-
Location
-
Asia Pacific
-
Europe
-
Middle East
-
North America
- |
- Contact
- |
-
Currency:Localize your Content
You can set your preferred currency for this account from the Home page.
Choose a Currency
Currency- CHOOSE YOUR CURRENCY
Update Currency
Changing Currency will cause your current cart to be deleted. Click OK to proceed.
To Keep your current cart, click CLOSE and then save your cart before changing currency.
-
Select Account
Switching accounts will update the product catalog available to you. When switching accounts, your current cart will not move to the new account you select. Your current cart will be available if you log back into this account again.
Account# Account Name City Zip/Post Code CANCELPROCEEDMy Account
-
News & Events
News & Events
-
News
Discover stories about the innovations and trends from Honeywell Building Technologies that help transform the way that buildings work.
-
Events
These HBT events bring the latest in building technology and trends to users around the globe. Trade shows, customer events, speaking engagements, HUG, Technology Day and webinars.
-
Press & Media
Read our press releases section and learn more about Honeywell Building Technologies.
-
News
-
Location
-
Asia Pacific
-
Europe
-
Middle East
-
North America
- |
- Contact
- |
You are browsing the product catalog for
- News
- Putting The 'O' in Cybersecurity
Putting The O in Cybersecurity
15 July 2019
Phishing. Malware. Spoofing. Rarely a week, sometimes even a day, goes by without word of a new threat or attack. We live in an age when bits and bytes are currency, sometimes literally. So while not justified, it makes sense that there are efforts to get information by any means. In parallel, there’s an acute and ever-evolving focus on protecting this critical information and the systems which allow us to effectively share, interpret, and utilize this information for personal and business purposes.
These systems typically involve Information Technology (IT) related processes; however there is an entire category of technology that may not dominate cybersecurity headlines, but is equally if not more important, especially for people who manage and maintain control systems that regulate everything from building comfort to the power grid. And that’s Operational Technology or OT.
What’s worse, someone getting access to millions of credit card numbers or taking control of a campus that houses tools critical to national security?
A rhetorical question, of course, since both outcomes are unacceptable. But that means organizations — and the companies that provide OT systems — need to be as vigilant about securing OT environments and their associated systems.
Here’s why OT matters and what to do about it.
Understanding OT
In basic terms, IT covers the spectrum of technologies that transfer, store and manipulate information while OT, according to analyst firm Gartner, “Is hardware and software that detects or causes a change through the direct monitoring and/or control of physical devices, processes and enterprise events.” Think data versus things.
There are other significant differences, though. OT systems, for example, typically have a longer lifespan than their IT counterparts. Whereas a company might give employees new laptops every two to four years, a fire alarm could sit on a wall for a decade or more. Plus, most corporations have a few (or a fleet) of people responsible for IT, while OT usually falls outside the traditional IT scope, and is left to control, process engineers or in many cases – no responsible party. These are just a couple reasons why OT systems tend to be outdated, and related hardware and software are more susceptible to compromise.
It’s an issue that will continue to grow — in the facilities realm in particular – as the internet of things balloons. These “things” are slowly becoming an integral part to our business success and the market is expected to reach 14.2 billion in 2019 and 25 billion by 2021. Halfway in between that relatively short span, smart buildings will account for more than 80 percent of connected devices, according to Gartner.
The combined risk of an attack with the sheer scale of potential entry points means it’s time to get OT practices in order and locked down.
Securing OT
There are several means to that end, but here are five key, broadly applicable starting steps:
- Don’t forget about OT security. Seems almost too elementary, but experience suggests otherwise. Out of sight, out of mind. Out of mind, out of date. That’s an all-too-common OT scenario. Operational cybersecurity should be a stated priority. Subsequently, it’s critical
to raise awareness and educate system users.
- Ensure appropriate ICT hygiene. There are a lot of information and control technology (ICT) security basics that OT folk can learn from the IT side. Employ best practices related to backups, patch management, password management, removable media, etc. They are already proven, so take these lessons, implement and adapt as necessary.
- Review OT systems best practices. These exist as well. To name a few that come to mind, the National Institute of Standards and Technology, the U.S. Department of Homeland Security, through its Cybersecurity and Infrastructure Security Agency, and Australian Signals Directorate via the Essential Eight Maturity Model have all published and continue to provide OT cybersecurity guidance.
- Look for ‘unknown’ internet connectivity. By identifying (with MAC and IP addresses) and monitoring all the devices that should be connected to a network, it’s possible to see those that shouldn’t be connected, and take proactive and reactive steps to block them.
- Ask more from OT suppliers. There’s one group that should be most attuned and attentive to cybersecurity, and that’s the companies that engineer and manufacture OT systems. Know the steps they’re taking to help protect customers and conduct cybersecurity assessments.
Moving Forward
Although it can feel theoretical when obvious danger isn’t present, the consequences of OT cyber incidents are quite real and measurable. For instance, in 2017, a malware attack blocked access to the systems that a shipping and logistics giant used to operate its cargo depots, shutting down one of the largest terminals at the Port of Los Angeles. The resulting equipment damage and business disruption was estimated to cost up to $300 million.
Fortunately, companies can take action to minimize threats. To learn more, read our whitepaper “Building Resilience, Through Visibility.” Or reach out for information about an OT security assessment tailored for real-world environments with practical remediation outcomes.
Copyright © 2024 Honeywell International Inc.
Maximum File Size
Maximum Files Exceeded
You cannot access this page as this product is not available in your country.
Maximum File Size
Maximum Files Exceeded
Due to inactivity you will be logged out in 000 seconds.