Continuous Industrial Cyber Risk Mitigation with Managed Services Monitoring and Alerting Konstantin Rogalas and Arjen van Es, Honeywell

Similar documents
Cyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Industrial Cyber Security. Complete Solutions to Protect Availability, Safety and Reliability of Industrial Facilities

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services

Effective Defense in Depth Strategies

Industrial Cyber Security 101. Mike Spear

Process Control Networks Secure Architecture Design

Remote Services. Managing Open Systems with Remote Services

Verve Security Center

Document ID. Cyber security for substation automation products and systems

Symphony Plus Cyber security for the power and water industries

Industrial Cyber Security Risk Manager. Proactively Monitor, Measure and Manage Cyber Security Risk

A Concise Model to Evaluate Security of SCADA Systems based on Security Standards

Protecting productivity with Plant Security Services

Ovation Security Center Data Sheet

Session 14: Functional Security in a Process Environment

SCADA. The Heart of an Energy Management System. Presented by: Doug Van Slyke SCADA Specialist

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions

GE Measurement & Control. Cyber Security for NEI 08-09

SCADA Compliance Tools For NERC-CIP. The Right Tools for Bringing Your Organization in Line with the Latest Standards

ABB Automation Days, Madrid, May 25 th and 26 th, Patrik Boo What do you need to know about cyber security?

Cyber Security for NERC CIP Version 5 Compliance

Industrial Security for Process Automation

Olav Mo, Cyber Security Manager Oil, Gas & Chemicals, CASE: Implementation of Cyber Security for Yara Glomfjord

Breach Findings for Large Merchants. 28 January 2015 Glen Jones Cyber Intelligence and Investigation Lester Chan Payment System Security

Cyber security measures in protection and control IEDs

GE Measurement & Control. Top 10 Cyber Vulnerabilities for Control Systems

Best Practices for DanPac Express Cyber Security

Industrial Security Solutions

3rd Party Audited Cloud Infrastructure SOC 1, Type II SOC 2, Type II ISO Annual 3rd party application Pen Tests.

Innovative Defense Strategies for Securing SCADA & Control Systems

Supporting CSIRTs in the EU Marco Thorbruegge Head of Unit Operational Security European Union Agency for Network and Information Security

SCADA City of Raleigh. Martin Petherbridge, CPA, CIA Internal Audit Manager Shirley McFadden, CPA, CIA Senior Internal Auditor

Cybersecurity Health Check At A Glance

Secure, Scalable and Reliable Cloud Analytics from FusionOps

NIST Cybersecurity Initiatives. ARC World Industry Forum 2014

Integrating Electronic Security into the Control Systems Environment: differences IT vs. Control Systems. Enzo M. Tieghi

InsightCloud. Hosted Desktop Service. What is InsightCloud? What is SaaS? What are the benefits of SaaS?

INCIDENT RESPONSE CHECKLIST

Ovation Security Center Data Sheet

How To Control Vcloud Air From A Microsoft Vcloud (Vcloud)

CONCEPTS IN CYBER SECURITY

GE Oil & Gas. Cyber Security for NERC CIP Versions 5 & 6 Compliance

Hosted SharePoint: Questions every provider should answer

White Paper How Noah Mobile uses Microsoft Azure Core Services

ISACA rudens konference

Tk20 Network Infrastructure

Invensys Security Compliance Platform

SANS Top 20 Critical Controls for Effective Cyber Defense

CounselorMax and ORS Managed Hosting RFP 15-NW-0016

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

TPS Virtualization and Future Virtual Developments. Paul Hodge

Secure Remote Substation Access Interest Group Part 3: Review of Top Challenges, CIPv5 mapping, and looking forward to 2014!

Security Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP

CIP- 005 R2: Understanding the Security Requirements for Secure Remote Access to the Bulk Energy System

OMNITURE MONITORING. Ensuring the Security and Availability of Customer Data. June 16, 2008 Version 2.0

Hardware and Software Security

UMHLABUYALINGANA MUNICIPALITY IT PERFORMANCE AND CAPACITY MANAGEMENT POLICY

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

How Much Cyber Security is Enough?

NERC Cyber Security. Compliance Consulting. Services. HCL Governance, Risk & Compliance Practice

Securely Architecting the Internal Cloud. Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc.

