Itās a scary cyber world out there. Cyber criminals are more sophisticated than ever, and itās become pretty much impossible to predict what form the attack will come in next. But does that mean manufacturers should shut themselves off from network connections to keep themselves protected? Absolutely not. The benefits of a connected world are too great to ignore.
āWe cannot eliminate risk in anything that we do. In fact, if you lived in an environment where you mitigated risk to almost zero, your company would not grow,ā said Raj Samani, vice president and CTO for Intel Security. āRisk is good. Thatās how you grow. Thatās how you realize new opportunities.ā
Samani described the cyber landscapeāthe reality of the criminal infrastructureāin a general session during the Honeywell Users Group (HUG) Americas Symposium in San Antonio, Texas. Not intended to scare people, he insisted, his message was instead meant to explain the reasons behind the collaboration announced this week between Honeywell Process Solutions (HPS) and Intel Security.
The two companies will collaborate to help bolster protection of critical industrial infrastructure and the Industrial Internet of Things (IIoT). Intel Securityās McAfee technologies will be integrated with Honeywellās Industrial Cyber Security Solutions, providing Honeywell customers with enhanced security software to protect their control systems from malware and misuse.
āThe need for collaboration is borne by our infrastructure,ā Samani said in a press conference following the general session. āWe need to have better assurance and trust in the environments that we live in.ā
Intel Security has faced considerable pushback from the oil fields, Samani mentioned. Partnering with a company like Honeywell, which is well established in those and other process environments, will help further the discussion with customers.
The cyber landscape
In the morningās general session, Samani did indeed paint a pretty horrifying picture of the cyber landscape. In a success story that has the cyber cops breathing a sigh of momentary relief, a collaboration of agencies across the globe finally concluded the takedown of the Beebone Botnet in April after six years of it infecting computers across the world. With its shape-shifting abilities, Beebone is a prime example of the incredible intelligence and adaptability of the cyber crime that networks and everything connected to them are up against today.
Unlike the malware of yesteryear that was relatively easy to spot on an infected network, Beebone was constantly updating itselfāup to 35 times a day, it would change its appearance. Even that change was not the same everywhere; the shift that you might see on your computer would be different for the person right next to you. āIt would use the serial number of your C drive and your username as a way to create multiple variants of itself,ā Samani explained. āCan you imagine how difficult that is to imagine what it would be next?ā
But Intel Security, working with the Dutch National High Tech Crime Unit, Europol, US-CERT and several other agencies, eventually brought it down. āWe needed to crack the code behind Beebone, and it wasnāt easy,ā Samani said. Instead of the hardcoded IP address found in malware in the past, Beebone used an algorithm that would constantly change to dictate who it would communicate with. āWe needed to crack the code so we knew who it was talking to and who it would talk to next.ā
The good guys would crack the code, and the bad guys would change it. āWe had to go back to the drawing board, and crack the code again,ā Samani said. āThen they changed it again. But this time they made a mistake. And now we had an opportunity to bring it down.ā
To make a long story short, on April 8, that takedown was complete. Itās a huge accomplishment, but itās just one nasty piece of malware in an increasingly growing string. āOn average, we see 387 new malware samples every minute. Thatās six a second,ā Samani said, adding later, āBased on what I have in my in-tray today, this isnāt even the most advanced.ā
The threat is out there, available for hire. āThe criminals are well funded and well resourced, and theyāre going after our data and our infrastructure,ā Samani said.
But donāt despair
And yetā¦ The idea that you should cut your oil field or water treatment plant or any other process facility off from the Internet is not a notion you should even consider. The benefits of embracing the IIoT are just too great.
The concept of the digital oil field is relatively well known today, but Samani described a customer who was at the forefront of that movement. āHis vision was to be able to sit at his office in the Middle East, and remotely control all his fieldsāto no longer rely on people to do all of the hard work,ā he explained. āSo he came up with the concept to eliminate the air gap. I think he was called a mad man.ā
But that āmad manā grew his oil production from 400,000 barrels/day to 1 million barrels/day. āHe got his return on investment in about two weeks,ā Samani said. āThatās the opportunity that he realized.ā
The growing threat of cyber attacks to industrial targets is a major global concern, according to a survey conducted last year by Ipsos Public Affairs on behalf of Honeywell. Two-thirds of those surveyed thought that the oil and gas, chemicals and power industries were particularly vulnerable to cyber attacks.
With the idea that you really canāt eliminate the risk if you want to realize the potential that connected operations provide, Intel Security and HPS will combine their cybersecurity advances with Honeywellās industrial process domain knowledge to provide security solutions for process industries.
At the conference this week and in the Knowledge Center there, HPS was showing off the Industrial Cyber Security Risk Manager that it launched a couple months ago. Serving as a dashboard to help identify areas of cybersecurity risk, the Risk Manager goes hand in hand with other Honeywell security offerings, including the Industrial Cyber Security Lab that the company opened in Duluth, Ga., at the end of March.
Now, the partnership with Intel Security will help Honeywell expand the breadth of its offering, according to Jeff Zindel, global business leader for Honeywellās Industrial Cyber Security Solutions group. āWorking together, we will be able to accelerate and shorten the time of product introductions,ā he said.
In a separate statement, Zindel said, āOur collaboration with Intel Security will enable integrated, validated solutions for our industrial process customers to more rapidly deploy and better protect their investment. This approach is critical to enable the productivity potential of Honeywell automation solutions and the Industrial Internet of Things.ā
Application whitelisting is the first result of the partnership between Honeywell and Intel Security, Samani mentioned. Honeywell will qualify Intel Securityās Application Whitelisting and Device Control with its own cybersecurity for its Experion Process Knowledge System. The McAfee Application Whitelisting maintains system integrity by allowing only authorized code to run. McAfee Device Control allows users to specify and categorize what data can and cannot be transferred to various plug-in devices.
Honeywell is also offering Intel Securityās Enterprise Security Manager and Next Generation Firewall to its customers, and the products will be supported by Honeywellās Risk Manager.
