Effective Use of Assessments for Cyber Security Risk Mitigation

Similar documents
Industrial Cyber Security Risk Manager. Proactively Monitor, Measure and Manage Cyber Security Risk

Assurance 360 Performa. Ensuring a Secure, Reliable and High-Performing Control System

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services

Industrial Cyber Security. Complete Solutions to Protect Availability, Safety and Reliability of Industrial Facilities

Industrial Cyber Security Risk Manager. Proactively Monitor, Measure and Manage Industrial Cyber Security Risk

NERC Cyber Security. Compliance Consulting. Services. HCL Governance, Risk & Compliance Practice

Advanced Solutions. Uniformance Suite. Real-time Digital Intelligence Through Unified Data, Analytics and Visualization

Fire and Gas Solutions. Improving Safety and Business Performance

Process Solutions. DynAMo Alarm & Operations Management. Solution Note

Delivering operations integrity through better plant safety, availability and compliance across your entire enterprise

EC 350 Simplifies Billing Data Integration in PowerSpring Software

Standard CIP Cyber Security Systems Security Management

Standard CIP 007 3a Cyber Security Systems Security Management

Best Practices in ICS Security for Device Manufacturers. A Wurldtech White Paper

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions

NERC CIP VERSION 5 COMPLIANCE

TRIPWIRE NERC SOLUTION SUITE

Freedom of Choice and Cost Savings in Maintaining and Improving Your Automation Assets.

Management of Change: Addressing Today s Challenge on Documenting the Changes

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

Cyber Security Compliance (NERC CIP V5)

The Importance of Cybersecurity Monitoring for Utilities

Response to NIST: Developing a Framework to Improve Critical Infrastructure Cybersecurity

The Value of Vulnerability Management*

7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008

Process Solutions. Uniformance Process History Database (PHD) Product Information Note

LogRhythm and NERC CIP Compliance

The Protection Mission a constant endeavor

Process Solutions. Mitigating Cyber Security Risks in Legacy Process Control Systems. White Paper

North American Electric Reliability Corporation: Critical Infrastructure Protection, Version 5 (NERC-CIP V5)

How to Integrate NERC s Requirements in an Ongoing Automation and Integration Project Framework

Certified Identity and Access Manager (CIAM) Overview & Curriculum

ISACA rudens konference

Payment Card Industry Data Security Standard

North American Electric Reliability Corporation (NERC) Cyber Security Standard

BSM for IT Governance, Risk and Compliance: NERC CIP

SUPPLIER SECURITY STANDARD

Department of Management Services. Request for Information

Summary of CIP Version 5 Standards

Supporting our customers with NERC CIP compliance. James McQuiggan, CISSP

GE Intelligent Platforms. Meeting NERC Change Control Requirements for HMI/SCADA and Control Systems

Verve Security Center

White Paper. 7 Steps to ICS and SCADA Security. Tofino Security exida Consulting LLC. Contents. Authors. Version 1.0 Published February 16, 2012

Implementation Plan for Version 5 CIP Cyber Security Standards

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Cyber Security for NERC CIP Version 5 Compliance

Best Practices in ICS Security for System Operators. A Wurldtech White Paper

ForeScout CounterACT and Compliance June 2012 Overview Major Mandates PCI-DSS ISO 27002

Keeping the Lights On

Four Top Emagined Security Services

Becoming PCI Compliant

Information Technology

future data and infrastructure

CONTROL SYSTEM VENDOR CYBER SECURITY TRENDS INTERIM REPORT

Information Shield Solution Matrix for CIP Security Standards

BEST PRACTICES IN CYBER SUPPLY CHAIN RISK MANAGEMENT

NERC CIP Compliance with Security Professional Services

INFORMATION TECHNOLOGY SECURITY STANDARDS

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

Completed. Document Name. NERC CIP Requirements CIP-002 Critical Cyber Asset Identification R1 Critical Asset Identifaction Method

HC900 for Boiler Control Applications

Standard CIP Cyber Security Security Management Controls

The President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/

Industrial Security for Process Automation

Critical Infrastructure & Supervisory Control and Data Acquisition (SCADA) CYBER PROTECTION

Professional Services Overview

INTEGRATING SUBSTATION IT AND OT DEVICE ACCESS AND MANAGEMENT

Cloud Security Trust Cisco to Protect Your Data

Honeywell HPS Virtualization FAQ

Alberta Reliability Standard Cyber Security System Security Management CIP-007-AB-5

A Guide to Effective Alarm Management

The first step in protecting Critical Cyber Assets is identifying them. CIP-002 focuses on this identification process.