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

Did you know your security solution can help with PCI compliance too?

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

Altius IT Policy Collection Compliance and Standards Matrix

Managed Services Agreement. Hilliard Office Solutions, Ltd. PO Box Phone: Midland, Texas Fax:

Supporting our customers with NERC CIP compliance. James McQuiggan, CISSP

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room

System Management. What are my options for deploying System Management on remote computers?

Signal Customized Helpdesk Course

Hosted Testing and Grading

PCI COMPLIANCE REQUIREMENTS COMPLIANCE CALENDAR

Security Assessment and Compliance Services

Secondary DMZ: DMZ (2)

Cisco Smart Care Service

Managed Service Plans

SIEM Optimization 101. ReliaQuest E-Book Fully Integrated and Optimized IT Security

DeltaV System Cyber-Security

Patch and Vulnerability Management Program

The Fundamental Difference Between SIEM & Log Management Solutions: State vs. Event Data

Managed Hosting & Datacentre PCI DSS v2.0 Obligations

SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP

Are you prepared to be next? Invensys Cyber Security

Managed Services Overview Servers, Exchange, Help Desk, and Citrix Infrastructures

USM IT Security Council Guide for Security Event Logging. Version 1.1

Inform IT Enterprise Historian. The Industrial IT Solution for Information Management

Keyfort Cloud Services (KCS)

Building Secure Networks for the Industrial World

Defending Against Data Beaches: Internal Controls for Cybersecurity

Cisco Certified Security Professional (CCSP)

RUGGEDCOM CROSSBOW. Secure Access Management Solution. siemens.com/ruggedcom. Edition 10/2014. Brochure

LogRhythm and NERC CIP Compliance

Compulink Advantage Cloud sm Software Installation, Configuration, and Performance Guide for Windows

Managing your Red Hat Enterprise Linux guests with RHN Satellite

End-user Security Analytics Strengthens Protection with ArcSight

Secure Remote Substation Access Solutions

A New Layer of Security to Protect Critical Infrastructure from Advanced Cyber Attacks. Alex Leemon, Sr. Manager

Compulink Advantage Online TM

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

Transcription:

2015 Honeywell Users Group Europe, Middle East and Africa Continuous Industrial Cyber Risk Mitigation with Managed Services Monitoring and Alerting Konstantin Rogalas and Arjen van Es, Honeywell

About the Presenter Arjen van Es Security Service Center Team leader EMEA/APAC; 1991 1995 Commissioning engineer Axial/Centrifugal compressors; 1995 1998 Service engineer - modular systems; Arjen.van.Es@Honeywell.com 1998 2005 Software support engineer; 2005 2007 Technical Specialist ICT; 2007 2009 Process control systems Network Architect; 2009 2011 Open Systems Services - Consultant; 2 2015 Honeywell International All Rights Reserved

About the Presenter Konstantin Rogalas MSc, MBA Business Lead for Honeywell Industrial Cyber Security - Europe; 1989 1998 in Discrete Automation & Process Control; 1999 2012 in Telecommunications: Broadband-M2M/IoT; Konstantin.Rogalas@Honeywell.com 2013 Oil & Gas, Energy, Pharmaceuticals & Chemicals industry Certification study for ENISA in Industrial Cyber Security; 2014 2015 ICS Council with policy makers, asset owners and service providers; Member of the European ICS Stakeholders Group. 3 2015 Honeywell International All Rights Reserved

Agenda Continuous Monitoring in the Security Profile Obstacles & Managed Security Pros-Cons Monitoring & Alerting with Managed Services Conclusions Open Discussion About: Honeywell Industrial Cyber Security 4 2015 Honeywell International All Rights Reserved

ICS Continuous Monitoring: Making the Case Continuous Monitoring ensures Industrial Control System (ICS) reliability Detection of availability & performance issues to prevent serious degradation In the context of Cybersecurity: Which ICS Cyber Security controls (technical and non-technical) need to be in place for ICS Continuous Monitoring? Where does ICS Continuous Monitoring belong in the Cyber Security Profile? This section: Introduces the Cyber Security Profile and its underlying principles Places Continuous Industrial Cyber Risk Readiness in the overall Cyber Security Profile context Proves why Continuous Monitoring is in the heart of detecting cyber security anomalies & events which is vital to respond/recover Explains why Continuous Monitoring is an essential performance evaluation principle which increases cyber security maturity 5 2015 Honeywell International All Rights Reserved

