Honeywell Protects Its Manufacturing Sites with Its Own Next-Gen OT Cybersecurity Platform
IMAGINE THIS SCENARIO:
Hackers gain control of a chemical plant’s furnace control system. They tamper with the temperature settings and cause an explosion. The consequences of an incident like that can be catastrophic, especially since 9.3 million people reside within a 10-kilometer radius of the average chemical plant in the US.1
Targeting operational technology (OT) systems has become a typical tactic for bad actors. Cybercriminals and nation-state actors see these critical assets as an open invitation to disrupt operations, cause physical damage and even put public safety at risk.
Today’s OT environments require greater connectivity to realize the advantages of an intelligent production environment. “With increased connectivity comes the increased risk of bad actors gaining access to a network. They want to use it as a launching point to deploy malware and cripple the ability to produce products or provide services,” says Chase Carpenter, Chief Security Officer at Honeywell.
Attacks are also costly. According to the Ponemon Institute, the average cost of a cyber breach in critical infrastructure is now $4.5 million.2 Moreover, 75% of OT organizations experienced at least one intrusion in the past year.3
The average cost of a cyber breach in critical infrastructure is now
$4.5 million
75%
of OT organizations experienced at least one intrusion in the past year.
OT CYBERSECURITY STARTS WITH VISIBILITY
Honeywell needed to improve security for its own manufacturing environment. Every one of its over 400 facilities depend on OT to function, and in turn, those OT environments depend on cybersecurity programs and solutions to help improve their defenses against malware and other cyber attacks that could disrupt or, worse, shut down its manufacturing sites.
Before you can implement a good security program for your OT assets, you need to know what they are and where they are. Honeywell started by using an off-the-shelf cybersecurity solution to monitor OT networks at its various manufacturing locations.
Unfortunately, the solution didn’t provide the visibility required to efficiently identify cyber threats. Specifically, the tool could not correctly detect numerous network assets, which might vary between workstations, test devices, control systems, CNC devices and more, depending on the manufacturing site.
“Over 49% of our assets were left unclassified,” says Mukesh Saseendran, Director of Cybersecurity at Honeywell. “To get an accurate inventory, we needed an individual to walk down to every single workstation and document everything manually, which in itself is labor intensive and prone to human error.”
If an asset is undocumented, it’s a blind spot. It could present a gaping hole for attackers to infiltrate, and no one would know about it until it’s too late. Without the right cyber tools in place, Honeywell would have to shut down a factory every time the site was threatened, resulting in serious revenue leakage.
“If I don’t know about a particular asset, I can’t protect it and that’s a terrifying scenario,” Carpenter says. “There could be bad actors taking advantage of the situation to stage an attack.”
HONEYWELL TAPS IN-HOUSE EXPERIENCE TO FIGHT THREATS
Around the same time that Honeywell realized its commercial off-the-shelf solution was inadequate, the company launched its own OT cyber solution. This software solution – Honeywell Forge Cybersecurity+ | Cyber Insights – came from years of internal development in Honeywell’s OT cybersecurity business, which serves multiple industries with products and services designed to help organizations reduce their industrial cybersecurity risk.
The reality is that, over the years, Honeywell tested and evaluated dozens of OT cybersecurity software products in its labs – for itself and its customers. The company gained profound insight into what is considered a best-inclass solution and applied that insight as it developed Cyber Insights.
Carpenter says he had three musthaves before removing the previous cyber tool and replacing it with Cyber Insights. First, the solution needed to be capable of accurately determining the inventory of assets on the network.
Second, he and his team needed the capability to be able to passively detect any malicious activity happening on the network. Third, the solution should be designed to accurately identify the version of operating system or firmware on each asset and when it needs to be patched or updated.
“Cyber Insights delivered on every one of those must-haves,” says Carpenter. “Honeywell now has far greater visibility into all the assets on the network that manage, monitor and control its industrial infrastructure.”