2012 Honeywell Users Group Americas. Sustain.Ability. Rick Kaun - Honeywell. Cyber Security

Borregaard s Automation Migration: Strategic Tool for Business Improvement. Dag Skjeltorp, Chief Engineer, Borregaard, Ind. Ltd.

Simply Sophisticated. Information Security and Compliance

BMC s Security Strategy for ITSM in the SaaS Environment

HC900 Boiler Control. Background. Solution. Application Brief Industry: Manufacturing

IoT & SCADA Cyber Security Services

FERC, NERC and Emerging CIP Standards

Technology Solutions for NERC CIP Compliance June 25, 2015

NYS LOCAL GOVERNMENT VULNERABILITY SCANNING PROJECT September 22, 2011

Cisco Security Optimization Service

Uniformance Asset Sentinel. Advanced Solutions. A real-time sentinel for continuous process performance monitoring and equipment health surveillance

THE TOP 4 CONTROLS.

NERC CIP Whitepaper How Endian Solutions Can Help With Compliance

White Paper. Intuition Operations Monitoring: Latest Software for Improving Plant Performance, Reliability and Safety.

Preemptive security solutions for healthcare

ABB Automation Days, Madrid, May 25 th and 26 th, Patrik Boo What do you need to know about cyber security?

Enterprise Security Architecture for Cyber Security. M.M.Veeraragaloo 5 th September 2013

Critical Controls for Cyber Security.

Overcoming PCI Compliance Challenges

Transcription:

White Paper Effective Use of Assessments for Cyber Security Risk Mitigation Executive Summary Managing risk related to cyber security vulnerabilities is a requirement for today s modern systems that use network communications to achieve the maximum benefits from system capabilities. Malware intentionally or opportunistically affecting critical infrastructure is a real threat and most sites need and want an effective, manageable solution. This paper discusses Honeywell s Cyber Security Vulnerability Assessment, the effectiveness of this type of assessment, and how it relates to the overall cycle of securing your critical infrastructure.

Effective Use of Assessments for Cyber Security Risk Mitigation 2 Table of Contents Executive Summary... 1 Table of Contents... 2 Industrial Cyber Security Lifecycle... 3 Cyber Security Vulnerability Assessment... 3 Power Company Makes Effective Use of the CSVA in Mitigating Risks... 5 Challenge... 5 Solution... 5 Results... 5 Gas Pipeline Operation Makes Effective Use of the CSVA in Mitigating Risks... 6 Challenge... 6 Solution... 6 Results... 6

Effective Use of Assessments for Cyber Security Risk Mitigation 3 Industrial Cyber Security The ability to manage risk for control systems is nothing new. Industrial Cyber Security Solutions focus on protecting process industry facilities from the growing risk of industrial cyber security threats and vulnerabilities. The portfolio includes complete solutions, managed services, best practices, and support from Honeywell's global army of network and security-certified personnel that secure users' critical infrastructure and deliver a more predictable and safe environment regardless of control system vendor or location. Often, control systems organizations find themselves insufficiently staffed to manage key elements, such as their network security program. The manpower shortfall is coupled, then, with increasing emphasis on uptime, availability, and reliability. The Industrial Cyber Security Lifecycle is on-going and logical in its approach, including: Assessing a specific area, Remediating any issues that are revealed, Continuing to manage those areas, using best practices, and Assuring that the system meets industry regulations or standards. Cyber Security Vulnerability Assessment The Cyber Security Vulnerability Assessment (CSVA) is a service that enables users to attain their security objectives, including: Following their industry s best practices, and Compliance with regulatory standards, such as ISA99, NERC CIP, CFATS, and ISO/IEC27001. Industrial Cyber Security Lifecycle The CSVA uses a holistic approach that examines the three core facets of an organization s cyber security profile: People Process Technology The cyber security awareness level in Current cyber security policies and Cyber security technologies in use in the organization procedures the organization Adherence to existing security policies Effectiveness of current policies and The manner in which these and procedures procedures relative to security and technologies are configured and Security program implementation business requirements deployed training The CSVA service is performed on-site and a report is issued that contains: Executive Summary documents the dates of the assessment, outlines the scope of the assessment, presents a summary of the findings (current risk level), and a brief summary of the Level 3 and Level 3.5 findings and recommendations, plus an overall rating for the site relative to cyber security practices. CSVA Background Information confirms the dates of the assessment, participants, basics of the CSVA process, and information relative to previous assessments. Network Design Summary describes the high-level design of the network architecture deployed at the site. Detected Perimeters and Cyber Assets describes the information collected from the networks and devices, plus information collected from each cyber asset discovered. Security Vulnerability Assessment summarizes the methods or technology used at the site and any security concerns or recommendations.

