Media Roundtable – Honeywell Industrial Cybersecurity Group
Published on : Monday 23-09-2019
To set the tone for the discussion, Ashish Gaikwad provided some background information about how a couple of years ago Honeywell communicated to the markets a shift in focus from the industrial type of portfolio comprising products, solutions and services to ‘software industrial’. “This is the digital journey that we want to take along with our customers – and by customers I mean the process industries. This has picked up very well, the whole digital transformation initiatives where the solutions are now offered under Honeywell Connected Plant, which is essentially promoting the Industrial Internet of Things or IIoT”, said Ashish.
The threat from cyber criminals
But there is a flip side to this connectivity and access in terms of a parallel threat emerging in the form of malicious attacks threatening plants, assets and reputation. There are many instances of this, in the Middle East as well as other parts of the world. Also many of the insurance companies do not cover cybercrimes, which rules out any compensation. Ashish quoted the example of a global confectionary maker with 114 plants worldwide that was targeted recently, after which the company approached Honeywell for effective solution, which brings the focus on industrial cybersecurity to protect the assets and control systems of installations.
“The theme of Honeywell India Users Summit 2019 is Cybersecurity. Another fact is that Honeywell alone cannot meet this threat effectively, in spite of spending a lot of time, energy and R&D dollars on this. India has been lucky that no major attack has occurred and hence it is better to be proactive now than regret later,” emphasised Ashish. The summit was a dialogue with all the stakeholders, which includes besides the user industries other automation vendors and technology providers supplying hardware/software, networks, etc., to them – companies like Dell or Microsoft – as well as the regulating agencies. The entire event was an exercise in getting a broad consensus on dealing with this threat, bringing awareness, learning from the past to be prepared for the future.
The cybersecurity survey
The survey – with a sample size of about 250 respondents – targeted only the process industries in India. It has thrown up some interesting outcome and what it essentially says is roughly half of them are aware of the breaches, ranging from small instances or disruptions to some little more significant threats. “The more important thing though is many of the experts I have talked to are of the firm opinion that there can be only two categories of such customers; first, who know and have experienced some breaches, and the other who are having the breaches but not even aware of them, having no means to find out. The nature of this threat is it is quite hidden before making a sudden appearance and the world has not yet come to grips with it,” said Ashish.
As one of the leaders in industry providing solutions, Honeywell has taken lead in providing skills and competencies to create expertise in cybersecurity by working with the user industries. Since this expertise cannot be created overnight, one of the approaches Honeywell follows is acquisitions. “We have acquired a while ago Nextnine, an industrial cybersecurity leader from Israel, which has the necessary expertise. The advantage of this acquisition, besides, the expertise they have, is that Nextnine, having worked with multiple vendors has solutions not just for Honeywell but also its peers, and is vendor agnostic when it comes to solutions. These solutions were on display during the summit and have generated a lot of interest. I am happy the ball has started rolling and we will continue this dialogue,” he added.
Tackling the menace
Responding to a specific question on what could be the solution in cases where the company in question is not even aware of a breach happening,
Ashish Gaikwad replied that many times a breach does not immediately start a disruption, but the malware just resides in the system waiting for an opportune moment to strike. This in turn can be triggered by anything, even a pen drive. In fact the threat from an infected pen drive is well documented, especially the example of how Stuxnet reportedly sabotaged the Iranian Nuclear Programme setting it back by a couple of years. Here again Honeywell has a solution in the form of SMX or Secure Media Exchange. The SMX records and monitors the use of removable media like pen drives and scans the content before allowing the connection. It has advanced threat detection capabilities to safeguard critical infrastructures and isolated network environments, thus bridging the IT/OT divide as divide well. Taking note of the IT/OT divide, Ashish is of the view that organisations sooner rather than later will have to have a C level person, say a Chief Information & Security Officer, to coordinate the efforts directed at ensuring cybersecurity. “But the fact is the ball is now set rolling and talking about the summit, the response has been extremely encouraging. This will continue as just one event is not enough, this is a continuous process,” he added.
If this is the state of process industries which are mostly large organisations, what is the status when it comes to SMEs? Well, we always start with the biggies, admitted Ashish. But then he rightly pointed out that the malicious attacks are basically targeted at the biggies for obvious reasons. Having said that, the threat of malware is common to all companies big or small, so Honeywell also makes available a version of the SMX which is very affordable to SMEs. The company has a range of offering that can go to different levels. Of course due to the high costs involved, Honeywell does not service the SMEs directly – the segment is served by the Channel Partners, who are strategically located across all the major industrial clusters in the country.
Honeywell Survey on Cybersecurity in India
Almost 50% of respondents who experienced a cybersecurity breach in the past year report a reputational impact on their business
According to the recent Honeywell survey of business leaders in India, industrial cybersecurity breaches are damaging organisations, impacting the bottom line and company reputation. The survey polled strategic decision-makers from Indian industrial companies on types of cybersecurity threats, their approach to dealing with them, and their organisation’s respective preparedness as they adopt Industrial Internet of Things (IIoT)-enabled technologies.
“This new information from Honeywell reveals that while decision-makers are more aware of threats, cybersecurity layers of defense have not yet been implemented by a majority of India’s industrial community,” said Ashish Gaikwad, managing director, Honeywell Automation India Limited. “The cost of industrial cyberattacks cannot be measured in capital losses alone, but must also be measured by the potential reputational damage a company could sustain. These survey findings underscore the need for our ongoing work to ensure every enterprise can safely manage their cybersecurity risks.”
(The full result of the survey is available online)