Typical security level 6 2015 Honeywell International All Rights Reserved

Security levels and security capabilities 7 2015 Honeywell International All Rights Reserved

C2M2 Maturity Indicator Levels 8 2015 Honeywell International All Rights Reserved

Cyber Security Profile 9 SL4 SL3 SL2 SL1 13 14 15 16 9 10 11 12 5 6 7 8 1 2 3 4 SL1 SL2 SL3 SL4 1001 Refining process facilities 1401 Fertilizers 1102 O&G LNG terminals 1403 Petrochemicals 1103 O&G processing 1404 Plastics and fibers 1104 O&G production - on-shore 1405 Specialty chemicals 1105 O&G production - off-shore 1406 Biofuels 1108 O&G Marine - LNG IAS 1501 Alumina 1110 Gas To Liquid 1502 Aluminium 1112 Production - Coal bed M 1503 Base materials 1114 Pipeline - Liquid 1504 Cement 1115 Pipeline - Gas 1505 Coal & coal gasification 1201 Pulp 1506 Iron 1203 Paper 1509 Precious metals 1204 CWS 1510 Steel making 1303 Utility power 1508 Other SL1 SL2 SL3 SL4 MIL0 MIL1 MIL2 MIL3 The target Protection Level is determined by the security design effectiveness (Security Level) and security operations effectiveness (Maturity Level) IEC 62443 standard provides the Security Level, Cobit or C2M2 toolkit provides the Maturity Level The Security Profile defines for each facility how to protect and how to organize 2015 by Honeywell International Inc. All rights reserved. 9 2015 Honeywell International All Rights Reserved Defines the Security Profile

Sustainable security requires a Program 10 SP 16 SP 15 Increase maturity level with an organized Security Operations Center (SOC) 4 SP 12 SP 11 SP 10 SP 7 SP 6 Increase maturity level with Activity/Trend reporting (associated Policies) 2 3 Increase security level with SIEM, NGFW, AWL, Risk Manager SP 5 SP 2 SP 1 1 Increase security level with Monitoring/Alerting (in addition to Anti-Virus, Patching) Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 2015 by Honeywell International Inc. All rights reserved. If you run too fast or jump too high, you might trip 10 2015 Honeywell International All Rights Reserved

Agenda Continuous Monitoring in the Security Profile Obstacles & Managed Security Pros-Cons Monitoring & Alerting with Managed Services Conclusions Open Discussion About: Honeywell Industrial Cyber Security 11 2015 Honeywell International All Rights Reserved

Obstacles to initial self-monitoring Compatibility with DCS - Logging agents stress the control system Budget for required utilities Developing Logging Agents Servers, Databases, Proxy, etc. Personnel required for administration Initial implementation & testing of components above Analysis of events to determine what is critical Investigation of alerts to determine next steps Other concerns Training on new technology Different expertise per location 12 2015 Honeywell International All Rights Reserved

Continuous Monitoring Best Practice Hire a company to monitor your control systems with minimal setup time and for a fraction of the cost, while fulfilling the following: Expertise in Control System Cybersecurity Methodology that complies with IEC 62443 Existing set of Passive Agents Responding on monitored problems Serving concurrently 100s of sites Follow the sun support model 13 2015 Honeywell International All Rights Reserved

Voice of the Customer 1. For control system performance/availability monitoring, do you have a process and, if yes, which kind of? No monitoring process Manual monitoring process Automated monitoring process 2. How satisfied are you with how you currently monitor the security of your control system? Dissatisfied Needs improvement Satisfied 3. Which disadvantages do you see in using Managed Security Services? Capex/Opex Investment New Internal Processes Corporate IT policy issues 14 2015 Honeywell International All Rights Reserved

Where would your Security Profile be? 15 2015 Honeywell International All Rights Reserved

Agenda Continuous Monitoring in the Security Profile Obstacles & Managed Security Pros-Cons Monitoring & Alerting with Managed Services Conclusions Open Discussion About: Honeywell Industrial Cyber Security 16 2015 Honeywell International All Rights Reserved

