Honeywell Process Solutions (HPS) has launched what it says is the first digital dashboard designed to proactively monitor, measure and manage cyber security risk for control systems for refineries, power plants and other automated production sites at increasing risk of cyber attacks.
The Honeywell Industrial Cyber Security Risk Manager is designed to simplify the task of identifying areas of cyber security risk, providing real-time visibility, understanding and decision support required for action. It monitors and measures cyber security risk in multi-vendor industrial environments.
The launch of the Risk Manager comes less than a month after the opening of the new Honeywell Industrial Cyber Security Lab in Duluth, Georgia, intended to advance the company's development and testing of new technologies and software to defend industrial facilities and operations such as refineries and manufacturing plants from cyber attacks.
The threat of cyber attacks on industrial targets is a major concern according to a global survey on cyber security conducted by Ipsos Public Affairs in September 2014 on behalf of Honeywell. More than 5,000 adults in 10 countries were surveyed about the threat of cyber attacks on critical industries in their countries. Three quarters of respondents said they were fearful that cyber criminals could hack into and control major sectors and elements of the economy. Two-thirds of those surveyed thought that the oil and gas, chemicals and power industries were particularly vulnerable to cyber attacks.
“Industrial processors are increasingly challenged to understand their cyber security risks,” said Jeff Zindel, global business leader Cyber Security, HPS. “And many times, they don’t know what to do with the data they are provided or what to do if an incident occurs. Risk Manager changes that. It gives guidance on the potential impact of threats and vulnerabilities as well as possible resolutions, making it easier to manage cyber security risks.”
According to Honeywell, Risk Manager uses advanced technologies that translate complex cyber security indicators into clear measurements and key performance indicators (KPI), and provides essential information through an easy-to-use interface. Honeywell says the intuitive workflow allows users to create customized risk notification alerts and perform detailed threat and vulnerability analysis so they can focus on managing risks that are most important for reliable plant operations.
“Industrial facilities have clearly become targets for cyber attacks,” Sid Snitkin, vice president, ARC Advisory Group, said in a press release about the new Risk Manager. “Safety and operational continuity demand a clear understanding of these serious, dynamic risks and a program to ensure that they remain within acceptable levels. While most organizations recognize this need, operational people often lack the expertise to properly assess and manage cyber risks. So, we applaud Honeywell’s development of the Industrial Cyber Security Risk Manager. From what we’ve seen, it is a comprehensive, yet understandable, solution that should meet the needs of operational, automation, and manufacturing IT personnel.”
According to Zindel, with Risk Manager, industrial customers don’t need to be cyber security experts. “The easy-to-use interface allows users to prioritize and focus efforts on managing risks that are most important for reliable plant operations, protecting against vulnerabilities and threats such as insecure network and system configurations, rogue devices, intrusion attempts, malware, and the list goes on,” Zindel said.
Honeywell has included proprietary cyber protection software for more than10 years with its process automation solutions including Experion process controls, which are used at industrial sites such as refineries, chemical plants, gas processing units, power plants, mines and mills around the world. During that time, the Honeywell Industrial Cyber Security group has delivered more than 1,000 industrial cyber security projects globally.
Risk Manager monitors plant assets within and across all security zones of a plant, including third-party systems. By understanding security zones, Risk Manager is aligned with ISA 62443 and is able to calculate accurate risk scores. Risk Manager’s real-time measurement of risk is in line with industry standard risk management methodologies so that risk scores can be used consistently and accurately throughout a corporation’s risk and governance efforts, Honeywell says.