2012 Honeywell Users Group Americas. Sustain.Ability. Rick Kaun - Honeywell. Cyber Security



Similar documents
Cyber Security Compliance (NERC CIP V5)

SCADA Security Training

Caretower s SIEM Managed Security Services

TRIPWIRE NERC SOLUTION SUITE

Cyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services

Effective Use of Assessments for Cyber Security Risk Mitigation

Industrial Control System Cyber Security

i Network, Inc Technology Solutions, Products & Services Providing the right information, to the right customer, at the right time.

GE Oil & Gas. Cyber Security for NERC CIP Versions 5 & 6 Compliance

RSA, The Security Division of EMC. Zamanta Anguiano Sales Manager RSA

Cyber Security for NERC CIP Version 5 Compliance

LogRhythm and NERC CIP Compliance

Effective Defense in Depth Strategies

ARC INDUSTRY FORUM 2015

Click to edit Master title style. How To Choose The Right MSSP

Automating NERC CIP Compliance for EMS. Walter Sikora 2010 EMS Users Conference

Business Case Outsourcing Information Security: The Benefits of a Managed Security Service

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

應 用 SIEM 偵 測 與 預 防 APT 緩 攻 擊

IBM QRadar Security Intelligence April 2013

CYBER SECURITY SERVICES PWNED

ARS v2.0. Solution Brief. ARS v2.0. EventTracker Enterprise v7.x. Publication Date: July 22, 2014

Verve Security Center

ABB Automation Days, Madrid, May 25 th and 26 th, Patrik Boo What do you need to know about cyber security?

AURORA Vulnerability Background

Rethinking Cyber Security for Industrial Control Systems (ICS)

NERC Cyber Security. Compliance Consulting. Services. HCL Governance, Risk & Compliance Practice

Cybersecurity for Energy Delivery Systems 2010 Peer Review. Dale Peterson Digital Bond, Inc. Bandolier and Portaledge

Invensys Security Compliance Platform

EMERGING THREATS & STRATEGIES FOR DEFENSE. Stephen Coty Chief Security

Frost & Sullivan s. Aerospace, Defence & Security Practice. Global Industrial Cyber Security Trends

Clavister InSight TM. Protecting Values

Critical Infrastructure Cybersecurity

INCIDENT RESPONSE CHECKLIST

The State of Industrial Control Systems Security and National Critical Infrastructure Protection

Changing the Enterprise Security Landscape

NERC CIP VERSION 5 COMPLIANCE

Cyber Security Seminar KTH

Best Practices to Improve Breach Readiness

SIEM Implementation Approach Discussion. April 2012

PCI Requirements Coverage Summary Table

Unified Security, ATP and more

Logging In: Auditing Cybersecurity in an Unsecure World

Cyber security tackling the risks with new solutions and co-operation Miikka Pönniö

Incident Response. Six Best Practices for Managing Cyber Breaches. Nick Pollard, Senior Director Professional Services EMEA / APAC, Guidance Software

Industrial Security for Process Automation

THE WORLD IS MOVING FAST, SECURITY FASTER.

Securing your IT infrastructure with SOC/NOC collaboration

i-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors

Operational Continuity

ICS CYBER SECURITY RKNEAL, INC. Protecting Industrial Control Systems: An Integrated Approach. Critical Infrastructure Protection

Industrial Cyber Security 101. Mike Spear

PCI Requirements Coverage Summary Table

North American Electric Reliability Corporation: Critical Infrastructure Protection, Version 5 (NERC-CIP V5)

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions

Cloud and Critical Infrastructures how Cloud services are factored in from a risk perspective

ISACA rudens konference

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

North American Electric Reliability Corporation (NERC) Cyber Security Standard

Ecom Infotech. Page 1 of 6

Решения HP по информационной безопасности

Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program

AN EXECUTIVE S GUIDE TO BUDGETING FOR SECURITY INFORMATION & EVENT MANAGEMENT

Leveraging Regulatory Compliance to Improve Cyber Security

Big Data and Security: At the Edge of Prediction

RSA Security Anatomy of an Attack Lessons learned

Session 14: Functional Security in a Process Environment

Average annual cost of security incidents

Continuous Network Monitoring

Business white paper. Missioncritical. defense. Creating a coordinated response to application security attacks

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT

Application Whitelisting - Extend your Security Arsenal? Mike Baldi Cyber Security Architect Honeywell Process Solutions

NEC Managed Security Services

Compliance Management, made easy

Managed Security Service Providers vs. SIEM Product Solutions

MANAGED SECURITY SERVICES (MSS)

