Issuu on Google+

Industrial Cyber Security

Creating a Secure Process Control Environment by Properly Managing Risk


Industrial Cyber Security • Complexity of process control technologies coupled with an evolving industrial cyber security threat, demands defense-in-depth approach to manage security risk • According to Symantec/McAfee: - Ten out of 10 facilities lack, supported security maintenance

program - The annual financial cost of global cyber reached $114 billion - 80 percent of water, gas and energy firms reported compromised security systems from hacker attacks - Cost of downtime from security breaches is $6 million per day

2


Industrial Cyber Security A Balancing Act between Opportunity and Risk • Advances in control system platforms and business applications allow for new capabilities to improve plant operations • By deploying advanced technologies, plants can improve system availability, reduce operating costs and achieve greater production yields • Today’s control system moved from proprietary platform to more open technology. Open technology invites accessibility for better organization functions. These also exposes production facilities to increased industrial cyber security risk 3


Industrial Cyber Security Identifying the Risks for Industrial Process Control Environments • Business of all types need a defined strategy to mitigate threats, vulnerabilities not addressed could produce disastrous consequences. • Production facilities pose greater industrial cyber security risk due to the following: - Hard-to-find technical talent and a lack of staffing resources to

manage industrial cyber security - Uptime availability and reliability at expense of stringent industrial cyber security practices - Increased requirement for accessibility – 24/7 access - Numerous and complex tools, increased standards and best practices

4


Industrial Cyber Security Identifying the Risks for Industrial Process Control Environments • Production facilities pose greater industrial cyber security risk due to the following: - Lack of critical lifecycle management of the industrial IT environment - Integrated business and production systems require careful design and infrastructure

5


Industrial Cyber Security Managing Risk – The Prime Directive • Deploying consistent proven set of tools across multiple systems • Production facilities requires ongoing, long-term sustainable program for industrial cyber security risk mitigation • To safeguard process control environment, a comprehensive industrial cyber security strategy that combines tools, services, best practices and expert support is needed throughout IT lifecycle

6


Industrial Cyber Security Addressing the Four Phases of the IT Lifecycle • Phase 1: Assess – evaluates assets and vulnerabilities against industry standards, regulatory requirements and best practices. Solution provider develops road map to remove threats • Phase 2: Remediate – tackles threats identified in Assess phase. Focus on delivering customized industrialized cyber security program • Phase 3: Manage – focus is keeping network and security programs operating at peak levels • Phase 4: Assure – program monitoring must function as designed and per regulations 7


Industrial Cyber Security The Value of a Industrial Cyber Security Strategy • Key to safeguarding against security breaches and cyber attacks • Broken down efforts of four phases demystifies what’s needed to establish and maintain a robust defense • Effective strategy unites best practices of traditional IT with special requirements of process control systems • Greater control over production environment while delivering maximum system performance

8


Industrial Cyber Security About the Author Rick Kaun is global industrial IT solutions business development lead at Honeywell Process Solutions, a pioneer in automation control for more than 35 years. For more information about Industrial Cyber Security, please visit https://www.honeywellprocess.com/enUS/explore/services/industrial-itsolutions/Pages/default.aspx today.

9


Industrial Cyber Security: Creating a Secure Process Control Environment by Properly Managing Risk