Risks for the energy sector’s operating technology (OT) and industrial internet of things (IIoT) are “widespread and rising” at a magnitude that should be a major cause for concern, according to a senior Honeywell executive who leads the global software industrial’s automation and controls cybersecurity unit.
In an interview with Forbes on the sidelines of the recently concluded Honeywell Users Group 2019 conference in The Hague, Netherlands, Jeff Zindel, Vice President and General Manager of Cybersecurity at Honeywell Process Solutions, said: “Rising rate of OT and IIoT cyber incidents are much more serious than conventional or back office information technology (IT) breaches. The consequences of a breach are much graver when it comes to the former.
“Unlike IT cybersecurity, which is focused on protecting confidentiality, data and privacy; in the OT and industrials space, we are focused on protecting people, processes, operations and [often strategic] assets. The threat is real, growing and very high.
Jeff Zindel, Vice President and General Manager of Cybersecurity at Honeywell Process Solutions,… [+]
“An OT cyber incident could cause a loss of life, impact the environment, trigger a production loss and disrupt operations, not just reputational damage. More and more cases are coming into the public domain; for instance widely publicized incidents like ransomware attacks.”
Zindel says HPS is not just noting a rise in the frequency of cyber attacks, but discovering more types and sophistication of malware and bots attacks. “However, the industry’s responses are getting equally agile.”
And where there is alarm, this agility translates into opportunity for industry vendors. By some estimates, $40 billion was spent on cybersecurity in 2018, a figure that might rise byover 12% to $45 billion come the end of 2019.
The actual figure could be higher still as a number of oil and gas companies include spending on cybersecurity in their overall IT infrastructure costs. Some even include it in a rather archaic fashion as administrative overheads. Eyeing the market, HPS launched a dedicated cybersecurity consulting unit CyberVantage in 2018, based on over a decade of expertise in providing security solutions.
On Thursday (September 25), and barely 12 months on, HPS went further and took the natural pathway of launching a full-service consulting, solutions and managed service product – the Honeywell Forge Cybersecurity Platform.
“Honeywell Forge simplifies and strengthens our cybersecurity offering by combining security operations management capabilities with asset management capabilities to help clients more effectively, either on single or multiple sites with multi-vendor (control systems) environments.
“Everything from architecture and design, implementation of different cybersecurity controls, managed security services and remote monitoring could be offered under one product suite; and teams are there 24-7.”
Zindel claims the company’s cybersecurity products on offer have been deployed in over 5,000 projects, giving HPS considerable knowhow on emerging threats that it can offer to clients. Mainstay deployments have conventionally been in the energy, oil, gas, petrochemical and utilities businesses, but HPS is increasingly servicing Honeywell’s pharmaceutical and food and beverage clients too.
Zindell says energy sector players are now recognizing the need for an “enterprise-wide… [+]
Marketing of the platform is being done along the outfit’s regional operating silos – the Americas, Europe, Middle east & Asia Pacific. “Industrial OT cybersecurity services take-up is the highest where the threat is considered the highest. These days this appears to emanate from the Middle East. We’re seeing increasing demand within Americas, Europe as well and via major operators in Asia.”
Zindel also says energy sector players are now recognizing the need for an “enterprise-wide solution” to cybersecurity. It is no longer commonplace to find a big oil company’s operations in North America being ahead on the protection curve compared to its Asian or African sites.
“Threat visibility and understanding has risen to a corporate and board level resulting in increasing demand for a multi-region, multi-site, multi-country solutions which is positive for the service providers like Honeywell.”
As for the age-old debate of the cybersecurity challenge versus storing data on or off premise, Zindell says the sector is past it.
“Comfort levels are rising with off-premise data as companies are increasingly recognizing the benefits of secure digital transformation. The key is that data is kept secure, whether on or off premise does not matter. In either eventuality, or as demanded by law, HPS has secure protection solutions for both eventualities.”
As for the Honeywell unit itself, Zindel says his team is constantly on its toes. “We’re cybersecure through paranoia. We are always worrying about the next OT breach risk and the next vulnerability and Forge is a by-product of that. Our aim in the current climate is to improve enterprise performance while reducing the cost of cybersecurity to match bespoke operating conditions, and that is pretty compelling.”