Key Events to Monitor Network Activity Logs ACL Rules, Utilization Spikes, Passwords/Strings System Audit Logs Unauthorized Access, Disabling Controls, Configuration Changes System Availability/Performance Application Health, CPU Utilization, Hardware Errors, Overruns Administrative Changes GPO Modifications, Group Additions, Enabling USB Devices Software Update Compliance Aging for Virus Signatures, Security Patches, Software Updates Virus Infections 17 2015 Honeywell International All Rights Reserved

What is monitored Performance Analyzers for 550+ Critical parameters 18 2015 Honeywell International All Rights Reserved

Performance Monitoring - 1 LEVEL 4 LEVEL 3.5 DMZ LEVEL 3 LEVEL 2 Redundant Servers Service Node PHD Stations (N (N nos.) Corporate Network Firewall LCN A LCN B L3 Switch Relay server ESVT EST US GUS Experion Servers Performance Experion Stations Data and Notifications Rate Performance for ESVT CDA, TPS and DSA State of critical Experion State Performance of Critical Experion services, EST Patches Data and Notifications Rate FTE Performance GUS driver warnings, FTE for CDA, Driver TPS Warnings and DSA Report Data and of Notifications current Experion Rate TPS Performance Current State of Experion Critical Experion Patch patches Controllers installed Performance Data Status Patches and Notifications Rate PHD Event Rate -FTE Driver Warnings Availability State CPU for CDA, of load TPS and DSA Critical Experion State Performance Availability US Current Experion Patch Synchronization Patches TPS of Interface Critical Experion Average - & Synchronization Status Patches Data storage C300 Performance Redundancy FTE Data Driver Rate Warnings FTE - Real Queue state Redundancy Driver Time Warnings Data (RDI) Performance -Parameters Queue state Failure Current TPS Interface per Second Events Experion Average Alerts Patch Current Interface -Failure HEAPFRAG Availability Status CPU Notification load Events Experion Alerts Rate Patch Status - Backup Synchronization Cycle Data Server Request overruns Failed Rate & Availability - Availability Redundancy Queue state Availability I/O Parameter Link bandwidth requests Synchronization - Process/System Failure Events Alerts & State - US Failure Parameter availability Events Rate - Alerts Availability Backup Redundancy RDI State - Server Failed Queue state Backup Peer to Server peer Failed traffic -Failure - Services Controller Events goes Alerts offline Availability -Backup Failover Server of redundant Failed - Controller controllers goes offline - Failover of redundant controllers LEVEL 1 APM HPM AM PM CLM NG CG HG 19 2015 Honeywell International All Rights Reserved

Performance Monitoring - 2 LEVEL 4 LEVEL 3.5 DMZ LEVEL 3 LEVEL 2 Redundant Servers Service Node Stations (N nos.) PHD Corporate Network Firewall L3 L3 Switch Switch Relay server ESVT EST US GUS PC Hardware Monitoring Performance Firewall - Windows Hard Disk Applications failures Switches Performance - Predictive (L2 Warnings-HDD and L3) Performance - Memory Usage Failures - - - RAID Memory Input / Output Windows Degradation Usage Rates performance - - - Chassis Input Bandwidth monitoring / Output Usage intrusion Rates - - - Bandwidth Input / Output Load Percentage Usage Errors - - Availability - Input Status Free / physical Output and configuration memory Errors - of each Interface - - Loss Status Used of and Space Redundancy configuration (%) of - each Power Interface Supply failure Availability - Fans Chassis Intrusion Availability - Device Availability Temperature High inside - - Device Ping Status Chassis Availability - - Ping Response Status Time - Response Time LCN A LCN B LEVEL 1 APM HPM AM PM CLM NG CG HG 20 2015 Honeywell International All Rights Reserved

Security Monitoring LEVEL 4 LEVEL 3.5 DMZ LEVEL 3 LEVEL 2 LEVEL 1 Redundant Servers Service Node Stations (N nos.) PHD Corporate Network Firewall LCN A LCN B L3 Switch Relay server ESVT EST US GUS Patch & Update Management Performance Anti-virus Windows Update Intrusion Performance Information Detection Performance Anti-virus warning Patch Information Unauthorized Anti-virus error Audit policy status login Engine policies Audit attempts Trail Suspicious Availability packet/traffic Virus scan failure Windows Ability to recognize Security Virus signature Performance patterns typical of attacks database updation Invalid login attempts Analysis failure Authentication of abnormal failure Account activity Locked patterns out Password Tracking user expired policy User violations account expired Unauthorized elevated Privileges Password policy Password complexity/ strength policy Guest account status APM HPM AM PM CLM NG CG HG 21 2015 Honeywell International All Rights Reserved

