BUILDING AUTOMATION
Customer Zero casestudy
Lulu International Turns to Honeywell for Sustainable Solutions
15% Energy Savings Within 18 Months
Quickly Identified Unrecognized Problem with Chiller Sequence of Operation
BACKGROUND
Honeywell makes the products that help solve some of the world’s toughest, most complex challenges. Its sustainable jet fuel and electric motor technology are designed to help airline operators to embrace the future of aviation. Its battery storage solutions are designed to help industrial companies more easily accelerate their climate objectives. And its AI and autonomous solutions are capable of helping organizations become more productive, safer, and more sustainable.
But to help the world be a safer and more prosperous place, Honeywell needed to improve the security of its own manufacturing environment first. Every one of its facilities depends on operational technology (OT) to function and, in turn, those OT environments depend on cybersecurity programs and solutions to help improve their defenses against malware and other cyberattacks that could disrupt or, worse, shut down its manufacturing sites.
This is the new normal in OT, at Honeywell and every other modern manufacturing organization. Where once OT environments consisted of isolated, air-gapped networks that were not connected to the internet, today’s OT environments require greater connectivity to realize the advantages of a fully digital experience.
With this connectedness comes vulnerability. “The previous approach of relying on isolation to protect OT environments is no longer realistic” says Chase Carpenter, Chief Information Security Officer at Honeywell. “With increased connectivity comes the risk of bad actors gaining access to these assets and using them as a launch point to attack other parts of the network, deploy malware, and cripple the ability to make products.”
Attacks cost money. According to the Ponemon Institute, the average cost of a cyber breach in critical infrastructure is now pegged at $4.5 million.1 What’s more, 75% of OT organizations experienced at least one intrusion in the past year.
But even worse, much worse, attacks can potentially cost lives. The reality is that cybercriminals and nation- state actors are targeting critical infrastructure like never before. Imagine this scenario. Hackers gain control of a chemical factory’s furnace control system. They tamper with the temperature settings and cause an explosion. The consequences of an incident like that could be catastrophic, especially since 9.3 million people reside within a 10-kilometer radius of the average chemical plant in the U.S.2
OT CYBERSECURITY STARTS WITH VISIBILITY
Defending OT environments from cyberattack should now be a priority at any manufacturing organization.To defend what you have, you must first understand what you need to protect. To gain that visibility into the OT networks, communication patterns, and attack vectors at its many manufacturing sites, Honeywell originally tried an off-the-shelf cybersecurity solution. The tool was not effective, though, for several reasons.
For starters, it wasn’t good at accurately capturing the hundreds or even thousands of assets on a given network, which, depending on the facility, might include workstations, test devices, control systems, CNC devices, and more.
“Over 49% of our assets were left unclassified,” says Mukesh Saseendran, Director of Cybersecurity at Honeywell. “We needed to have an individual walk down to every single workstation and document everything to get an accurate inventory, which in itself is an error- prone and manually intensive process.”
If an asset is undocumented, it’s a blind spot. It could present a gaping hole for attackers to exploit, and no one would know about it. Without the right cyber tools in place, Honeywell would have to shut down a factory every time the site was threatened, resulting in serious revenue leakage.
“The danger with this situation is that if I don’t know about a particular asset, I can’t protect it,” Carpenter says. “If there are areas where I’m blind to the assets on my network, that’s a terrifying scenario. There could be bad actors taking advantage of the situation to stage an attack. What’s more, I can’t determine if traffic patterns to and from a particular device are legitimate or not.I can’t even tell if that device is up to date from a patch or firmware perspective.”
CYBER INSIGHTS PROVIDES MUCH NEEDED CLARITY
Carpenter says he had three major must-haves when he started the selection process. First, the solution needs the capability to very accurately determine the inventory of assets on the network. Second, he and his team needed to be able to passively detect any malicious activity happening on the network. Third, he needed a solution designed to accurately identify the version of operating system or firmware on each asset and when it needs to be patched or updated.
“Cyber Insights absolutely delivered on every one of those must-haves,” says Carpenter.
Honeywell now has far greater visibility into all the assets and networks that manage, monitor, and control its industrial infrastructure.
“Having this visibility means that, in case there is a situation with the network, we can be sure we have the right kind of network configuration that helps me react to that threat quickly,” Saseendran says. “Previously, we didn’t have that information, but Cyber Insights helps us get there faster and it is designed to provide information within the context of what we’re trying to protect.”