Effective Use of Assessments for Cyber Security Risk Mitigation 4 Findings describes all detailed findings that are the result of the CSVA. Reviewing the outline of the areas addressed by the CSVA will help in understanding how effective use of the CSVA can mitigate cyber security risk. The assessment addresses: Good Security Practices Firewall Rules Assessment Ports and Services Assessment Patch Management Malicious Software Prevention Account Management Default Users Password Management Security Status Monitoring Security Logging Remote Administration & Management o Remote Interactive Access & Remote Control o Network Management Share Permissions Local Security Policy: Security Options The Findings section of the report relates directly to areas addressed by the assessment, with the results summarized by asset, vulnerability description, impact, likelihood of the vulnerability resulting in a security event, priority of the vulnerability, and actionable recommendations. Partial extract from sample CSVA Findings, which is included in the CSVA Report

Effective Use of Assessments for Cyber Security Risk Mitigation 5 Power Company Makes Effective Use of the CSVA in Mitigating Risks A safety culture is ingrained in the everyday activities of power companies. These companies are very familiar with the aspects of physical security and safety in their installations. These companies are now finding that they need to extend their safety culture to embrace cyber security with the same level of focus and commitment. Challenge A forward-thinking US power company employed regularly recurring audits of various controls, systems and programs. However, when it came to a SCADA-based cyber security vulnerability assessment, the in-house audit team did not possess the specific combination of skill in process control experience and IT security risks. Site management realized they required a third-party expert with a unique combination of knowledge of the two worlds. After contacting several consulting firms, the power company was unable to find a firm that was familiar with SCADA or other process control systems. Solution Honeywell was selected for the task due to expertise in both disciplines. The Industrial Cyber Security team possessed the experience and expertise that the power company required to review their SCADA system. The power company and Honeywell embarked on a collaborative review of the power company s process control systems and SCADA risk-assessment policies and procedures. Results During the risk assessment process, high-level risks were identified. This information was used to estimate, prioritize and coordinate ongoing risk-mitigation activities. The power company received a high-quality, expert assessment with specific risk rankings to outline those areas for remediation that enabled the power company to: Assess their true risk, Abide by corporate standards for audit and review, and Prioritize the tasks they needed to execute. We needed access to cyber security experts with process control systems knowledge. Honeywell s team of experts was just what we needed to assess our SCADA system, commented the audit team lead of the USbased power company.

Effective Use of Assessments for Cyber Security Risk Mitigation 6 Gas Pipeline Operation Makes Effective Use of the CSVA in Mitigating Risks This customer is one of the largest US-based utility companies, combining natural gas and electric utilities. A gas utility s central control center continuously monitors flow rates and pressures at various points in its gas distribution system. Today s natural gas transmission and distribution systems are heavily dependent on computer technology, supervisory control and data acquisition (SCADA) systems to operate safely and efficiently. Challenge This utility company recognized the importance of the cyber security profile of its gas distribution pipeline and equipment. An operational incident underscored the need to provide better network management and data access. It had become clear that the company required unique expertise in cyber security for critical control networks. Solution This company had worked with Honeywell s Industrial Cyber Security team previously, and determined they needed help assessing and remediating the cyber security vulnerabilities of their gas distribution pipeline and equipment. Results Through the assessment, Honeywell s team documented the vulnerabilities in all facets of the customer s pipeline operation, interpreted and assessed the associated cyber security vulnerabilities, and provided a roadmap to mitigate risks. Included in this activity were: Site and system assessment Review of particular site and system-specific vulnerabilities. Policy and procedures assessment Review of current policy and procedure documents. Compliance assessment Review of operations and processes against applicable compliance standards and best practices. Security baseline Gauges progress against current status and operating model for security. Risk assessment Identifies appropriate levels of security for each asset. The final analysis included suggestions for improvement by order of importance, a project plan, and order-of-magnitude costs for budgetary purposes. Going forward, Honeywell will assist the customer with further development, refining, and execution of their cyber security program. Thanks to Honeywell s cyber security expertise for industrial control and SCADA systems, along with its advanced assessment tools and techniques, we have addressed a wide range of potential risks to the safety, security and reliability of our natural gas distribution system, commented the SCADA Supervisor at the USbased natural gas pipeline company.

Effective Use of Assessments for Cyber Security Risk Mitigation 7 For More Information Learn more about how Honeywell s Cyber Security Vulnerability Assessment can help to mitigate security risk at your site; visit our website www.becybersecure.com or contact your Honeywell account manager. Honeywell Process Solutions Honeywell 1250 West Sam Houston Parkway South Houston, TX 77042 Honeywell House, Arlington Business Park Bracknell, Berkshire, England RG12 1EB Shanghai City Centre, 100 Junyi Road Shanghai, China 20051 www.honeywellprocess.com WP-14-01-ENG November 2014 2014 Honeywell International Inc.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information