Honeywell Security Service Center (HSSC) Amsterdam Houston Amsterdam Bucharest Houston 22 2015 Honeywell International All Rights Reserved

Managed Industrial Cyber Security Services Patch and Anti-Virus Automation Security and Performance Monitoring Activity and Trend Reporting Advanced Monitoring and Co- Management Secure Access Tested and qualified patches for operating systems & DCS software Tested and qualified antimalware signature file updates Comprehensive system health & cybersecurity monitoring 24x7 alerting against predefined thresholds Monthly or quarterly compliance & performance reports Identifying critical issues and chronic problem areas Honeywell Industrial Cyber Security Risk Manager Firewalls, Intrusion Prevention Systems, etc. Highly secure remote access solution Encrypted, two factor authentication Complete auditing: reporting & video playback Monitoring, Reporting and Honeywell Expert Support 23 2015 Honeywell International All Rights Reserved

Security and Performance Monitoring Continuous Monitoring - Agentless monitoring solution for system, network and security performance and health - Tested to ensure no impact on systems - Automated monitoring of critical ICS, network, Windows TM and security parameters - Intelligent analysis based on Honeywell engineering & expertise Alerts / Situational Awareness - 24/7 automated, proactive alerting for all monitored devices - Equipment and device specific thresholds - Managed Security Service Center automatically generates an alert email or SMS text to site specified contact - Alert messages may include attached troubleshooting techniques 24 2015 Honeywell International All Rights Reserved

Activity and Trend Reporting Trend Analysis Complements Alerts - Ability to catch degrading conditions - Captures & reports frequency of intermittent issues Critical Parameter Reports Actionable reports of critical system & network information plus security issues - Out-of-date installation status for Anti-Malware signatures & Windows TM patches - Inventory of all detected networked equipment - Key source of data for compliance documentation Bi-Annual and/or Quarterly Reports - Comprehensive, detailed reports including long term trends, plus expert analysis Audit - Audit capability including access to session recordings 25 2015 Honeywell International All Rights Reserved

Get updates Collect monitoring data Get updates Send data Managed Industrial Cyber Security Services Industrial Site Internet Security Service Center Level 4 Corporate Proxy Server Level 3.5 eserver Terminal Server Relay Node Isolates ICS/PCN Ensures no direct communication between L3 and L4 Communication Server Application Servers Level 3 Restricts unauthorized ICS/PCN nodes from sending or receiving data Database Servers Service Node Anti malware Patch Management Monitoring Secure access Level 2 EST/ESF 3 rd Party Historian Domain Controller SSL Encrypted communication Connects to Honeywell Security Service Center ONLY! ACE EST/ ESF Experion Servers Domain Controller Level 1 26 2015 Honeywell International All Rights Reserved

EMEA Managed Security Service Center Estonia Norway Finland SSC and support team Sweden Egypt Kuwait Saudi Arabia Abu Dhabi Oman North Sea Poland United Kingdom Cameroun Belgium France Zwitserland Germany Austria Slovakia SSC Support team Zambia Romania Namibia Italy South Africa Portugal Spain Sites 203 Protection Management 147 Tunisi Monitoring 112 SSC EMEA support Locations: Amsterdam The Netherlands Bucharest - Romania 27 2015 Honeywell International All Rights Reserved

Agenda Continuous Monitoring in the Security Profile Obstacles & Managed Security Pros-Cons Monitoring & Alerting with Managed Services Conclusions Open Discussion About: Honeywell Industrial Cyber Security 28 2015 Honeywell International All Rights Reserved

Cyber Security Profile 29 SL4 13 14 15 16 SL3 9 10 11 12 SL2 5 6 7 8 SL1 1 2 3 4 MIL0 MIL1 MIL2 MIL3 2015 by Honeywell International Inc. All rights reserved. Manageability requires a S.M.A.R.T. and holistic approach 29 2015 Honeywell International All Rights Reserved

