Eight Ways to Become a Cybersmart Organization

The importance of cybersecurity is increasingly more relevant in today’s world as many previously proprietary and closed systems are shifting and embracing more consumer, off the shelf and open systems. These systems are the backbone of the future that sees the use of Internet of Things (IoT), cloud services and data analytics to drive efficiency, reliability and productivity. With the increase in adoption of these connected services comes the need for cybersecurity, as previously standalone and potentially air-gapped networks are being digitized.

For supply chains in particular but also retailers and distribution warehouses, awareness has increased dramatically over the course of the past year due in part to the highly publicized attention these threats have gotten. For example:

• Some of the earliest reported breaches were on the infrastructure side, where several retailers reported the theft of customer data through their information infrastructure – in these cases, point of sale (POS) systems, Wi-Fi networks or even HVAC systems managed by a third-party vendor. These breaches continue.
• The ransomware (a type of malware) attacks of 2017 shut down actual supply chain operations:
  • "Petya" wreaked havoc for a Danish transport and logistics company with branches worldwide. The consequences of this ransomware attack were instant and devastating, bringing down the entire global IT network of a company responsible for close to a fifth of the entire planet’s shipping capacity.
  • "WannaCry" impacted a large automotive manufacturer in June 2017 when it was forced to shut down production at one of its critical manufacturing facilities.

As not every connected device or system is inherently valuable, hackers exploit vulnerabilities and can use supply chain automation systems as a gateway into more sensitive data and systems. They only have to find the weakest link. Network outages, cyberattacks, malware and similar incidents affect companies in ways that range from inconvenient productivity loss, to the disruption of service to customers, to the loss of sensitive data, to the entire shutdown of facilities. Cybercriminals in general are either interested in conducting disruptive attacks or attacks in which they gather some form of sensitive data including personally identifiable information, which now carries large fines through regulatory frameworks for organizations that do not properly protect it.

Being cybersmart starts with simple preventative measures and requires ongoing vigilance to protect your investment, your customers and your business.

A Few Cybersecurity Trends

These are the cybersecurity trends to be aware of, according to the Global Cybersecurity Alliance¹. Check out best practices in the Honeywell Android Security guide.

• Increase in ransomware. Ransomware has been an effective method for hackers, so experts believe it will remain a go-to attack for cybercriminals.
• Widespread attacks. Smart cybercriminals are now able to attack and infect dozens, or even hundreds, of networks in a matter of seconds. We are seeing the very tools that were previously only available to nation-state attackers being used by sophisticated attackers for corporate espionage, profit and disruption.² These very attackers are looking to disrupt critical supply chain and infrastructure much like a nation-state would have in the past. Previously, attackers were only able to target a few computers at once. These widespread attacks make them much more dangerous.
• Adding security on cannot keep up with technology. IT security services always keep up with technology as best they can, but it is not always possible with how rapidly technology evolves. It is much smarter to bake security into your products as Honeywell has done. Adding cybersecurity on later is a constant “cat and mouse” game that is sure to become expensive.
• Quick and devastating attacks. Viruses and malware no longer move slowly. They attack quickly and can compromise a significant amount of information in a very short amount of time.
• Don’t ignore the simple. Seventy percent of global cyberattacks come from financially motivated criminals who are using technically simple tactics, such as phishing emails.
• Don’t be the weakest. Attackers prefer easy targets and fast financial returns. If you take care of the simple and perform average due diligence, cybercriminals often move on to the next target that is easier to exploit.

Common Cybersecurity Vulnerabilities

Common cybersecurity vulnerabilities include:

• Internal threats orchestrated by cybercriminals targeting employees and maliciously persuading them to provide confidential company information.
• Unsecured access for administration or third-party contractors or vendors.
• Removable media brought into the site including USB drives, CD/DVDs, as well as laptops and mobile computers (smartphones). Threats from inside the company account for about 43% of data breaches.
• Insecure connections between the corporate IT network and Building Control Network.
• Missing or out-of-date anti-virus software.
• Inappropriate or insufficiently tested operating system patches.
• Unhardened network and server configurations.
• Inadequate backup and disaster recovery policy for the site, including offline/offsite backups.

Questions Companies Ask Themselves About Cybersecurity

Does your organization have any concerns regarding cybersecurity? Consider the following questions:

• How did your organization respond to the WannaCry and NotPetya cyberattacks?
• How is your network protected to limit attack surface and how do you identify and recover from cyber incidents?
• How concerned are you about negative press and public perceptions resulting from a security breach?
• How have you planned for compliance with the European Union’s General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA)?
• How do you track compliance with regulations?
• Are policies in place that document cybersecurity controls? How does your cybersecurity program incorporate industry standards and best practices?
• To what extent has cybersecurity risk been added to the traditional risk areas of physical and environmental as a focus area?
• How do you qualify software that runs on the Industrial Control System (ICS) or other warehousing automation and control systems?
• Is there a plan in place to quickly respond to a cyber incident?

