by Gary Mintchell | May 1, 2024 | Automation, Security
The 6th Honeywell cybersecurity research concludes that yes, you are being targeted, and maybe not where you expect it. Yes, it is still humans that are the most vulnerable link in the cybersecurity defense Maginot line.
- New research indicates increasing sophistication of cyber criminals targeting operational technology (OT) and the industrial sector
- USB devices continue to be leveraged as part of larger cyberattack campaigns aiming to manipulate rather than exploit
New research from Honeywell provides insight into just how dangerous unchecked USB devices can be in operational technology (OT) environments. Honeywell discovered that adversaries are now using USB devices to gain access to industrial control systems, where they can hide and observe operations before launching attacks that leverage the inherent capabilities of the systems, known as “living off the land” (LotL) attacks. These attacks are less dependent on exploiting vulnerabilities and more focused on collecting information, evading detection and manipulating the target systems.
“Targeted cyber-physical attacks are no longer about zero-day exploits that take advantage of an unknown or unaddressed vulnerability. Instead, they are more about silent residency – using LotL attacks to wait until there is an opportune moment to turn a system against itself,” said Micheal Ruiz, vice president of OT cybersecurity for Honeywell.
According to the report, most of the malware detected on USB devices by Honeywell’s Secure Media Exchange could cause loss of view or loss of control of an industrial process, a potentially catastrophic scenario for operators.
The 2024 report is based on the Honeywell Global Analysis, Research and Defense (GARD) team’s tracking and analysis of aggregated cybersecurity threat data from hundreds of industrial facilities globally during a 12-month period.
Several of the report’s additional key findings included:
- USB devices continue to be used as an initial attack vector into industrial environments, as 51% of malware is designed to spread via USB, a nearly six-fold increase from 9% in 2019.
- Content-based malware, which uses existing documents and scripting functions maliciously, is on the rise, accounting for 20% of malware.
- Over 13% of all malware blocked specifically leveraged the inherent capabilities of common documents, such as Word, Excel and PDF documents.
- Malware can cause significant impact, such as loss of view, loss of control, or system outages in OT environments. 82% of malware is capable of causing disruption to industrial operations.
by Gary Mintchell | Apr 29, 2024 | News, Security, Technology
I haven’t had word from ISA for quite some time. And especially the cybersecurity certification program. This news concerns GE Power Conversion’s HPCi Controller achieving cybersecurity Security Level 3 certificates of conformance. Congratulations.
The International Society of Automation (ISA) announced that its ISASecure cybersecurity certification program has issued the world’s first Security Level 3 (SL3) certificates of conformance. The ISASecure program certifies conformance to the ISA/IEC 62443 series of internationally recognized automation and control systems cybersecurity standards.
Among the first automation products to achieve this challenging security classification is GE Power Conversion’s HPCi Controller.
“We are pleased to see GE taking a leadership role in securing automation that affects our everyday lives,” said Andre Ristaino, managing director, ISA conformity assessment programs. “Securing products to SL3 surpasses the minimum SL2 needed to defend against intentional cyber attacks.”
The ISASecure SL3 certification provides confidence to GE Power Conversion customers that the HPCi Controller is free of known cybersecurity vulnerabilities and is robust against network attacks, and independently confirms conformance to ISA/IEC 62443-4-2 SL3 security requirements. This is the world’s first ISASecure CSA 1.0.0 Level 3 certification.
Following soon after GE, Bitron Electronics also completed the necessary requirements to pass the SL3 certification evaluation, making Bitron the second supplier to achieve this advanced certification level under the ISASecure certification scheme.
“With two SL3 certifications already complete, these certifications further demonstrate the marketplace’s growing acceptance of the ISASecure ISA/IEC 62443 conformance scheme as the leading certification scheme on the market today,” said Brandon Price, senior principal for industrial cybersecurity at ExxonMobil and ISASecure board chair.
