: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your

© 2015 by Honeywell International Inc. All rights reserved.

“Soft” Systems Are Easy Targets

• Customer problems solved/needs addressed:

– Identify which PCs and Servers are vulnerable to threats

– Determining if the proper access controls are in place (missing critical patches, AV is out-of-date, etc.)

• Honeywell Offerings:

– Endpoint Hardening

– Anti-Virus Installation & Configuration

– Application Whitelisting, Installation & Configuration

Architecture

& Design

Network

Security

Endpoint

Protection

Situational

Awareness

TECHNOLOGY

Response

& Recovery

Assessments

& Audits

34

Page 36: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your

© 2015 by Honeywell International Inc. All rights reserved.

Endpoint Hardening

Restrict access to

all apps unless authorized via approved list

Whitelisting

Reduce inadvertent cyber

intrusions via memory

stick

USB Port Disable

Enhanced DSA

Security

Authentication with flexible account

using least privilege

Encrypted and authenticated

communications

Secure Communications

35

Page 37: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your

© 2015 by Honeywell International Inc. All rights reserved.

Awareness Is Critical

• Customer problems solved/needs addressed:

– Staying diligent with limited security staff & resources

– Understanding what’s happening, what’s at risk, and why

– Identifying the early-warning signs to prevent incidents

– Knowing what to do if/when an incident does occur

• Honeywell Offerings:

– Risk Manager (further discussed in SOC section)

– Security Information and Event Management (SIEM)

– Continuous Monitoring

– Compliance & Reporting

– Security Awareness Training

Architecture

& Design

Network

Security

Endpoint

Protection

Situational

Awareness

TECHNOLOGY

Response

& Recovery

Assessments

& Audits

36

Page 38: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your

© 2015 by Honeywell International Inc. All rights reserved.

“We Have a Problem…”

• Customer problems solved/needs addressed:

– What do you do when an incident occurs?

– How do you recover?

– How do you regain safety and reliability?

• Honeywell Offerings:

– Backup & Restore Services

– (Security) Incident Response Services – 24 x 7

Architecture

& Design

Network

Security

Endpoint

Protection

Situational

Awareness

TECHNOLOGY

Response

& Recovery

Assessments

& Audits

37

Page 39: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your

© 2015 by Honeywell International Inc. All rights reserved.

Disaster recovery solutions

Business success depends on consolidating cost and equipment,

reducing management time, and ensuring process control

applications are always available when disaster strikes

Backup control centers (BCCs) are used in the event the main

control center (MCC)

becomes inoperable, and

operations must be switched

to a backup location

38

Page 40: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your

© 2015 by Honeywell International Inc. All rights reserved.

Honeywell Security Service Center (HSSC)

Amsterdam

Houston

39

Amsterdam

Bucharest

Houston

Page 41: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your

© 2015 by Honeywell International Inc. All rights reserved.

Managed Industrial Cyber Security Services

Monitoring, Reporting and Honeywell Expert Support

Patch and Anti-Virus Automation

Security and Performance Monitoring

Activity and Trend Reporting

Advanced Monitoring and Co-Management

Secure Access

Tested and

qualified patches

for operating

systems & DCS

software

Tested and

qualified anti-

malware

signature file

updates

Comprehensive

system health &

cybersecurity

monitoring

24x7 alerting

against

predefined

thresholds

Monthly or

quarterly

compliance &

performance

reports

Identifying

critical issues

and chronic

problem areas

Honeywell

Industrial Cyber

Security Risk

Manager

Firewalls,

Intrusion

Prevention

Systems, etc.

Highly secure

remote access

solution

Encrypted,

two factor

authentication

Complete

auditing:

reporting &

video playback

40

Page 42: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your

© 2015 by Honeywell International Inc. All rights reserved.

EMEA Managed Security Service Center

Portugal

Germany

Norway

Zambia

South Africa

North Sea

France

Sweden

Belgium

Italy

Romania

Cameroun

Tunisi

Kuwait

Slovakia

Namibia

Abu Dhabi

Saudi Arabia

Egypt

Finland

Poland

Estonia

Spain

Austria

United Kingdom

Zwitserland

Oman

Sites 203

Protection Management 147

Monitoring 112

SSC EMEA support Locations:

• Amsterdam – The Netherlands

• Bucharest - Romania

SSC Support

team

SSC and

support

team

41

Page 43: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your

© 2015 by Honeywell International Inc. All rights reserved.

Agenda

Honeywell Industrial Cyber Security (H-ICS)

Cyber Security Profile

Cyber Security Solutions

Security Operations Center

Conclusions – Open Discussion

42

Page 44: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your

© 2015 by Honeywell International Inc. All rights reserved.

• Managed Security Services & Risk Manager

• Honeywell ICS • SECURITY OPERATIONS CENTER

43

Page 45: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your

© 2015 by Honeywell International Inc. All rights reserved.

© 2015 by Honeywell International Inc. All rights reserved.

Security Operations Center

Honeywell ICS connects both worlds

• Security challenges

- Onslaught of security data from disparate systems, security controls,

and applications

- Numerous point solutions (AV, AWL, firewall, IPS, NAC, HIPS, etc)

- Threats growing

- Regulatory compliance coming

- Shortage of specialist cyber security skills

- Dynamic world

• The answer is Security Operations Center (SOC)

- Provides consolidation of information

- Provides continuous protection

- Provides continuous detection

- Provides response capabilities

- Optimizes use of specialist cyber security skills

44

Page 46: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your

© 2015 by Honeywell International Inc. All rights reserved.

