Efficient Plant Nov./Dec 2019 - 12

feature | cybersecurity
would be a boon to securing
our operations and, at the
same time, of course
requires further security
considerations.
Connected devices
now in design and
coding, benefiting
from the use of the IT
world's Secure Software Development
Lifecycle (SSDLC),
are able to incorporate
Secure-by-Design and
Privacy-by-Design constructs. Extending my example above for legacy and today,
the ability of a software industrial
manufacturer or an information-technology vendor to issue a product with a user
ID and password requiring change on deployment
and configuration, and to follow change policies from
an organizations' identity and access-management
baselines, allows better control and security postures.
Being able to update code over the wire/air changes
the entire operational picture for an industrial plant.
In turn, this allows better oversight through singlepane-of-glass approaches and consolidation of operations to extend efficiency. Hence a connected IIoT
is way ahead of consumer-focused IoT on security.
Everyone needs to understand these two differing
approaches as the explosion of interconnected devices
continues.

OT, IT VULNERABILITIES
So what is the downside? As we all design and employ
OT devices, we will see that our techniques and coding can introduce errors and vulnerable conditions.
Rigor in development and in deployment configurations, and operations safeguarding, are how we need
to protect against these risks.
SSDLC requires adjusting the entire development
process and inserting education, security tools, and
trained security personnel to support and enhance
the engineering teams. SSDLC is a process with tools
and reviews, with hard work by all to release secure

12

| EFFICIENTPLANTMAG.COM

products. As the NIST Cybersecurity Framework
(NIST, Gaithersburg, MD, nist.gov) points out, organizations also need to be ready with an incidentresponse process to accept and fix issues as they are
reported or discovered.
For older code that is already in industrial networks, we have to apply controls through segmentation, access control, and in protecting the data across
the entirety of the operation. Don't forget about the
vendors with access to your networks. Allow them
access only as necessary, and then only to the extent
required to do the work. Deploy security controls
such as secure remote-access solutions to log, record,
and secure sessions.
Many suggest that their security is fine because
they are on a serial-only connection. In theory, that
will work. However, in practice, I often see challenges
as the out-of-band connections through microwave,
dial-up modem, high-frequency radio, and cellular
make a circuit, and then the attacker is in. So the convergence and overlap of communications paths forces
us to look again at our configurations. Serial by itself
will not be the protection. We have three things to
protect in these situations: the data itself, identity and
access to the data, and the device holding the data.
This requires that we form a risk-based approach as
well as safeguards for the data and the industrialautomation systems protecting the same.
Edge computing, with its ability to provide efficiency for industrial operations and reduced workloads,
is well worth our attention, notwithstanding the
security challenges. It is incumbent upon every person involved to address and employ secure practices.
The attackers rely on our inability to effectively close
openings and will take advantage when we are not
diligent. Done correctly, we can quickly realize the
promise of edge computing. EP
Peter Allor is the chief security officer for Honeywell
Connected Enterprise, Atlanta (Honeywell.com) covering cloud platform, applications, and edge devices. He
is responsible for the secure software development and
deployment of HCE products and the security operations and monitoring of those products in the cloud. He
manages the Product Security Incident Response Team
and represents Honeywell in incident-response forums.

