Outsourcing Cyber Security Services
By Bill Lydon, Editor
Cyber security outsourcing alternatives continue to grow. This growth is illustrated by the recent opening of Honeywell Process Solutions (HPS) Industrial Cyber Security Lab in Duluth, Georgia.
Cyber threats continue to grow at a rapid rate according to the U.S. Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team(ICS-CERT). ICS-CERT reports cyber incidents on industrial targets in 2014 continued to increase and are up more than 25 percent since 2011. ICS-CERT’s latest report also states that in 40 percent of incidents reported experts did not know how hackers intruded the system because they lacked detection and monitoring capabilities. Similar concerns were reflected in a global survey on cyber securityconducted by Ipsos Public Affairs in September of 2014 on behalf of Honeywell. In that survey, more than 75 percent of respondents from 10 countries said they were fearful that cyber criminals could disrupt major sectors of the economy, and identified the oil and gas, chemicals and power industries as particularly vulnerable. Cyber security protection, detection, and mitigation are a moving target. In 2014, Gartner estimated worldwide spending on information security will reach $71.1 billion in 2014, an increase of 7.9 percent over 2013. The data loss prevention segment recorded the fastest growth at 18.9 percent, according to their latest forecast. Total information security spending will grow a further 8.2 percent in 2015 to reach $76.9 billion. More information on Gartner estimates. As the number and sophistication of cyberattacks increase, so does the demand for people who can prevent such digital incursions.
Demand to fill cybersecurityjobs is booming. More than 209,000 cybersecurity jobs in the U.S. are unfilled, and postings are up 74 percent over the past five years, according to a Peninsula Press analysis of numbers from the Bureau of Labor Statistics. The demand for positions like information security professionals is expected to grow by 53 percent through 2018. U.S. News and World Report ranked a career in information security analysis eighth on its list of the 100 best jobs for 2015. They state the profession is growing at a rate of 36.5 percent through 2022.
Outsourced cyber security services may be a good alternative to maintaining in-house personnel. Keeping up with cyber security is a huge technical challenge and a moving target. It requires major ongoing investment to remain effective in deterring threats and performing damage control after an attack.
Honeywell Process Solutions (HPS) Industrial Cyber Security Lab
Jeff Zindel, General Manager of Honeywell’s Global Industrial Cyber Security Business, described how the new lab will help accelerate the development testing and demonstration of new solutions for customers. A Honeywell cyber security solution includes professional field services, advisory consulting, system integration, continuous support, and managed security services.
Managed security services can include continuous monitoring, alerting, and either full-time solutions management or complement the customer’s in-house capabilities. In addition to integrating Honeywell hardware and software, the organization integrates technology from leading cyber security vendors. The goal is to help customers move from a defensive posture to a continuous offensive approach and become more proactive, dynamic and resilient. Honeywell has executed more than 1,000 successful projects and currently manages more than 300 sites by providing continuous monitoring, alerting, and other managed services. Honeywell is also working with leading technology partners to integrate their solutions and efficiently introduce integrated industrial cyber security solutions. Mike Spear, Global Operations Manager of Industrial Cyber Security Lifecycle Solutions & Services at Honeywell Process Solutions, provided a tour of the Honeywell lab facility. He noted that it is one of the first of its kind in the industry and described the lab’s basic functions.
The lab includes a complete level 2 control environment up to a business control system. Leading third-party cyber solutions are also part of this system providing a way to perform full customer evaluations. The first and most important function is solution development and testing. “We leverage state-of-the-art industrial IT technologies but when you apply that to process control systems there’s a significant amount of testing and configuration that is required,” said Spear. The lab provides technology and tools to accomplish this without having an impact on customer’s process control system. Secondly, the lab provides an environment for simulating cyber-attacks including known attacks in the industry and penetration testing in a virtual environment that represents the customer system. The third function demonstrates the benefit of real-time cyber security controls in a process control environment and how they will meet the customer’s needs and goals.
A complete DCS can be simulated in a virtual system to do cyber risk analysis.
Eric Knapp, Director of Cyber Security Solutions and Technology for Honeywell’s Industrial Cyber Security Group, showed examples of cyber security threats penetrating a virtual process control system and how this provides insights for determining proper protection methods.
Honeywell’s cyber security services group is approaching 100 professionals, all experienced and trained in cyber security. Typically these professionals are senior IT people that are trained on industrial control systems. The company has developed its own certification processes and rigorous methodologies to ensure quality and consistency. Honeywell “shadows” new hires with an experienced person for six months to a year. Honeywell is also working with colleges to build “a farm team” of cyber professionals.