“Having this visibility also means that, in case there is an adverse situation, we should have the ability to respond more quickly to the threat,” says Saseendran. In addition, Cyber Insights is designed to provide a layer of vulnerability defense. If an unauthorized system is trying to communicate with another asset, Cyber Insights is designed to raise flags and send alerts about the potential threat.
Cyber Insights is also capable of significantly reducing unnecessary noise, particularly in OT-centric environments. “The previous product discovered 200,000 to 300,000 assets and networks across all our sites, and we didn’t understand why it was discovering so many,” explains Saseendran. “We later realized it was looking at the data and traffic incorrectly and, as a result, generating a lot of noise. When we switched to Cyber Insights and did the audit correctly, we were down to 67,000 assets across those sites.”
HPS_TS
HPS_TS, HPS, Customer
HPS
HPS, Customer
"Honeywell now has far greater visibility into all the assets and networks that manage, monitor and control its industrial infrastructure.”
– Chase Carpenter, Chief Security Officer at Honeywell
CYBER INSIGHTS IS DESIGNED TO MAKE THE IMPLEMENTATION PROCESS EASY
Another major downside to that original off-the-shelf tool was that it was very difficult and time consuming to implement. At each site, it took Honeywell four to six months to get up and running with the solution. “There are over 400 factory sites at Honeywell,” says Saseendran. “We simply cannot invest six months per site to implement the solution. That’s why efficient implementation is so critical.”
In contrast, Honeywell implemented its first Cyber Insights site in less than a month, with seven sites implemented in two months. Carpenter is now in the process of deploying Cyber Insights to 120 of Honeywell’s most critical manufacturing sites. Honeywell’s experience indicates that a typical single-site deployment of Cyber Insights takes about 33% less time than the previous solution utilized by Honeywell.
In addition to ease of implementation, Cyber Insights’ clear and straightforward representation of the network landscape simplified asset configuration and viewing, which is crucial for asset discovery without resorting to manual audits. Since going live with Cyber Insights, Honeywell observed an 18% to 20% increase in asset discovery within the Honeywell-deployed sites. This is a significant benefit that eliminates the need for manual workstation audits, which are often error-prone and unreliable.
THE HONEYWELL DIFFERENCE
Cyber teams have become skilled at implementing solutions, practices and procedures designed to improve security for IT systems; however, the reality is that OT cybersecurity is lagging because it requires specialized tools and knowledge. Organizations simply can’t use the tools they have in the IT space when managing their OT environment
Honeywell has approached this challenge by leveraging its vast experience in the OT world to develop Cyber Insights. “We have a very complex environment, including small sites, large sites and sites around the world,” says Saseendran. “If Cyber Insights works for us in our manufacturing sites, it will very likely work for our customers as well.”
“There is no silver bullet to fully secure your OT environment,” says Carpenter. “however, Honeywell currently offers one of the most complete sets of products and services that can help organizations improve their protection of their critical OT assets.”
Implementing Cyber Insights is like getting a good pair of glasses for the first time – everything becomes clear, and with that clarity comes new speed and efficiency. If there is an attack, Cyber Insights is designed to help cyber teams identify the source and know where to focus, which can help their organizations save valuable time and resources. It is not an install-onceand-walk-away solution, but rather a constant companion in the battle against cybercrime.
If you are looking for a comprehensive and robust cybersecurity solution for your OT environment, look no further than Honeywell Forge Cybersecurity+ | Cyber Insights. This solution can help you improve your visibility, control and resilience of your OT network, and help you improve your ability to protect it from cyber threats that could harm your business and reputation.
Contact Us today to learn more about how we can help you improve security for your OT assets and operations with Honeywell Forge Cybersecurity+ | Cyber Insights.
We have over 400 factory sites at Honeywell so we cannot invest six months per site. That’s why efficient onboarding is so critical.
Request A Consultation
Complete this form to request a cybersecurity consultation.
