Remote Services. Managing Open Systems with Remote Services



Similar documents
Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0

Innovative Defense Strategies for Securing SCADA & Control Systems

Industrial Cyber Security. Complete Solutions to Protect Availability, Safety and Reliability of Industrial Facilities

Ovation Security Center Data Sheet

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

Guardian365. Managed IT Support Services Suite

MSP Service Matrix. Servers

Injazat s Managed Services Portfolio

Delivering operations integrity through better plant safety, availability and compliance across your entire enterprise

TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE. ebook Series

Remote Access Platform. Architecture and Security Overview

Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.

Exhibit to Data Center Services Service Component Provider Master Services Agreement

REMOTESTOR CLOUD BASED DATA REPLICATION

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

THE SECURITY OF HOSTED EXCHANGE FOR SMBs

74% 96 Action Items. Compliance

Windows 7, Enterprise Desktop Support Technician

Information Technology Solutions. Managed IT Services

Windows 7, Enterprise Desktop Support Technician Course 50331: 5 days; Instructor-led

GiftWrap 4.0 Security FAQ

i-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors

Course Description. Course Audience. Course Outline. Course Page - Page 1 of 12

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

INCIDENT RESPONSE CHECKLIST

Ovation Security Center Data Sheet

Attachment E. RFP Requirements: Mandatory Requirements: Vendor must respond with Yes or No. A No response will render the vendor nonresponsive.

"Charting the Course to Your Success!" MOC D Windows 7 Enterprise Desktop Support Technician Course Summary

How To Protect Your Network From Attack From A Network Security Threat

Compulink Advantage Cloud sm Software Installation, Configuration, and Performance Guide for Windows

Process Solutions. DynAMo Alarm & Operations Management. Solution Note

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Supplier Security Assessment Questionnaire

Effective Defense in Depth Strategies

Hosted SharePoint: Questions every provider should answer

WhatsUp Gold vs. Orion

Module 3: Resolve Software Failure This module explains how to fix problems with applications that have problems after being installed.

Managed Service Plans

PCI DSS Requirements - Security Controls and Processes

How To Use Egnyte

Secure, Scalable and Reliable Cloud Analytics from FusionOps

whitepaper 4 Best Practices for Building PCI DSS Compliant Networks

Loop Scout. Loop and Alarm Performance Management Service

SITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA

Cisco Advanced Services for Network Security

Industrial Security for Process Automation

Global Partner Management Notice

Industrial Security Solutions

GFI White Paper PCI-DSS compliance and GFI Software products

Network Security Administrator

Course: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems

Fully Managed IT Support. Proactive Maintenance. Disaster Recovery. Remote Support. Service Desk. Call Centre. Fully Managed Services Guide July 2007

SERVICES BRONZE SILVER GOLD PLATINUM. On-Site emergency response time 3 Hours 3 Hours 1-2 Hours 1 Hour or Less

Course 20688A: Managing and Maintaining Windows 8

INNOVATE. MSP Services Overview SVEN RADEMACHER THROUGH MOTIVATION

ABB s approach concerning IS Security for Automation Systems

System Security Plan University of Texas Health Science Center School of Public Health

Cyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

Why SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)?

Managing for the Long Term: Keys to Securing, Troubleshooting and Monitoring a Private Cloud

Network Management System (NMS) FAQ

Security FAQs (Frequently Asked Questions) for Xerox Remote Print Services

Security from the Ground Up eblvd uses a hybrid-asp model designed expressly to ensure robust, secure operation.

IT INFRASTRUCTURE MANAGEMENT SERVICE ADDING POWER TO YOUR NETWORKS

Protecting systems and patient privacy

Access Control & Surveillance. Business Phone Systems. Data Storage & Recovery. Managed IT Services

Compulink Advantage Online TM

PREMIER SUPPORT STANDARD SERVICES BRONZE SILVER GOLD

The Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency

The Importance of a Resilient DNS and DHCP Infrastructure

PCI Data Security Standards (DSS)

Building Secure Cloud Applications. On the Microsoft Windows Azure platform

Basics of Internet Security

Information Technology Engineers Examination. Network Specialist Examination. (Level 4) Syllabus. Details of Knowledge and Skills Required for

APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST

The Value of Vulnerability Management*

Cloud Services Catalog with Epsilon

Practice law, not IT. You can save costs while outsourcing to the US law firm technology experts!