On top of that, Cyber Insights is capable of providing a layer of vulnerability defense. If an unauthorized system is trying to communicate with another asset, it is designed to raise flags and send alerts about the potential threat.
Having the right security measures is also important from a compliance perspective. Without the right security controls in place, manufacturers like Honeywell might not be able to land big contracts. Additionally, there are now regulations that hold board members personally responsible under certain situations if appropriate cybersecurity measures are not implementedwithin their organizations.3
This means that failing to meet regulatory requirements not only poses risks to the organization but also to the individuals who hold leadership positions within it. Cyber Watch Governance is a separate module offering for use with Cyber Insights that provides a dashboard designed to help a customer actively monitor all sites for compliance with organizational policies and industry regulations.
CYBER INSIGHTS TURNS DOWN THE NOISE
Another major downside to that original off-the-shelf tool was that it was very difficult to implement. At each site, it took Honeywell from four to six months to get up and running with the solution. “We have over 400 factory sites at Honeywell,” says Saseendran, “so we cannot invest six months per site. That’s simply not an option. That’s why efficient onboarding is so critical.”
In contrast, Honeywell was able to onboard its first Cyber Insights site in less than a month, with seven sites onboarded in two months. Carpenter says he is now in the process of deploying Cyber Insights to 120 of Honeywell’s most critical manufacturing sites and expects to be fully up and running at all those locations within six months.
Honeywell has also worked to reduce the generally expected onboarding and deployment cycle time for Cyber Insights. Honeywell’s onboarding experience for a standard Cyber Insights implementation for a single site has generally been about one-third less than the time Honeywell experienced when implementing the prior off-the-shelf solution.
Additionally, Cyber Insights is capable of significantly reducing unnecessary noise, particularly in OT-centric environments. “The previous product discovered 200,000 to 300,000 assets and networks across all our sites, and we couldn’t understand why it was discovering so many,” explains Saseendran. “We later realized it was looking at the data and traffic incorrectly and, as a result, was generating a lot of noise. When we switched to Cyber Insights and did the audit correctly, we were down to 67,000 assets across those sites.”
Cyber Insights’ clear and straightforward representation of the network landscape simplified asset configuration and viewing, which is crucial for efficient asset discovery without resorting to manual audits. The user-friendly dashboard is designed to display critical threats, identified vulnerabilities, and compliance issues within the facility.
Likewise, Honeywell observed an 18% to 20% increase in asset discovery within the Honeywell deployed sites when using Cyber Insights. This is significant because it should eliminate the need for manual workstation audits, which is often error-prone and unreliable.
The fact that Cyber Insights is designed to integrate seamlessly with many other tools in the environment is another key selling point. “Without that integration, my team becomes stretched thin, as they have to monitor separate sets of tools,” Carpenter says. “We never want a situation where incidents occur in the OT and IT environments without us connecting the dots because the systems aren’t communicating effectively. If an anomaly arises, it’s essential to view it in the context of the entire potential attack landscape. We now have that ability.”
THE HONEYWELL DIFFERENCE
While cyber teams have gotten pretty good at implementing solutions, practices and procedures designed to improve security for IT systems, the truth is that OT cybersecurity is lagging behind because it requires specialized tools and knowledge. Organizations simply can’t use the tools they have in the IT space with confidence in managing their OT environment.
Honeywell has approached this challenge by leveraged its vast experience in the OT world to provide the cutting- edge Cyber Insights solution. “We have a very complex environment. We’ve got small sites, we’ve got large sites, we’ve got sites around the world, so we have this diverse set of requirements,” says Saseendran. “And if the product works for us in our manufacturing sites, it will very likely work for many of our customers as well.”
Implementing Cyber Insights can be like getting a good pair of glasses for the first time. Everything becomes clear. And with that clarity generally comes speed and efficiency. So, when and if there is an attack, Cyber Insights is designed to help the organization’s cyber team identify the cyber attack and know where to focus, which should help an organization save valuable time and resources. “There is no silver bullet to fully secure your OT environment,” says Carpenter. “But Honeywell has one of the most currently complete suite of products that can help organizations improve their protections for these critical assets.”
Honeywell Forge Cybersecurity+ | Cyber Insights is an ideal solution for most organizations that have an OT environment critical to its business. And it shows why Honeywell is at the forefront of industrial-grade software innovation.
“There is no silver bullet to fully secure your OT environment. But Honeywell has the most complete suite of products that can help protect these critical assets.”
Request A Demo
