It’s a scary cyber world out there. Cyber criminals are more sophisticated than ever, and it’s become pretty much impossible to predict what form the attack will come in next. But does that mean manufacturers should shut themselves off from network connections to keep themselves protected? Absolutely not. The benefits of a connected world are too great to ignore.
“We cannot eliminate risk in anything that we do. In fact, if you lived in an environment where you mitigated risk to almost zero, your company would not grow,” said Raj Samani, vice president and CTO for Intel Security. “Risk is good. That’s how you grow. That’s how you realize new opportunities.”
Samani described the cyber landscape—the reality of the criminal infrastructure—in a general session during the Honeywell Users Group (HUG) Americas Symposium in San Antonio, Texas. Not intended to scare people, he insisted, his message was instead meant to explain the reasons behind the collaboration announced this week between Honeywell Process Solutions (HPS) and Intel Security.
The two companies will collaborate to help bolster protection of critical industrial infrastructure and the Industrial Internet of Things (IIoT). Intel Security’s McAfee technologies will be integrated with Honeywell’s Industrial Cyber Security Solutions, providing Honeywell customers with enhanced security software to protect their control systems from malware and misuse.
“The need for collaboration is borne by our infrastructure,” Samani said in a press conference following the general session. “We need to have better assurance and trust in the environments that we live in.”
Intel Security has faced considerable pushback from the oil fields, Samani mentioned. Partnering with a company like Honeywell, which is well established in those and other process environments, will help further the discussion with customers.
The cyber landscape
In the morning’s general session, Samani did indeed paint a pretty horrifying picture of the cyber landscape. In a success story that has the cyber cops breathing a sigh of momentary relief, a collaboration of agencies across the globe finally concluded the takedown of the Beebone Botnet in April after six years of it infecting computers across the world. With its shape-shifting abilities, Beebone is a prime example of the incredible intelligence and adaptability of the cyber crime that networks and everything connected to them are up against today.
Unlike the malware of yesteryear that was relatively easy to spot on an infected network, Beebone was constantly updating itself—up to 35 times a day, it would change its appearance. Even that change was not the same everywhere; the shift that you might see on your computer would be different for the person right next to you. “It would use the serial number of your C drive and your username as a way to create multiple variants of itself,” Samani explained. “Can you imagine how difficult that is to imagine what it would be next?”
But Intel Security, working with the Dutch National High Tech Crime Unit, Europol, US-CERT and several other agencies, eventually brought it down. “We needed to crack the code behind Beebone, and it wasn’t easy,” Samani said. Instead of the hardcoded IP address found in malware in the past, Beebone used an algorithm that would constantly change to dictate who it would communicate with. “We needed to crack the code so we knew who it was talking to and who it would talk to next.”
The good guys would crack the code, and the bad guys would change it. “We had to go back to the drawing board, and crack the code again,” Samani said. “Then they changed it again. But this time they made a mistake. And now we had an opportunity to bring it down.”
To make a long story short, on April 8, that takedown was complete. It’s a huge accomplishment, but it’s just one nasty piece of malware in an increasingly growing string. “On average, we see 387 new malware samples every minute. That’s six a second,” Samani said, adding later, “Based on what I have in my in-tray today, this isn’t even the most advanced.”
The threat is out there, available for hire. “The criminals are well funded and well resourced, and they’re going after our data and our infrastructure,” Samani said.
But don’t despair
And yet… The idea that you should cut your oil field or water treatment plant or any other process facility off from the Internet is not a notion you should even consider. The benefits of embracing the IIoT are just too great.
The concept of the digital oil field is relatively well known today, but Samani described a customer who was at the forefront of that movement. “His vision was to be able to sit at his office in the Middle East, and remotely control all his fields—to no longer rely on people to do all of the hard work,” he explained. “So he came up with the concept to eliminate the air gap. I think he was called a mad man.”
But that “mad man” grew his oil production from 400,000 barrels/day to 1 million barrels/day. “He got his return on investment in about two weeks,” Samani said. “That’s the opportunity that he realized.”
The growing threat of cyber attacks to industrial targets is a major global concern, according to a survey conducted last year by Ipsos Public Affairs on behalf of Honeywell. Two-thirds of those surveyed thought that the oil and gas, chemicals and power industries were particularly vulnerable to cyber attacks.
With the idea that you really can’t eliminate the risk if you want to realize the potential that connected operations provide, Intel Security and HPS will combine their cybersecurity advances with Honeywell’s industrial process domain knowledge to provide security solutions for process industries.
At the conference this week and in the Knowledge Center there, HPS was showing off the Industrial Cyber Security Risk Manager that it launched a couple months ago. Serving as a dashboard to help identify areas of cybersecurity risk, the Risk Manager goes hand in hand with other Honeywell security offerings, including the Industrial Cyber Security Lab that the company opened in Duluth, Ga., at the end of March.
Now, the partnership with Intel Security will help Honeywell expand the breadth of its offering, according to Jeff Zindel, global business leader for Honeywell’s Industrial Cyber Security Solutions group. “Working together, we will be able to accelerate and shorten the time of product introductions,” he said.
In a separate statement, Zindel said, “Our collaboration with Intel Security will enable integrated, validated solutions for our industrial process customers to more rapidly deploy and better protect their investment. This approach is critical to enable the productivity potential of Honeywell automation solutions and the Industrial Internet of Things.”
Application whitelisting is the first result of the partnership between Honeywell and Intel Security, Samani mentioned. Honeywell will qualify Intel Security’s Application Whitelisting and Device Control with its own cybersecurity for its Experion Process Knowledge System. The McAfee Application Whitelisting maintains system integrity by allowing only authorized code to run. McAfee Device Control allows users to specify and categorize what data can and cannot be transferred to various plug-in devices.
Honeywell is also offering Intel Security’s Enterprise Security Manager and Next Generation Firewall to its customers, and the products will be supported by Honeywell’s Risk Manager.