Clavister InSight TM. Protecting Values

Global Outsourcing / Infrastructure Management. Instinct 2.0. Bridging the Gap between the Disparate Needs of Organizations and End-Users

Cyber Security for NERC CIP Version 5 Compliance

Client Security Risk Assessment Questionnaire

White Paper. BD Assurity Linc Software Security. Overview

THE TOP 4 CONTROLS.

Payment Card Industry Data Security Standard

December P Xerox App Studio 3.0 Information Assurance Disclosure

LogRhythm and NERC CIP Compliance

Security Policy JUNE 1, SalesNOW. Security Policy v v

Stable and Secure Network Infrastructure Benchmarks

Transcription:

Remote Services Managing Open Systems with Remote Services

Reduce costs and mitigate risk with secure remote services As control systems move from proprietary technology to open systems, there is greater flexibility but there can also be issues with compatibility, security and software complexity. Honeywell works with customers to help manage open systems. Honeywell's secure remote services improve safety and reduce costs with proactive monitoring and faster problem resolution while avoiding travel time and costs. Remote services include patch management, virus protection, system monitoring, backup and restore, and more. To mitigate risk, Honeywell employs industry best practices to ensure a highly secure connection and protection of data for ourselves and our customers.

Best Practices for Managing Open Systems Technology Technological advancements are changing distributed control systems (DCS) by integrating proprietary technology from the vendor with open systems technology provided by Microsoft, Intel, Cisco and many others. Compatibility issues, security patches, virus attacks and software complexity result in a significantly higher frequency of change compared with proprietary only technology. To help manage the change, the industry is employing remote services as a best practice to quickly connect supplier experts with customer systems. Honeywell has developed a full suite of remote services to support our customers with their day to day technology challenges. Remote Services Remote services improve plant safety, reliability and efficiency. Safety incidents are reduced by limiting the number of people needed on site. Reliability is improved through proactive 24/7 process and system monitoring providing faster resolution when problems arise. Efficiency is improved by avoiding travel time, allowing direct access to expertise, collaborative troubleshooting and engineering, standard operating practices and centralized services like deployment of updates and virus definition files. Remote Access to Customer Sites It all starts with a remote connection to a customer site. Honeywell uses the Internet or dedicated lease lines with secure protocols and protection mechanisms to set up the connection. Logins with password, encryption, VPN tunnels, PIN code and a hardware key code generator maximize security avoiding unauthorized access. Honeywell uses the same connectivity solution to deliver all remote services, including troubleshooting, system changes and analysis, so all use the same secure link (one channel principle) between the customer site and Honeywell.

