New Cyber Vulnerabilities Require a Tougher Offense

Mirel Sehic, global director of cybersecurity, Honeywell Building Technologies

Over the last decade, corporations have invested heavily in information technology (IT) security strategies aimed at mitigating cyber threats. These IT initiatives protect personal information, proprietary software and data, but operational technology (OT) systems – which control, monitor and protect processes, equipment and operational environments – are often neglected by IT departments, receiving less than their share of monitoring and maintenance.

In buildings, this means that assets like HVAC, building management, security and visitor tracking systems might be vulnerable to cyberattacks. Facility managers are increasingly aware of − and concerned by – OT cyber threats, as a recent Honeywell survey demonstrates. While they embrace the idea that monitoring and maintaining a building’s OT environment is every bit as critical as safeguarding IT systems, developing an effective OT cybersecurity plan poses challenges.

While the internet of things (IoT) can reduce downtime, automate processes, and increase profitability by integrating systems, it can also introduce security risks. Facility managers do not always practice strong cyber hygiene – not exposing smart building systems to the internet, installing patches and upgrades and using encryption protocols, potentially creating weak spots that open a back door to attackers.

New Tactics for Growing Threats

Companies that have implemented cybersecurity strategies for their OT environments, traditionally rely on prevention technology and passive detection such as perimeter security and network traffic analysis. As threat actors continue to gain critical mass and learn to exploit new vulnerabilities, facility managers need products and protocols that can quickly identify exposure and prevent or mitigate breaches.

New solutions such as the Honeywell Threat Defense Platform (HTDP) use autonomous, AI-powered deception tactics to help outsmart attackers and high-fidelity threat detection to minimize attacks. These technologies confuse attackers and lead them away from critical assets, resulting in high rates of detection with zero alert fatigue.

HTDP steers bad actors toward decoys that appear to be valuable OT and IT assets; however, the devices are not real and provide no access to actual enterprise assets. The solution makes critical operational devices harder to find, slowing adversaries and helping security teams capture them faster. It’s a proactive approach to cybersecurity – putting facility managers in an offensive position versus constantly playing defense.

Adapting to a Changing Landscape

The threat landscape continues to evolve as hackers identify and exploit new vulnerabilities and ramp up the frequency and sophistication of their attacks. This evolution will likely continue in an increasingly connected IoT environment, especially as much of modern software is hybridized – often using proprietary third-party or open source software – to enable less duplication and faster go-to-market strategies for company’s core competencies. This means in the case of an attack, it may take facility managers considerable time and coordination with vendors to learn the full extent of their potential exposure. This is even more concerning if they don’t currently practice good cyber offense and defense strategies.

The impact of cyber incidents can go beyond mere financial loss; operational and reputational damage can be equally devastating, if not more so. Facility managers and OT system operators can provide critical insider’s input in developing and implementing a vigilant security strategy to protect vital OT systems. A modern platform that employs AI-powered deception tactics to outsmart attackers, as well as high-fidelity threat detection to root out and control attacks, can play an integral role in enabling robust coverage.