Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Transcription

1 Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Process Solutions (HPS) June 4,

2 Industrial Cyber Security Industrial Cyber Security is the leading provider of cyber security solutions that help protect the availability, safety, and reliability of industrial control systems (ICS) and plant operations. Leveraging our industry leading process control and cyber security experience, our expertise, and technology, we deliver proven solutions designed for the specific needs of process control environments. Cyber Security = Process Availability, Safety and Reliability 2

3 What Is Cyber Security for Industrial Control Systems? Industrial Cyber Security is the body of practices, processes and technologies designed to defend process control networks, systems, computers, programs and data from attack, damage, disruption, unauthorized access or misuse Protecting against external and internal threats Detecting, Responding and Recovering from cyber attacks and incidents Safeguarding availability, safety and reliability Keeping plants running smoothly without disruption IT cyber security, in contrast, focuses more on protecting information than physical assets, operations and people Focus is up to but not including corporate and 3 rd party networks Requires deep understanding of process control networks, operations, information technology and cyber security 3

4 Where Are You Vulnerable? Connections between ICS network and corporate IT / business systems Unsecured remote service/maintenance access or 3 rd party/vendor/contractor access Firewall rules improperly configured Lax authentication & authorization policy Unsupported Microsoft OS like XP Unpatched nodes or out-of-date Antivirus Unnecessary open ports, services, logins Removable media - USB drives, external hard drive, CD/DVDs connecting to ICS Mobile IT components; laptops tablets Any file transfer from an external device Human error, negligence, misuse & sabotage Employees, contractors, vendors, visitors, and supply chain 4

5 Protects From the Inside Out and Outside In Build security into our products Employ same risk-management mechanisms for cyber security we design for safe industrial operations Strengthen security with proven end-to-end solutions Security architecture, security controls and best industrial practices Services delivered by global team of experts Assure continued protection and resilience Situational awareness Monitoring, management and training services 5

6 Industrial Cyber Security Solutions Framework Embedded Security Is Just the Start Security Awareness Cyber Security Assessments, Monitoring and Situational Awareness Leveraging Network, Host & Operational Security Controls Security Controls TECHNOLOGY Security Design Used to Drive Secure Architectural Design and Best Practices We Address Industrial Cyber Security End-to-End 6

7 Complete Industrial Cyber Security Solutions Assessments & Audits Security Assessments Network & Wireless Assessments Security Audits Backup and Restore Incident Response Response & Recovery Architecture & Design Current State Analysis Design & Optimization Zones & Conduits Continuous Monitoring Compliance & Situational Reporting Awareness Security Analytics Security Information & Event Management (SIEM) Security Awareness Training 7 TECHNOLOGY Endpoint Protection Network Security Firewall Intrusion Prevention Access Control Policy Development Patching & Anti-Virus Application Whitelisting End Node Hardening Portable Media & Device Security

8 Why Industrial Cyber Security Industry Leading People and Experience Global team of certified experts with deep experience across all industries 100 s of successful PCN / Industrial cyber security projects Leaders in security standards ISA99 / IEC62443 Industry Leading Processes and Expertise methodologies specific for process control environment & operations Best practices developed through years of delivering solutions Comprehensive understanding of unique process control security requirements Industry Leading Technology First to obtain ICS product security certification with ISASecure Largest R&D investment in cyber security solutions and technology Strategic partnerships with best in class security product vendors Trusted, Proven Solution Provider 8

9 Managed Industrial Cyber Security Services 9

10 Managed Industrial Cyber Security Services Secure Connection Secure tunnel for services Protection Management Qualified anti-malware files & operating system patches Continuous Monitoring and Alerting Monitoring of system, network & cyber security performance 24/7 alerting against thresholds Intelligence Reporting Weekly compliance and quarterly trend reports Perimeter and Intrusion Management Firewall: Configuration rules + log file review and reporting IPS: Signature update validation + log file review and reporting 10

11 The Foundation: s Secure Connection Secure Connection Customer Initiated Encrypted Tunnel Customer controlled connection Customized with easy to configure Security Policies Only connects to s Managed Security Service Center Two-Factor Authentication Certificate based Keeps information private even through corporate network Drawbridge Infrastructure & methodology supports the ISA99 concepts of zones & conduits, authentication, security logging, input validation, & system integrity checks Secure Connection Enables Protection Management Continuous Monitoring and Alerting Intelligence Reporting Perimeter and Intrusion Management Secure Troubleshooting 11

