Honeywell weighs in on OT cybersecurity challenges, evolution – TechTarget




arthead – stock.adobe.com
ORLANDO, Fla. — The practice of securing operational technology environments is changing rapidly, and Honeywell is changing with it.
The technology conglomerate this week held its Honeywell Connect 2022 user conference, which showcased the company’s latest offerings and new strategies across its extensive product lines. Though the conference focused on various aspects of Honeywell’s business in the operational technology (OT) space such as industrial performance monitoring and sustainability analytics, Honeywell Connect featured a strong focus on OT cybersecurity that included a pair of new announcements.
Honeywell’s Advanced Monitoring and Incident Response (AMIR) solution, launched last year, introduced a new dashboard that provides customers increased visibility into any potential incidents detected as well as any active responses to said incidents. The other announcement is an update to its vendor-agnostic whitelisting tool as well as its rebranding from Application Whitelisting to Cyber App Control.
Honeywell cybersecurity chief product officer Paul Griswold described AMIR’s new dashboard as a way to compensate for the skill gap organizations face because “it’s very hard to find OT people who understand both cybersecurity and the OT environment.” He said the tool lets customers see what Honeywell is seeing in real time rather than solely seeing reports after an incident is responded to.
Though it is only one part of their overall business, Honeywell is one of the earlier vendors to enter OT cybersecurity, the sub-industry of dedicated to technologies like industrial control systems and, somewhat more recently, the internet of things (IoT).
TechTarget Editorial sat down with Griswold as well as Jeff Zindel, Honeywell’s vice president and general manager of cybersecurity, to discuss how the young space of OT cybersecurity has evolved in recent years.
Paul, you’ve been with Honeywell for about three years, and for you Jeff, nearly a decade. How has OT security evolved since you joined the space?
Jeff Zindel: I can tell you that over the last nine years, there has been a dramatic change. At the time I joined, there was very little awareness. All the attention was on IT cybersecurity, and “OT security” was hardly being used as a term, if at all. Nine years ago, we were talking about “industrial cybersecurity.” Now, people commonly refer to this thing as OT cybersecurity, but then, people didn’t have a clue what we were talking about. There was a lack of understanding of these industrial environments. And the prevailing belief was that they were air-gapped, so you didn’t need to worry about them.
There were attacks like Stuxnet, which was kind of an eye opener. But I think many people thought it was a one-off nation-state attack. I would say that the awareness was extremely low, and the number of providers in the space focused on industrial or OT cybersecurity was very low. Today, awareness is pervasive. It’s widespread. And that’s an awareness of, I think, the number of attacks on these OT environments, and the potentially devastating or costly consequences of an incident in the OT environment. Now we have awareness at the board level and C-suite on down.
Paul Griswold: I started Honeywell on Jan. 21, 2020. In the three years I’ve been here, one of the things that I’ve seen is the acceleration of remote operations. Secure remote operations were really driven by COVID-19, which started six weeks after I joined. For example, some environments that were previously air gapped now needed connectivity. That’s a big thing. I also think events like the Colonial Pipeline and Oldsmar attacks are opening the eyes and gaining the attention of boards of directors. And they’re coming in and saying that they can’t have disruption to production or a disruption to distribution. They’re also saying that to the CIOs and CISOs, not the plant-level guys, which gives the enterprise group, so to speak, the ammunition and, a lot of times, the budget to start having conversations and to get an idea of their security posture. And a lot of times, they’ll be kind of scared of what they find. But it at least drives things forward.
The common reasons cited for OT security lagging are that industrial equipment is built to last decades rather than years, that unplanned patching can shut down critical equipment for days at a time, and that many organizations in the OT space don’t have developed security postures. Is this gap getting smaller?
Griswold: I think it depends on the company. There are still a lot of companies out there who aren’t doing patching or antivirus at all on the OT side. They suddenly get visibility into all the things they’ve been missing, and at least they have something to work with. But at the same time, they have that knowledge of what needs to be done. Every company is at a different point in their journey. I think as a trend overall, yes, it is it is getting better. But you still have the same challenges.
