Honeywell announced at the Honeywell Users Group EMEA conference in Madrid in early October the launch of new cyber security consulting services to address the growing cyber threat to industry and the industrial cyber security skills shortage
The new services are designed to help industrial and critical infrastructure customers identify and eliminate dangerous security weaknesses.
The Honeywell CyberVantage Security Consulting Services portfolio now includes Penetration Testing, providing active “white-hat” hackers who exploit customer defenses in order to fix them. It also now offers System Hardening to reduce software vulnerabilities and assist customers in safely complying with global Center for Internet Security (CIS) industry benchmarks. These new offerings expand the Honeywell CyberVantage Security Consulting Services portfolio of more than 30 services that deliver comprehensive cybe rsecurity expertise to industrial clients, from assessments and audits to remediation, enabling safer connected plants, digital transformation, and Industrial Internet of Things (IIoT) efforts. Delivered by consultants with expertise in both operational technology (OT) and industrial cyber security, the services help organisations lower the risk and possible impact of security incidents and improve their industrial cyber security maturity levels.
Addressing the media at the Honeywell Users Group EMEA conference, Marty Israels, Honeywell’s director of product marketing for Industrial Cyber Security Solutions, explained that the new services are being added in response to the increase in both the frequency and sophistication of attacks over the last twelve to eighteen months, with many targeting critical infrastructure and the process industries. This is a big challenge for customers, who are looking for expertise and support.
“Planning an attack on industrial controls systems (ICS) is now easier than ever, with malware that can be used to attack an individual or company easily accessible on the dark web,” he commented. “Organised crime and individuals looking to do harm are taking advantage of this. That is one of the reasons why we have seen an increase in ransomware attacks over the last couple of years.” According to Trend Micro, there were 1.7bn ransomware attacks detected globally in the first quarter of 2018.
The Middle East is one of the regions most under threat. A PwC survey has found that businesses in the Middle East suffered larger losses than other regions in the world last year due to cyber incidents. Around 18 per cent of respondents in the region have experienced more than 5,000 attacks, compared to a global average of nine per cent.
Another challenge is the cyber security skills shortage, with a global shortfall of 3.5mn cyber security jobs globally forecast by 2021, according to research company Cybersecurity Ventures, while the move to connected operations to drive efficiencies is further driving the demand for industrial cyber security and the expertise to support it.
“Fifty one per cent of organisations report a shortage of cyber security skills. The feedback from our customer advisory board indicates there is a need for industrial security expertise,” said Israels.
“In response to this we are building a strong cyber security service portfolio to complement the software and technology we provide. Over the past year and a half we have put a focused effort into strengthening our industrial cyber security capabilities and increasing the level of services, driven by a multi-site defence in depth approach, complemented by the ability to do multi-vendor cyber security management. With our CyberVantage security consulting services we can bring expertise on-site, offering various services to increase customer defences. This is complemented by software that offers secure remote access, through a single pipe into a control network, providing advanced industrial security protection.”
In addition, Honeywell introduced Cyber Vantage Managed Security Services in June, which offer 24/7 access to industrial expertise and monitoring.
Honeywell now employs more than 250 people focused on industrial cyber security, with a specialised knowledge of requirements such as industrial control system (ICS) security standard IEC-62443 and a variety of country specific standards. The company has also opened Industrial Cyber security Centers of Excellence (COEs) around the world, launching its first COE in the Middle East in Dubai in February to serve its customers in the region. The pioneering technology centre provides a safe off-process environment to test and demonstrate process control network vulnerabilities and threats, train customers with real-time attack simulations and provide advanced customer consultations.
“We are very much involved in cyber security, with a strong and growing cyber security business,” stressed Israels.