© 2015 by Honeywell International Inc. All rights reserved.

Typical ICS SOC

Honeywell understands cyber security in ICS

Production management, operations management

Data acquisition layer

Threat

Intelligence

Logs

Events

Security management, compliance management, network management

(analysis, correlation, policy management, (remote) access management)

Performance

indicators Policy

Vendor A ICS Vendor B ICS

Risk

indicators

45

Page 47: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your

© 2015 by Honeywell International Inc. All rights reserved.

• Honeywell ICS • CYBER SECURITY RISK MANAGER

46

Page 48: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your

© 2015 by Honeywell International Inc. All rights reserved.

Translate complex cyber

security indicators into

simple measurements for

ongoing situational

awareness

No need to be a cyber

security expert. Easy

to use interface

Designed by people who

know industrial control and

cyber security

Accurate measurement

of risk

Quick, intuitive workflow

from risk notification to

detailed threat and

vulnerability analysis

Vendor-neutral. Low impact

technology

Honeywell Risk Manager

47

Page 49: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your

© 2015 by Honeywell International Inc. All rights reserved.

Honeywell Risk Manager

Risk Manager evaluates indicators of risk using

patented algorithms to generate accurate risk

scores in line with industrial risk management

standards

48

Page 50: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your

© 2015 by Honeywell International Inc. All rights reserved.

Honeywell Risk Manager

Trends reflect risk appetite and risk tolerance for that particular site

Risk Appetite ‒ The amount and

type of risk an organization is willing to

accept in pursuit of its business

objectives

Risk Tolerance ‒ The specific maximum

risk that an organization is willing to take

regarding each relevant risk

49

Page 51: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your

© 2015 by Honeywell International Inc. All rights reserved.

Agenda

Honeywell Industrial Cyber Security (H-ICS)

Cyber Security Profile

Cyber Security Solutions

Security Operations Center

Conclusions – Open Discussion

50

Page 52: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your

© 2015 by Honeywell International Inc. All rights reserved.

© 2015 by Honeywell International Inc. All rights reserved.

Cyber Security Profile

Manageability requires a S.M.A.R.T. and holistic approach

13 14 15 16

9 10 11 12

5 6 7 8

1 2 3 4 SL1

SL2

SL3

SL4

MIL0 MIL1 MIL2 MIL3

51

Page 53: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your

© 2015 by Honeywell International Inc. All rights reserved.

© 2015 by Honeywell International Inc. All rights reserved.

Security solutions

Manageability requires a S.M.A.R.T. and holistic approach

13 14 15 16

9 10 11 12

5 6 7 8

1 2 3 4 SL1

SL2

SL3

SL4

MIL0 MIL1 MIL2 MIL3

SOC

52

Page 54: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your

© 2015 by Honeywell International Inc. All rights reserved.

© 2015 by Honeywell International Inc. All rights reserved.

Technical controls

Available capabilities for SL3+ security requirements

• 3rd generation Firewall

• Next Generation Firewall

• Security Management Console

• Microsoft Workgroup

• Microsoft Active Directory

• Microsoft RADIUS

• Intrusion Prevention System

• Intel Security SIEM

• Cisco Access Point

• Cisco WLC

• Network Admittance Control

• Microsoft Windows

• Secure Access Portal

• RSA multifactor authentication

• Cisco Catalyst IOS

• Threat Intelligence Exchange (TIE)

• Antivirus black listing

• Endpoint protection white listing

• Endpoint protection device control

• Endpoint protection host IPS

• Honeywell Risk Manager

• Honeywell Experion Backup Recovery

• Honeywell Service Node AV update

• Honeywell Service Node Vaccine update

• Honeywell Service Node TI update

• Honeywell EPKS Secure Communications

• Honeywell EPKS

• Modbus firewall RO

• Modbus firewall RW

• OPC firewall

• DNP3 firewall

• Data Diode

• Bi-directional Data Diode

• Bluecoat USB protection

53

Page 55: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your

© 2015 by Honeywell International Inc. All rights reserved.

54

Industry-Leading Industrial Cyber Security

• Global team of certified Industrial Cyber Security experts

• 100% dedicated to Industrial Cyber Security

• Experts in process control cyber security

• Leaders in security standards ISA99 / IEC62443 / NIST

• 10+ years industrial cyber security

• 1,000+ successful industrial cyber projects

• 300+ managed industrial cyber security sites

• Proprietary cyber security methodologies and tools

• Largest R&D investment in industrial cyber security

• Partnerships with leading cyber security vendors

• Industry first Risk Manager

• First to obtain ISASecure security for ICS product

• State of art Industrial Cyber Security Solutions Lab

Proven Experience

Investment and Innovation

Industrial Cyber Security Experts

Proven Industrial Cyber Security Solution Provider

Minerals, Metals & Mining

Refining & Petrochemical Chemicals Power Generation Pulp & Paper Oil & Gas

54

Page 56: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your

© 2015 by Honeywell International Inc. All rights reserved.

This is what we do:

Open Discussion

55

Page 57: Konstantin Rogalas CYBER SECURITY PROGRAM & SOLUTIONS … · 2015-11-25 · - Plan Capex and Opex for enhancing your security protection •Offers sustainable security - Develop your

© 2015 by Honeywell International Inc. All rights reserved.

WWW.BECYBERSECURE.COM

56