Zindel: Generally speaking, OT cybersecurity is still in its infancy. If you look across the landscape, many of the fundamentals that you take for granted in IT cybersecurity are not yet in place in the OT world. Network segmentation is still being worked on. There are still flat networks out there, and there’s no clear delineation between IT, OT and IoT. And while the awareness has increased — and I think that the need and desire is increased — the actual implementation of OT security is still lagging significantly. The good news is that the recognition is there, and people are starting to embrace it.
To some extent, though, do you think one potential sign of the industry maturing is that organizations are starting to have conversations about converging their IT and OT security operations into a single security team?
Zindel: Absolutely, and there are so many benefits to that. You’ve got IT, which has been doing security for a long time in every one of these organizations — years or even, sometimes, decades. The OT side can learn from them and benefit from that experience and expertise. That’s one benefit. The other is visibility.
Griswold: There are great conversations happening. Some of the worst experiences that we have seen with our customers is where IT comes up with an edict and says, ‘This is what we’re going to do, and we’re going to make all the plants do this,’ when they have no idea what a plant even looks like. That’s where you have cloud-connected backup solutions showing up and the plant [staff] says, ‘We don’t have an internet connection.’ I think it’s about getting past that where it’s not it saying ‘thou shalt’ — it’s really more about saying, ‘This is the problem we need to solve, and [let’s figure out] the best way to solve it for OT.’ And then it’s about staffing up a team and having people with the knowledge and credibility to actually make it happen versus just being a written policy nobody looks at.
What are people on the ground floor talking about right now in terms of OT security?
Zindel: We are seeing a big demand and a need for greater visibility around threat detection as well as indicators of compromise. While the focus continues to be around protection, there’s a heavy emphasis now on detection. Whether it’s continuous monitoring or whatever the solution may be, organizations want eyes on vulnerabilities, threats and risk so that they can accelerate the time to eradicate, remediate or contain. That’s a big, big shift in demand, and we’re getting requests from customers about how we can help them. And that’s good, because they realize they can’t protect everything and that they need to have a better sense of what’s happening in their environment in order to rapidly respond.
Griswold: I agree with that. I think the other thing is that we’re seeing people talk more about asset discovery. The people running the processes know the assets and they can name them off, so that’s not necessarily a new thing for them. But on the corporate side, they don’t know the asset. It kind of goes from night to day — where, at first, you had no visibility in this completely dark environment. And now you’re getting a bunch of additional information. I think that discussion is more on the corporate side, but that enterprise view of the assets is certainly something that’s gaining a lot more steam.
Editor’s note: This interview was edited for clarity and length.
Alexander Culafi is a writer, journalist and podcaster based in Boston.
Most people think automation will take jobs away. For OSU Wexner Medical Center, network automation helps improve security, …
These 16 Windows PowerShell cmdlets, including Get-NetIPAddress and Test-Connection, help network administrators troubleshoot …
When troubleshooting wireless network issues, several scenarios can emerge. But valuable end-user insights can help network …
As CIOs and CISOs push for innovation, mindset changes might be in order. They can take a cue from VCs and think about ideation …
Impossible Foods’ Patrick Brown is proof that a focus on climate action can drive market success. Here are four sustainability …
Pressure is mounting for the business sector to address its environmental footprint and become more sustainable. Here’s a look …
Monitoring files on Windows systems is critical to detect suspicious activities, but there are so many files and folders to keep …
While Microsoft Loop is not yet generally available, Microsoft has released details about how Loop can connect users and projects…
The latest Windows 11 update offers a tabbed File Explorer for rearranging files and switching between folders. The OS also …
Companies rely on the cloud for modern app development. Learn the key features that differentiate cloud computing from …
To grasp a technology, it’s best to start with the basics. Take this brief cloud computing quiz to gauge your knowledge of …
AWS Batch enables developers to run thousands of batches within AWS. Follow this tutorial to set up this service, create your own…
Nuclear fusion works, just not yet well enough. Learn how software simulations running on modern supercomputers and data science …
The international travel group is overhauling its data stack and aims to provide self-service analytics to key employees across …
The Data Lab’s Data Summit majored on the ethical use of data, and featured Scottish government minister Tom Arthur, science …
All Rights Reserved, Copyright 2000 – 2022, TechTarget

Privacy Policy
Cookie Preferences
Do Not Sell My Personal Info

source


CyberTelugu

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top