Companies that choose to achieve higher levels of certification understand how to apply the ISA/IEC 62443 standards and recognize the value of protections and assurances they provide to their end-user customers. As the need for advanced security protection grows, ISASecure certifications – recognized and accepted globally – continue to be the most sought-after certification specified by end users.
ISASecure recently published a whitepaper describing the value of securing automation and control systems to SL2 or higher. “The Case for ISA/IEC 62443 Security Level 2 as a Minimum for COTS Components” is available for download on the ISASecure website.
by Gary Mintchell | Apr 24, 2024 | Business, Security
More and more companies are developing partnerships to serve customers rather than trying to reinvent the wheel. Hexagon had acquired PAS and its Cyber Integrity solution some years ago. This partnership announced with cybersecurity solution provider Dragos aims to do no less than “revolutionize OT cybersecurity at industrial facilities.”
The technical partnership focuses on integrating the complementary OT cybersecurity capabilities of the Dragos Platform and Hexagon’s PAS Cyber Integrity to provide customers with enhanced inventory data, comprehensive configuration management and superior intrusion detection and threat management to protect businesses operating in multiple critical infrastructure sectors. The collaboration is expected to harness the respective strengths, industry insights and innovative spirit of both Dragos and Hexagon.
“This relationship represents a significant step in forging the future of OT cybersecurity,” said Nick Cappi, vice president of OT Cybersecurity at Hexagon. “Through the integration of technologies, industrial facilities that use Hexagon and Dragos will be in a better position to achieve their security goals. We are excited to work together and collectively solve bigger security challenges for customers.”
The companies will integrate their specialized expertise and capabilities to tackle the unique challenges encountered by owner operators. Together, they aspire to enhance safety, efficiency and productivity, with a goal of revolutionizing how the cybersecurity industry protects industrial infrastructure and valuable assets.
“Hexagon is known for providing forward leaning technology that also prioritizes safety and security, and the partnership with Dragos brings additional value to industrial and critical infrastructure organizations using our technologies,” said Matt Cowell, Global VP of Business Development at Dragos. “The integration between Dragos and Hexagon will leverage our complementary capabilities and respective strengths to provide an integrated approach to managing security across the different layers of the operational environment.”
by Gary Mintchell | Apr 15, 2024 | Automation, Security
Honeywell has been known for cybersecurity solutions for a long time. With its Honeywell Connected Enterprise platform, it is supporting the corporations realigned portfolio around powerful megatrends, including automation and energy transition. I had a cybersecurity problem and solved it with this solution said no one anywhere. However, here is a story about a company who has implemented Honeywell’s cybersecurity solutions.
Honeywell announced that Petróleos del Perú S.A. (Petroperú), one of the largest hydrocarbon producers, refiners and distributors in Peru, will implement Honeywell cybersecurity solutions in order to help Petroperú strengthen the cyber resiliency of its refinery operations and accelerate its broader digital transformation.
Petroperú’s multi-year investment with Honeywell includes access to Honeywell’s cybersecurity consulting support, managed security services and world-class threat detection capabilities. Honeywell will help Petroperú further scale its operational technology (OT) cybersecurity efforts in order to improve visibility into potential cybersecurity vulnerabilities and threats across its systems.
“Cybersecurity resiliency is a crucial capability that underpins our sustainable operations as we work toward the future in the energy transition,” said Fernando Villacorta Padilla, chief controls and advanced applications engineer, Petroperú. “Honeywell’s cybersecurity services complement the innovative software solutions that it previously developed to support our digitalization initiatives and our refinery modernization project.”
Petroperú’s implementation of Honeywell’s cybersecurity solutions builds upon its prior integration of Honeywell Forge Workforce Competency solutions, which the company currently uses to train its industrial workforce regarding safer and more efficient operations. The added integration of Honeywell cybersecurity solutions will help Petroperú to further improve its operational efficiency, safety and security programs across Petroperú’s plants and refineries.
