Honeywell has invested millions of dollars to create a state-of-the-art, comprehensive cyber lab focused exclusively on Industrial Control System (ICS) cyber security. At the core of the lab is a complete Honeywell Distributed Control System (DCS). For each cyber security control evaluated, such as a firewall, Honeywell has identified and implemented technology from at least two vendors, so customers have a choice when determining which solution best fits their needs.
Research – A fully functioning industrial cyber lab provides the environment for research on potential vulnerabilities, which could ultimately result in a negative impact to industrial control systems. For example, most research is focused on digital attacks but through leveraging the capabilities of an industrial lab, research is underway to explore the impact of physical attacks on cyber assets or cyber-physical security.
Development – It is well known that countless tools and controls to protect networks from unwanted security threats have been developed in the Information Technology (IT) world. However, many of these Commercial off the Shelf (COTS) tools require significant customization and configuration when applied to industrial control, to avoid catastrophic consequences. A fully-functional research lab enables the solution vendor to push the limits of these tools in order to maximize the benefits for industrial customers. Additionally, due to the nature of process control, some tools are simply not available. Therefore, a comprehensive lab provides the environment to develop and test new options for the unique environment of Operations Technology (OT).
Training – IT technology changes rapidly and personnel working in this environment require continuous training. As cyber threats against ICS become more sophisticated, educating cyber security specialists on vulnerabilities, covert and overt methods of exploitation, and corresponding defense and response techniques becomes a key objective in protecting industrial control systems. Most hardware vendors provide training that’s almost exclusively focused on the IT environment they serve, but with an ICS on site at the lab, trainees can experience firsthand the effects of out-of-the-box configurations without the potential negative consequences of reduced production or safety levels.