The way to determine a company’s required security assurance level (SAL) is to know the risk level against which your company wants to be protected. A security assessment would indicate the gaps between what a company desires and what technical controls it uses today.
As cyber security professionals with extensive knowledge in distributed control systems and information technology, Honeywell investigates the status quo of operational security procedures and technical controls as a first step to improve customers’ cyber security posture.
We refer extensively to the ISA-62443 (ISA99) global series of standards for cyber security for industrial plants, focusing on processes and technology. We also investigate the organization’s maturity related to cyber security. Are all employees committed to cyber security? Or are just one or two engineers trying to keep PCs patched and run anti-virus software? It’s important that everyone have some security awareness. If not, when the expert security knowledge leaves the company, so does the company’s security.
The outcome of our security assessment includes a report of gaps and recommendations and an overall ranking of the SAL and maturity rating of a company compared to others in the industry. Knowing where you are security-wise can help you start a more focused approach to cyber security for the future.
New Dashboard Empowers Operators
Improving situational awareness is critical with cyber security because you can’t fix what you don’t know about. And making sure everyone is able to quickly assess a security situation is a constant goal. So Honeywell is developing a cyber security dashboard to give plant operators and maintenance personnel an immediate overview of the facility’s cyber security status. It should be available mid-2014.
With the dashboard, you can quickly see if workstations and servers in the process control network have the latest antivirus, firewalls, and patches installed to help your network avoid cyber attacks. If something is wrong, the software generates warnings so appropriate personnel can take immediate action.
While experts with plenty of training in cyber security are certainly needed in today’s security-conscious manufacturing environment, it’s also important for a wider range of personnel to have an understanding and know when to take action. With this easily understandable security dashboard, a larger group of personnel watching your plant’s cyber security status will know immediately if something out of the ordinary happens and be able to request help from experts.
While this dashboard is still in the design phase, we are open to ideas from users about what to include and how the dashboard should look. So feel free to comment on this blog site.
Security specialists advocate whitelisting and keep a list of files allowed to run on PCs as well as those allowed only to execute and nothing else. Application whitelisting will block all files not approved on the system. Viruses try to mutate files on a PC to enable the payload to do its sneaky, devastating work. As the virus mutates files, the application whitelisting software notices the checksum of these files to change and block their execution. At the same time, application whitelisting creates a great way to better manage the installation of new software on PCs in the process control network.
Before new applications are able to execute, the application whitelisting needs to approve that particular application; it can’t run without approval. This application is a great way to keep tight control on which software applications are installed on the process network and by whom.
The downside is it will require some additional maintenance work, as each time you upgrade with a patch or add new software, you now have two tasks – installing and managing the whitelisting application. However, you can simplify some of the extra work by setting up pre-approvals for certain vendors. Honeywell has the expertise to configure a whitelisting solution on your process control network and reduce the extra maintenance work as much as possible without jeopardizing cyber security.