Industrial organisations should be part of digital transformation and the industrial internet of things (IIoT), but they also must improve their cyber-security defences to ward off threats, a top Honeywell official said.
“The power of connected [industrial internet of things] is real and promises tremendous productivity and gains and in critical of all that, it is the industrial cyber security that is required as the foundation and the core to make it safe and securely,” Jeff Zindel, vice-president and general manager for Honeywell industrial cybersecurity, said after opening the region’s first industrial cybersecurity centre in Dubai.
According to a recent LNS Research study, which polled 130 industrial companies about their approach to the industrial internet of things and their use of industrial cybersecurity technologies, he said that only 37 per cent are currently monitoring for unusual activity on their servers, while 53 per cent have reported a cybersecurity breach at their facility.
He said the fundamentals are not in place but there is a “tremendous opportunity” for industrial companies to move forward and secure their assets and operations. There is a global shortage of cybersecurity expertise and when it comes to the industrial segment, it is much higher.
“That is why we have invested millions into the industrial cyber security centre for the Middle East customers. We view that is absolutely imperative for companies to address cybersecurity as a programme and it needs to become an ongoing regular part of their operations and a true enabler of business success. So, companies need to address it in a holistic manner, looking at people, process and technology,” he said.
Honeywell has one industrial security centre in Atlanta at Georgia and building another facility in Singapore.
The centre has a safe off-process environment to test and demonstrate process control network vulnerabilities and threats, train customers with real-time attack simulations and provide customer consultations.
According to research firm MarketsandMarkets, the Middle East cyber security market size is expected to grow from $11.38 billion in 2017 to $22.14 billion by 2022.
“As threats to industrial control environments become more sophisticated, it will be crucial to train the workforce of the industry for effective cybersecurity implementation. We are living in a virtual and connected world where internet of things are shaping very fast,” said Safdar Akhtar, business development director of Industrial Cyber Security for Europe, Middle East and Africa at Honeywell Process Solutions.
He said that cybersecurity is a very rich subject and there is a big difference between IT and OT security. IT security is based on CIA (confidentiality, the integrity of assets and availability) and it is not that important when IT goes down and downtime is completely expectable.
He said that OT security is based on AIC, availability (the system cannot go down and needs to run 365 days), the integrity of assets and confidentiality. So you need to know a deep understanding of industrial protocol to make sure to protect people, process and technology.
IT systems are storage systems, computing technology, business applications and data analysis while OT systems are machinery equipment, assets monitoring systems and control systems
“People can make a simple mistake and jeopardise the availability. USB is the easiest median to attack someone because it is the most used piece of hardware. If you don’t have the proper technology, trained people, right processes, then attacks can penetrate through,” he said.