Recommendations of Where to Begin

As a starting point for a cybersmart organization, we recommend the following actions:

• Security updates. Regularly install operating system and application security updates. See the Honeywell Android Security guide.
• Anti-virus. Ensure anti-virus software is up to date and installed across all assets.
• Stay current. Unpatched or outdated operating systems and application software are often more susceptible to cyberattacks. Ensure updates are being installed on a timely and regular basis.
• Hardening. Honeywell recommends the whitelisting of applications and processes on your systems, which is done through Enterprise Provisioner. A core concept in security is least privilege, therefore your users and devices should only perform actions and have applications absolutely necessary to running your business functionality. Implement secure configurations for devices and servers wherever possible. Disable unnecessary services and ports to limit the avenues an attacker can utilize to compromise a system. Do not leave troubleshooting or security tools installed on systems, unless necessary for the function of that system.
• Backups. Ensure appropriate backups and system restoration procedures are in place, with copies of the most recent backup stored in an offline or disconnected state to reduce infection susceptibility.
• Awareness. Take care when opening emails and attachments. Ensure building control system servers and workstations are not being used for email access or general web browsing, and are logically separated if running on a shared network. Inform and educate employees on how to identify scams, malicious links and social engineering attempts.
• Report concerns. Report any unusual system activity or unplanned disruption to your service team.
• Ongoing vigilance. Work with your service team to review service maintenance activities and frequency and develop an appropriate cybersecurity improvement plan for your facility. Additional activities may include undertaking a proactive cybersecurity health review of your Honeywell systems, or subscription to Honeywell’s Software Assurance program. Also, speak with your Cybersecurity Specialist about undertaking a cybersecurity assessment to identify potential vulnerabilities in cybersecurity controls. The purpose of this exercise is to proactively review our customers’ systems and make recommendations where required to improve its security. Check out the Honeywell Android Security guide.

Honeywell's Pillars to a Foundation of Trust

Every day, around the world, businesses are at risk of cyberattacks. Honeywell acknowledges the risk and believes the best way to minimize attacks and the losses that result from them is to take a pervasive and holistic approach to security. Pervasive means Honeywell approaches security from multiple angles, which include gathering intelligence on cyber events in multiple industries, building protections directly into devices and software, and maintaining a 24/7 level of vigilance on the cyber climate. A holistic approach to security means that we need to pay attention to the entire picture and individual aspects of a product offering.

Honeywell aims to integrate all these elements designed to safeguard an organization to empower our customers to build a solution with security built in from the beginning. We focus on protecting you and our products (e.g., mobile computers, scanners and printers) against sophisticated attacks at all levels, from low-level opportunistic hackers to industrial espionage and cyber criminals. Honeywell is a founding member of the ISA Global Security Alliance, which means that all of our products go through ISA62433 security requirements from their inception.

Honeywell’s story begins 100+ years ago as a global leader in industrial manufacturing and advanced technology. We have used that expertise to drive cybersecurity innovation with over 15 years as a key leader in industrial cybersecurity solutions helping transform and protect the world’s most critical infrastructures. Our broad portfolio includes Operational Technology (OT) cybersecurity software products and services that allow customers to simplify, strengthen and scale industrial cybersecurity across an enterprise.

Our global team of 300+ Certified Cybersecurity Experts have successfully implemented 5,000+ cybersecurity projects, managed 400+ industrial cybersecurity sites, conducted hundreds of risk assessments and have the breadth of resources to help execute projects of every size and complexity across 70 industry sectors often involving critical infrastructure and national security. These include: supply chain, healthcare, oil and gas, refining, pulp and paper, industrial power generation, chemicals and petrochemicals, biofuels, life sciences, CPG, F&B, utilities, water/waste, metals, minerals and mining industries.

Honeywell’s large footprint in multiple industries gives us a broad view of emerging cybersecurity threats in their earliest stages in industries where the typical cybersecurity offerings are not usually present. This allows us to identify issues, develop countermeasures and deploy them to our customers earlier than our competition in this industry that usually does not receive attention. We also leverage relationships to receive pre-disclosures of vulnerabilities from industry councils and partners including Intel, Qualcomm and Google as well as from our participation and work with various organizations such as ICS-CERT (concentrated around Industrial Controls), NVD, DHS CISA and many more. Furthermore, Honeywell’s size, strength and global presence allows us to leverage the broad investment in security across our enterprise.

Cybersecurity is core to Honeywell. We design security into our products, policies and processes. Our baked-in-from-inception approach to cybersecurity, design-to-delivery process has a strong emphasis on building security into products to anticipate and mitigate risk before a breach can happen. We do this by embedding deep domain knowledge, product testing and security requirements of industry-leading security practices throughout our full design and development process to ensure our solutions are as secure as possible from the start.

We aim to make our solutions as free of vulnerabilities and attack surface as possible through such measures as continuous testing, authentication safeguards and adherence to best programming practices. We believe security must evolve with the product that our customers purchase. A group of dedicated white-hat penetration testers with industry-leading certifications such as OSCE/OSCP, completely independent from the engineering team, continuously test our solutions to ensure we have the highest standards for defense.

Contact a Honeywell Solutions Expert today!  Call 1-800-934-3163.

¹ https://isagca.org/

² https://arstechnica.com/information-technology/2019/05/stolen-nsa-hacking-tools-were-used-in-the-wild-14-months-before-shadow-brokers-leak/