SecureVue Product Brochure

LOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE

Cyber Security and Privacy - Program 183

Control System Integrity (CSI) Tools and Processes to Automate CIP Compliance for Control Systems

AppGuard. Defeats Malware

SSC Operations IT Transformation in Motion

The business case for managed next generation firewalls. Six reasons why IT decision makers should sit up and take notice

Information & Asset Protection with SIEM and DLP

Best Practices in ICS Security for Device Manufacturers. A Wurldtech White Paper

Security strategies to stay off the Børsen front page

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

Intelligence Driven Security

Resilient and Secure Solutions for the Water/Wastewater Industry

Transcription:

2012 Honeywell Users Group Americas Sustain.Ability. Rick Kaun - Honeywell Cyber Security 1

Industrial IT: Security Concerns Industrial facilities must run safely, reliably and predictably Process Control Systems were long considered immune to attack Adoption of open standards has created new security threats Industries must meet increased security expectations due to: Regulatory compliance Corporate expectation Prevalence of threats 2

Challenges Nothing new right? Increased Complexity Greater uptime Vibration monitoring, wireless I/O, environmental monitoring/reporting etc Increased Technology System to human ratio exploding Aging Workforce Increased Cyber Risk Stuxnet, Duqu, Flame,??? Increased Regulation NERC CIP, CFATS, Pipeline Guidelines, etc 3

What is the answer? Intelligent application of technology in a production environment Scalable, manageable, cost effective What is the toughest challenge? What is the true test of security? We need to run safe, reliably and expectedly Any risk to that mandate is a real risk All the controls in the world will do nothing if. Not properly applied and managed over time. This is the true risk 4

Management is the true challenge If security is measured by how quickly you can detect, contain, recover and improve from an incident then how you manage your program is key Security program is People, Process and Technology Some recent developments include: AWL Virtualization Cloud Computing IDS/IPS or SIEM Etc All are only effective if properly managed 5

Revisit the Challenge vs Solutions Increased complexity => Need more Experts! Can you hire enough Experts? Where do they sit? Increased Technology => Need more IT guys Not just IT but Process control IT. They are everywhere right? Aging Workforce => Need Bodies! No problem adding team members! Increased Cyber Risk => Need SOC? Where to even start? Skills? Cost? Increased Regulation => Need Documentation Paperwork is always current, effective and up to date! 6

Sample Solutions In-house versus outsource? Or Build versus buy? In my humble opinion, the future of cyber security lies in the conjoined management of security programs True partnership between owner/operator and specific support programs/organizations A large consultant/vendor can: afford to stand up an SOC Properly staff an R&D department build a 24 X 7 support center employ sufficient specialty skill sets develop and maintain a dashboard or an HMI for the security manager 7

Honeywell s Industrial IT Solutions Assess against industry standards, regulatory requirements and best practices Remediate focuses on the actions needed to address issues identified in the Assess phase Assure addresses methods to assure your Industrial IT solutions are functioning as designed Manage refers to the management of your Industrial IT investment, including network security 8 Evolving services and solutions for a changing Industrial IT environment

Cyber Security Services Advanced Securing your critical infrastructure is an evolving process with four distinct phases Basic IITS Intermediate Enhanced Functionality Expanded Capability Integrated Assessments Security Manager HMI (dashboard) Automated Compliance Tools Security Operations Center (SOC) Assurance Monitoring Role Based Authentication (RBAC) Backup/Restore Services Application Whitelisting Virtual Patching IDS/IPS Security Incident and Event Mgmt (SIEM) Forensics (Root Cause Analysis) Integration of OSS Global Ops and Matrikon ICS Assess, Remediate, Manage, Assure A/V, Patch, Remote Monitoring, Perimeter Mgmt. 9

DCS Agnostic Most clients have more than one DCS/SCADA system Most clients need to manage the security on all IITS vision is to partner with our clients to deploy best practice solution across your fleet of assets. 10

SOC/NOC Automatic monitoring and review Outsource repetitive tasks Access to high skills and tools Ad-hoc security alerts 11

12 Security Program Dashboard

Questions? Rick Kaun Business Manager, Industrial IT Solutions phone: +1 (780) 945-4055 cell: +1 (780) 485-7254 rick.kaun@honeywell.com Shawn Gold Global Solution Leader, Open Systems Services phone: +1 (604) 278-4492 cell: +1 (604) 376-6033 shawn.gold@honeywell.com Follow us: twitter.com/rickkaun Blog: http://insecurity.honeywellprocess.com Website: http://www.honeywellprocess.com Website: http://www.becybersecure.com 13

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information