Industrial Cyber Security: Creating a Secure Process Control

1. Industrial Cyber Security Creating a Secure Process Control Environment by Properly Managing Risk

2. Industrial Cyber Security • Complexity of process control technologies coupled with an evolving industrial cyber security threat, demands defense-in-depth approach to manage security risk • According to Symantec/McAfee: • Ten out of 10 facilities lack, supported security maintenance program • The annual financial cost of global cyber reached $114 billion • 80 percent of water, gas and energy firms reported compromised security systems from hacker attacks • Cost of downtime from security breaches is $6 million per day

3. Industrial Cyber Security A Balancing Act between Opportunity and Risk • Advances in control system platforms and business applications allow for new capabilities to improve plant operations • By deploying advanced technologies, plants can improve system availability, reduce operating costs and achieve greater production yields • Today’s control system moved from proprietary platform to more open technology. Open technology invites accessibility for better organization functions. These also exposes production facilities to increased industrial cyber security risk

4. Industrial Cyber Security Identifying the Risks for Industrial Process Control Environments • Business of all types need a defined strategy to mitigate threats, vulnerabilities not addressed could produce disastrous consequences. • Production facilities pose greater industrial cyber security risk due to the following: • Hard-to-find technical talent and a lack of staffing resources to manage industrial cyber security • Uptime availability and reliability at expense of stringent industrial cyber security practices • Increased requirement for accessibility – 24/7 access • Numerous and complex tools, increased standards and best practices

5. Industrial Cyber Security Identifying the Risks for Industrial Process Control Environments • Production facilities pose greater industrial cyber security risk due to the following: • Lack of critical lifecycle management of the industrial IT environment • Integrated business and production systems require careful design and infrastructure

6. Industrial Cyber Security Managing Risk – The Prime Directive • Deploying consistent proven set of tools across multiple systems • Production facilities requires ongoing, long-term sustainable program for industrial cyber security risk mitigation • To safeguard process control environment, a comprehensive industrial cyber security strategy that combines tools, services, best practices and expert support is needed throughout IT lifecycle

7. Industrial Cyber Security Addressing the Four Phases of the IT Lifecycle • Phase 1: Assess – evaluates assets and vulnerabilities against industry standards, regulatory requirements and best practices. Solution provider develops road map to remove threats • Phase 2: Remediate – tackles threats identified in Assess phase. Focus on delivering customized industrialized cyber security program • Phase 3: Manage – focus is keeping network and security programs operating at peak levels • Phase 4: Assure – program monitoring must function as designed and per regulations

8. Industrial Cyber Security The Value of a Industrial Cyber Security Strategy • Key to safeguarding against security breaches and cyber attacks • Broken down efforts of four phases demystifies what’s needed to establish and maintain a robust defense • Effective strategy unites best practices of traditional IT with special requirements of process control systems • Greater control over production environment while delivering maximum system performance

9. Industrial Cyber Security About the Author Rick Kaun is global industrial IT solutions business development lead at Honeywell Process Solutions, a pioneer in automation control for more than 35 years. For more information about Industrial Cyber Security, please visit https://www.honeywellprocess.com/en-US/explore/services/industrial-it-solutions/Pages/default.aspx today.