Security solutions 30 SL4 13 14 15 16 SOC SL3 9 10 11 12 SL2 5 6 7 8 SL1 1 2 3 4 MIL0 MIL1 MIL2 MIL3 2015 by Honeywell International Inc. All rights reserved. Manageability requires a S.M.A.R.T. and holistic approach 30 2015 Honeywell International All Rights Reserved

Industry-Leading Industrial Cyber Security 31 Industrial Cyber Security Experts Global team of certified Industrial Cyber Security experts 100% dedicated to Industrial Cyber Security Experts in process control cyber security Leaders in security standards ISA99 / IEC62443 / NIST Proven Experience 10+ years industrial cyber security 1,000+ successful industrial cyber projects 300+ managed industrial cyber security sites Proprietary cyber security methodologies and tools Investment and Innovation Largest R&D investment in industrial cyber security Partnerships with leading cyber security vendors Industry first Risk Manager First to obtain ISASecure security for ICS product State of art Industrial Cyber Security Solutions Lab Refining & Minerals, Petrochemical Oil & Gas Chemicals Power Generation Metals & Mining Pulp & Paper Proven Industrial Cyber Security Solution Provider 31 2015 Honeywell International All Rights Reserved

This is what we do: Open Discussion 32 2015 Honeywell International All Rights Reserved

Agenda Continuous Monitoring in the Security Profile Obstacles & Managed Security Pros-Cons Monitoring & Alerting with Managed Services Conclusions Open Discussion About: Honeywell Industrial Cyber Security 33 2015 Honeywell International All Rights Reserved

Leading Cyber Security Organization for ICS 34 2015 Honeywell International All Rights Reserved

Honeywell ICS Edmonton Vancouver Bracknell Aberdeen Amsterdam Montreal Offenbach Bucharest Global setup to serve global organizations as well as local asset owners Houston Atlanta Dubai Kuala Lumpur Santiago Perth SSC + HICS HICS Office Private LSS SSC HICS Resource(s) Industries served: Oil & gas Gas distribution Power Refineries Chemical Water treatment Pulp & paper Maritime 35 2015 Honeywell International All Rights Reserved

Honeywell s Industrial Cyber Security Lab Flexible model of a complete process control network up to the corporate network Honeywell Cyber Security solutions development and test bed Demonstration lab for customers Cyber security related academic programs Hands-on training Simulate cyber attacks Demonstrate Honeywell cyber security solutions 36 2015 Honeywell International All Rights Reserved

Typical systems H-ICS have secured Distributed Control Systems E.g. Chemical, Petrochemical, Refining, Offshore platforms Leak Detection Systems, Machine Monitoring Systems, Metering Systems, Compressor Control Systems Supervisory Control and Data Acquisition (SCADA) systems E.g. Gas Distribution, Power utilities, Pipelines, oil fields Distributed Energy Systems E.g. Wind turbines, hydropower Maritime systems E.g. Harbor systems, shipping 37 2015 Honeywell International All Rights Reserved

Driven by standards and regulations IEC 62443 (Formerly ISA 99) Industrial Automation Control Systems (IACS) Security Global standard for wide range of industry Honeywell ICS is active contributor to the development of the standard through ISA NERC CIP North American Power ANSSI, BSI, CPNI, MSB, etc. European guidelines, best practices and country-specific measures JRC & ENISA recommendations European Union NIST US technology standards (SP 800-82) And others: ISO, API, OLF E.g. ISO 27000, API 1164, OLF 104 Local regulations 38 2015 Honeywell International All Rights Reserved

Honeywell ICS specialists background 39 Unique combination of long time experience in process control, networks and cyber security Gain knowledge, demonstrate knowledge and maintain knowledge - CISSP - CCNA - MCSE - CISM - CCNP - MCSA - CEH - CCIE - VCP - CRISC - CCSP Specialists with many backgrounds - Honeywell - Penetration testing - 14+ Languages - Yokogawa - IT departments - Emerson - Telecom providers - Schneider - ABB 2015 by Honeywell International Inc. All rights reserved. 39 2015 Honeywell International All Rights Reserved

WWW.BECYBERSECURE.COM 40 2015 Honeywell International All Rights Reserved

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information