12 Protection Management Anti-Malware Files & Operating System Patches Automated, secure transfer to site of tested and qualified Anti-Malware signature files & Operating System patches Provides a local source of current, qualified signature files and patches for installation Reduces manual, administrative work and delays required to obtain current files and patches Maintains integrity of files through Secure Connection s encrypted file transfer Avoids file modification risk via transfers by or portable media Anti-Malware files Protect against virus, worms, and malware which can compromise the PCN/ICS Windows TM and Experion Operating System patches Block multiple malware vulnerabilities to reduce system breaches, prevent unauthorized shut downs, and keep Control Systems operating properly Deploying Current Releases Helps Prevent Exploits, Infections and Application Malfunctions 12

13 Continuous Monitoring and Alerting Monitoring of System, Network and Security Continuous Monitoring Agentless monitoring solution for system, network and security performance and health Tested to ensure no impact on systems Automated monitoring of critical ICS, network, Windows TM and security parameters Intelligent analysis based on engineering & expertise Alerts / Situational Awareness 24/7 automated, proactive alerting for all monitored devices Equipment and device specific thresholds established Managed Security Service Center automatically generates an alert or SMS text to site specified contact(s) 13

14 Intelligence Reporting Reporting of ICS Status, Trends and Issues Trend Analysis Complements Alerts Ability to catch degrading conditions Captures & reports frequency of intermittent issues Weekly Critical Parameter Reports Actionable reports of critical system & network information plus security issues Out-of-date installation status for Anti-Malware signatures & Windows TM patches Inventory of all detected networked equipment Key source of data for compliance documentation Bi-Annual and/or Quarterly Reports Comprehensive, detailed reports including long term trends, plus expert analysis Audit Audit capability including access to session recordings 14

15 Perimeter & Intrusion Management Services Management of Firewalls & Intrusion Prevention Systems Firewalls and IPS only work if properly configured & managed Firewall Management Services Provides expert review of firewall log files, including rule changes Allows for identification of unauthorized and unplanned changes Note: Corporate firewall management NOT included or supported Intrusion Prevention System (IPS) Management Services Verifies IPS signature updates are appropriate for site Provides expert review of log files Changes are reviewed prior to implementation and logs reviewed daily to avoid erosion of security posture or system interruption PCN Firewalls & IPS Equipment Configurations Are Critical Elements of Site Protection 15

16 What Makes the Secure Connection Secure? Architecture: Relay Server L3.5 ( DMZ ) & Secure Service Node L3 Supports the ISA99 concepts of zones & conduits, authentication, security logging, input validation, & system integrity checks Two-Factor Authentication Validated both ways verify really Service Center and really customer site Utilizes unique fingerprints, generated security certificates (not 3rd party), proprietary security certificates and security keys for verification Secure, Encrypted Tunnel for Communications (VPN) Encrypted communication uses licensed SSL Tunnel can only connect to s Secure Service Center Communications not visible on corporate side encrypted; Wire Shark will tell you nothing Customer Controlled Connection & Security Policies Tunnel can only be initiated by Site s Secure Service Node Permissions can be set per device, person, and/or time, or system wide Fully Audited Recording & Reporting of Actions Replay will show display and mouse movements of session 16

17 Secure Connection Architecture Level 4 Level 3.5 DMZ Level 3 Level 2 Level 1 Anti- Malware Server Experion Server EST Industrial PCN Site Windows TM Patch Mgmt Server (WSUS) Secure Service Node Relay Server Corporate Proxy Server SSL Encrypted, Certificate Authenticated Tunnel Initiated by site s Secure Service Node Connect to Managed Security Service Center ONLY Managed Security Service Center Communication Server Application Servers Operator Controls DMZ ACE Engineering Controls CORPORATE Domain Controller 3 RD Party Apps ESF Domain Controller Experion Server Terminal Server eserver Corporate Router Internet Tunnel through corporate network provides additional security Database Servers Relay Server isolates PCN from Corporate Network Restricts end nodes from sending or receiving data out of PCN DMZ 17

18 Managed Industrial Cyber Security Services Engineered to Improve Process Control Network Security, Performance and Management Secure Connection Protection Management Continuous Monitoring & Alerting Intelligence Reporting Perimeter & Intrusion Management 18

19 Thank You Industrial Cyber Security