Honeywell provides process related remote services to improve the customer s process performance. By collecting data at the site and analyzing it offline by Honeywell, these services provide valuable information and recommendations on how customers can optimize their process performance. The Honeywell Service Node Remote connections are set up between a remote location and the Service Node on site. The Service Node is the entry point into the customer s process domain. The Service Node consists of a combination of firewalls, proxy server and specialized communication server residing in a secure zone within the process control network (PCN). The Service Node can be used for remote access but is also capable of monitoring system parameters and running diagnostics over the entire PCN. The authorizing system of the Service Node includes a built-in permit and audit system to track access, requests and actions. The site retains full control over all communications to allow, forbid or require approval before actions can be made. The Service Node is protected by the latest validated virus definition files and patched with the latest validated security patches. Infrastructure Related Remote Services Virus Protection- Open platforms are vulnerable to virus and worm attacks, which can lead to loss of view, loss of integration, loss of control and even production downtime. Honeywell tests and approves new virus protection definition files first on a test system emulating a customer s production systems to reduce the risk of a signature collision with a valid data pattern. These new virus protection definition files are downloaded to the Service Node (normally within 24 hours after its release). Properly scheduled distribution at the site of new virus protection definition files eliminates the risk even further that redundant servers can stop at the same time due to the automatic update. Patch Management Patch Delivery- The process of software patching repairs operating systems and application vulnerabilities that can provide an entry point for viruses and other damaging programs. It helps maintain operational efficiency and effectiveness, overcome security vulnerabilities and maintains the stability of the production environment. Honeywell tests and qualifies newly released security patches to make sure they can be safely installed and will not interfere with Honeywell process control software platforms. Normally these patches are tested and qualified within seven days of their release. Customers with a remote connection have the advantage that the Service Node will get the latest security patches and appropriate DCS patches automatically as soon as they are validated. Faster Resolution Proactive Peace of Mind Expertise Patch Deployment- On-site patch installation is offered using trained Honeywell personnel to manually patch the PCN during site visits after careful planning with operations, using the latest patch files made available on the Service Node. Remote patching is offered as an alternative, however, this requires an agreed procedure between engineers in remote locations and assistance from the site. Critical components are not recommended for remote patching. Perimeter Security- To secure the perimeter of a PCN environment, the protection mechanism consists of a set of security controls between the office domain (L4) and the management execution layer (L3) of the plant. This service includes checking of firewalls, intrusion detection /prevention system, network access, proxy servers, top / root domain. Backup and Restore- Loss or corruption of data can have a catastrophic impact on your ability to meet business demands. The best defense is making regular backups and a proven and tested recovery strategy. A complete reinstallation of a PC / server can take up to two days, while a solid backup and restore mechanism can reduce this time to a few hours. Honeywell uses Backup and Restore software and configures the schedule of the backups (full backup and/or incremental backup) so that multiple backups are not executed at the same time to limit the impact of a backup on the overall performance of the PCN. Backups for non-standard servers on the PCN (like PHD, PCC, FDM) can be offered as a special service. Remote Services

System Monitoring- System Monitoring collects and diagnoses health and performance data as well as system logs to monitor the PCN infrastructure. The information is available for local use and to generate reports. When a critical threshold is reached or invalid state / abnormal condition is detected, the monitoring service will run extra diagnostic routines depending upon circumstances, to directly provide a better view to the root cause of a problem allowing more detailed alarming. Alarms are generated and transmitted (through SMS or email) to the customer or designate. The Honeywell Remote Service Center (RSC) also receives the alerts allowing Honeywell to provide instant remote support. Customers will automatically benefit from Honeywell s continuous research of past business interruption situations. Optional health and performance reports provide historical information and analysis including recommendations for optimizing system performance. These reports provide a summary of the recorded activity for devices and overall system health status to determine if any steps should be taken for overall system improvement. System Administration- System administration tasks include checking system logs, managing login problems and disk space management. Honeywell utilizes tools to automate many of these routine inspections, normally handled manually by system administrators, creating benefits like 24/7 continuous checking and eliminating human error. System administration service also monitors the PCN for proper deployment of patches, virus protection definition files and backups. This will generate a To-Do list for the system administrators to execute when time allows. These actions are required to keep the system healthy and avoid unwanted business interruptions. This results in a conditional maintenance task instead of spending long hours on routine checklists. Honeywell remote system administrators will work the To-Do list and are available during office hours to support customers. The system administration tools also provide automatic self-healing capabilities such as starting a backup routine or collecting the latest virus definition file. Automatic repairing needs to be agreed on up front with customers if allowed. Application Hosting- Application hosting is a service where applications used by customers run on computers within a secure Honeywell environment. The benefits of working within the Honeywell cloud include resolving the customer s internal IT department concerns about running additional software within their own environment, managing software compatibility issues, managing small volume or specialized software, and eliminating the requirement for specific or additional server hardware. To access these applications from the site the customer only requires a standard web browser and appropriate authentication. Process Related Remote Services In addition to infrastructure related services, Honeywell provides process related remote services to improve the customer s process performance. By collecting data at the site and analyzing it offline by Honeywell, these services provide valuable information and recommendations on how customers can optimize their process performance. These services are designed to improve regulatory and advanced process control, increase production yields and throughput, and lower energy consumption. Loop Scout- This service actively monitors PID control loop performance and system alarms and provides diagnostics, resolution tools and workflows. This service delivers powerful functionality in the form of industry benchmarks, individual control loop performance history, valve diagnostics and more. Optimum performance of control loops also means optimum process conditions impacting bottom line results.