“Without strong cybersecurity capabilities, energy companies that heavily rely on technology and information systems to operate can face serious consequences, including financial losses, operational disruptions, reputational damage and environmental risks,” said Sunil Pandita, vice president and general manager of Honeywell Cyber & Connected Industrials. “While Petroperú is already at forefront of the digital transformation within the energy sector, Honeywell’s cybersecurity solutions will help Petroperú to identify and minimize potential cyber risks in near real time in order to create safer, more efficient operations that benefit both customers and employees.”
Honeywell has been working with Petroperú for almost 50 years. Additionally, Honeywell provides engineering, licenses, services and technical support for three units currently in operation.
by Gary Mintchell | Apr 4, 2024 | Security
Technology trends form a large part of reporting here. Another trend is companies sending out questionnaires and publishing reports. This one from Xage Security asked about manufacturers’ opinions regarding zero trust adoption.
Highlights:
- Manufacturers are worried about data sharing – 90% of respondents in the manufacturing industry are concerned with sharing data outside the organization, either via cloud services or with third parties.
- Industries are embracing transformation at varying speeds – Manufacturing leads the charge, with 90% agreeing that integrating IT / OT and digital transformation is a pathway to progress. However, oil & gas is lagging at 35% in agreement.
- Most organizations have adopted zero trust principles – 72% have started adopting zero trust principles, with 31% currently in the process of crafting a strategy for zero trust deployment.
“While zero trust is not a one-size-fits-all model, the data shows that organizations are evolving their understanding of zero trust as a strategy to enhance the safety, security, and reliability of both their enterprise IT and OT environments,” said Jonathon Gordon, Industry Analyst at Takepoint Research. “The industrial world is taking action and recognizes the necessity to expedite zero trust adoption to keep our nation’s—and world’s—critical infrastructure safe from cyberattacks.”
Xage partnered with Takepoint Research to survey 250+ cybersecurity senior leaders across critical infrastructure organizations, energy, utilities, transportation, oil and gas and manufacturing. Data was collected from December, 2023 through February, 2024.
“Amidst market confusion surrounding various zero trust strategies, it is evident that organizations are now diligently navigating through them and honing their approaches,” said Sri Sundaralingam, SVP of Marketing at Xage. “The survey results underscore the increasing adoption of zero trust across industrial sectors, aimed at mitigating crucial business risks while propelling digital transformation alongside new business initiatives.”
Get the full Zero Trust Report here.
by Gary Mintchell | Mar 1, 2024 | Business, News, Security
New OT threat groups include VOLTZITE linked to Volt Typhoon; ransomware attacks grew 50 percent; state actors and unsophisticated hacktivist groups gained ground against OT systems.
Cybersecurity companies busily conduct surveys and issue reports. This news concerns Dragos’ release of its sixth annual OT Cybersecurity Year in Review report.
The report named the emergence of three new threat groups, including VOLTZITE linked to Volt Typhoon, and found that ransomware continued to be the most reported cyber threat among industrial organizations with a nearly 50% increase in reported incidents. 2023 also saw the first time a hacktivist group achieved Stage 2 of the ICS Cyber Kill Chain.
Based on data gathered from annual customer service engagements conducted by Dragos’s cybersecurity experts in the field across the range of industrial sectors, the top challenges industrial organizations need to address are:
- Lack of Sufficient Security Controls: 28% of service engagements involved issues with improper network segmentation or improperly configured firewalls.
- Improper Network Segmentation: Approximately 70% of OT-related incidents originated from within the IT environment.
- Lack of Separate IT & OT User Management: 17% of organizations had a shared domain architecture between their IT and OT systems, the most common method of lateral movement and privilege escalation.
- External Connections to the ICS Environment: Dragos observed four threat groups exploiting public-facing devices and external services and issued findings related to externally facing networks such as the internet in 20% of engagement reports.
