PULLING IT TOGETHER
Our customer, a global provider of bio-based products, wanted to stay ahead of cybersecurity threats. Like millions of organizations across the world, they recently reached a realization that cybersecurity is no longer a second thought. As part of its growth initiative, this mid-sized pulp mill acquired multiple operating assets. With a mission to produce products in a safe and efficient working environment, the pulp producer was interested in the latest cybersecurity threats and the appropriate preventative measures. So, the operational technology (OT) personnel and IT teams at the mill decided to prioritize cybersecurity as part of the new integration. While the teams had some visibility into configuration and asset details, there was no existing data to determine how advance the customer’s cybersecurity program is cybersecurity status.
PENTESTING IN PARTS
Honeywell’s OT cybersecurity experts suggested the pulp mill move forward with performing a detailed penetration testing (also known as pentesting) that provides findings of cybersecurity gaps, which could allow someone to reach the industrial control system (ICS). The pentest would be based on the most current view of the mill from an attacker’s perspective. The findings can inform future cybersecurity or ongoing asset management decisions. Like a vast majority of industrial companies the impact of any cybersecurity incident could mean the loss of business continuity, data, and production, which are major concerns.
Honeywell cybersecurity consultants worked with the mill’s IT team to establish guidelines and rules for the pentesting. It was decided that two routes would be beneficial to evaluate: attempting to penetrate the network from the outside and breaching the network from the inside. Only databases were off-limits.
Honeywell cybersecurity experts then educated the teams on what to expect, detailing the course of action. To start, Honeywell cybersecurity experts acted as a malicious person trying to hack into the pulp producer’s systems, to get to the production database and attempt to shut it down, or to get proprietary information.
Using multiple toolsets and a variety of techniques, the first part of the pentesting was performed remotely. The Honeywell cybersecurity experts found creative ways to test the customer’s systems and people over several days: trying to get in from the outside. Good news for the customer: Honeywell pentesters were unsuccessful.
Unfortunately, the pentesters were able to breach the network from the inside easily with a downloaded code in a phishing email, this code was able to proliferate throughout the network. The Honeywell pentesters uncovered additional issues, which they detailed in a findings presentation and report provided to the IT team.
CLOSING THE LOOP, TOGETHER
It’s important to note that the pulp producer had an advantage in that the OT and IT teams have always worked together, with open dialogue and information sharing. The case was no different when the Honeywell pentest identified the cybersecurity issues. Both the IT and OT security teams worked hard to resolve security loopholes.
The customer benefited from the findings detailed in the report as they were now aware of the number of deficiencies and can now create a remediation strategy around how to resolve these deficiencies before they can be exploited. The pentest findings gave the customer an opportunity to close loopholes, change procedures, and modify applications and systems to increase resilience throughout the organization.
The customer plans to have regular pentesting engagements in order to check on its cybersecurity progress and remain up to date on the latest threats. Since the mill now joins a family of other plants and mills, pentesting will be performed across a broader set of operations