Benefits Attainment Service This service is available to UOP process licensees for the purpose of monitoring and improving catalyst lifecycle performance while improving the effectiveness of technical support. Advanced process control monitoring services and regulatory loop management services provide comprehensive process unit performance management solutions. Benefits Guardianship Maximum (BG Max)- This comprehensive performance management service maximizes the lifecycle value of advanced process control applications by providing regular monitoring and analysis of Honeywell s Profit Controller applications. BG Max services are designed to not only manage and sustain the performance of advanced process control applications but also include the identification and implementation of application improvements to increase user benefits. Key deliverables include monthly performance score cards, detailed controller analysis reports with control improvement annotations, and direct interaction with subject matter experts. Remote Services Delivery Remote Service Center (RSC)- Honeywell has two global RSCs (Amsterdam and Houston) to support our customers worldwide. The RSCs back up each other and manage all remote connections between Honeywell and our customers. Data retrieved from customer sites is stored within the secure environment of the RSC and access is restricted to appropriately authenticated engineers. Virtual Remote Service Center (VRSC)- VRSCs have similar responsibilities as the RSC but are not connected directly to the customer site and have no data storage capabilities. The VRSC makes use of the RSC infrastructure in a fully transparent mode. Access restrictions are set to ensure the VRSC can only work within the boundaries set by the RSC. VRSC capabilities are also available for those customers requiring the same level of access/reporting functionality. Security Aspects A process control system failure or unauthorized access has the potential to cause significant plant damage or safety risks. As both a process control user and supplier, Honeywell uniquely understands this challenge and therefore employs industry best practices to ensure a highly secure connection and protection of data for both ourselves and our customers. The main security measures are: Two factor authentication to the RSC and secure data communication using encrypted VPN tunnels Overall architectural setup to prevent malware propagation from a user s computer into the process control network Authorization from site required to allow access to any device on the PCN Full audit trail by logging all actions Information Security Confidentiality, integrity and availability are the core principles of information security. Within process control systems, data and control must be accessible when needed (availability), should not be modified without authorization (integrity) and should not be disclosed to unauthorized individuals or systems (confidentiality). Remote services have the following controls in place to lower the risk of security breaches: 24/7 remote services means high availability of service delivery; including remote availability of Honeywell support personnel Secure authentication, authorization and traffic by utilization of encrypted data communication Plant personnel in charge of access control and remote activities Non-disclosure agreement between Honeywell and employees Benefits of Using Remote Connectivity Access data and results anytime and anywhere Immediate detection of failures and performance anomalies Engage the right expertise at the right time (avoid waiting for travel or visa) Improve troubleshooting with advanced diagnostics Automated collection of system data for troubleshooting purposes Receive prioritized notifications to proactively avoid issues Reduce project / commissioning support cost Improve safety (reduce physical time on-site or access to safety critical locations) Assessments and Consultancy Services Honeywell provides additional services to help customers manage their open systems. These include assessments of network, security, risk and readiness, wireless and backup and restore. Consultancy services are available to support design /redesign of the process control network. For More Information To learn more about Honeywell s service programs, contact your Honeywell account manager, visit www.honeywell.com/ps select Services, Maintenance and Support, and Open Systems Services. Automation & Control Solutions Process Solutions Honeywell 1860 W. Rose Garden Lane Phoenix, AZ 85027 Tel: 800-822-7673 www.honeywell.com BR-10-08-ENG August 2010 2010 Honeywell International Inc.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information