NOV/DEC 2019


http://www.nist.gov http://www.Honeywell.com http://www.EFFICIENTPLANTMAG.COM

Efficient Plant Nov./Dec 2019

Table of Contents for the Digital Edition of Efficient Plant Nov./Dec 2019

Efficient Plant Nov./Dec 2019 - 1
Efficient Plant Nov./Dec 2019 - Cover1
Efficient Plant Nov./Dec 2019 - Cover2
Efficient Plant Nov./Dec 2019 - 1
Efficient Plant Nov./Dec 2019 - 2
Efficient Plant Nov./Dec 2019 - 3
Efficient Plant Nov./Dec 2019 - 4
Efficient Plant Nov./Dec 2019 - 5
Efficient Plant Nov./Dec 2019 - 6
Efficient Plant Nov./Dec 2019 - 7
Efficient Plant Nov./Dec 2019 - 8
Efficient Plant Nov./Dec 2019 - 9
Efficient Plant Nov./Dec 2019 - 10
Efficient Plant Nov./Dec 2019 - 11
Efficient Plant Nov./Dec 2019 - 12
Efficient Plant Nov./Dec 2019 - 13
Efficient Plant Nov./Dec 2019 - 14
Efficient Plant Nov./Dec 2019 - 15
Efficient Plant Nov./Dec 2019 - 16
Efficient Plant Nov./Dec 2019 - 17
Efficient Plant Nov./Dec 2019 - 18
Efficient Plant Nov./Dec 2019 - 19
Efficient Plant Nov./Dec 2019 - 20
Efficient Plant Nov./Dec 2019 - 21
Efficient Plant Nov./Dec 2019 - 22
Efficient Plant Nov./Dec 2019 - 23
Efficient Plant Nov./Dec 2019 - 24
Efficient Plant Nov./Dec 2019 - 25
Efficient Plant Nov./Dec 2019 - 26
Efficient Plant Nov./Dec 2019 - 27
Efficient Plant Nov./Dec 2019 - 28
Efficient Plant Nov./Dec 2019 - 29
Efficient Plant Nov./Dec 2019 - 30
Efficient Plant Nov./Dec 2019 - 31
Efficient Plant Nov./Dec 2019 - 32
Efficient Plant Nov./Dec 2019 - 33
Efficient Plant Nov./Dec 2019 - 34
Efficient Plant Nov./Dec 2019 - 35
Efficient Plant Nov./Dec 2019 - 36
Efficient Plant Nov./Dec 2019 - 37
Efficient Plant Nov./Dec 2019 - 38
Efficient Plant Nov./Dec 2019 - 39
Efficient Plant Nov./Dec 2019 - 40
Efficient Plant Nov./Dec 2019 - Cover3
Efficient Plant Nov./Dec 2019 - Cover4
https://www.nxtbook.com/atp/MaintenanceTechnology/efficient-plant-june-2021
https://www.nxtbook.com/atp/MaintenanceTechnology/epapril2021
https://www.nxtbook.com/atp/MaintenanceTechnology/epmarch2021
https://www.nxtbook.com/atp/MaintenanceTechnology/epjanfeb2021
https://www.nxtbook.com/atp/MaintenanceTechnology/epjulyaug2020
https://www.nxtbook.com/atp/MaintenanceTechnology/epjune2020
https://www.nxtbook.com/atp/MaintenanceTechnology/epmay2020
https://www.nxtbook.com/atp/MaintenanceTechnology/epapril2020
https://www.nxtbook.com/atp/MaintenanceTechnology/epmarch2020
https://www.nxtbook.com/atp/MaintenanceTechnology/epfeb2020
https://www.nxtbook.com/atp/MaintenanceTechnology/epjan2019
https://www.nxtbook.com/atp/MaintenanceTechnology/epnovdec2019
https://www.nxtbook.com/atp/MaintenanceTechnology/epseptoct2019
https://www.nxtbook.com/atp/MaintenanceTechnology/epmay2019
https://www.nxtbook.com/atp/MaintenanceTechnology/epapril2019
https://www.nxtbook.com/atp/MaintenanceTechnology/epmarch2019
https://www.nxtbook.com/atp/MaintenanceTechnology/epfebruary2019
https://www.nxtbook.com/atp/MaintenanceTechnology/epjanuary2019
https://www.nxtbook.com/atp/MaintenanceTechnology/epdecember2018
https://www.nxtbook.com/atp/MaintenanceTechnology/epnovember2018
https://www.nxtbook.com/atp/MaintenanceTechnology/epoctober2018
https://www.nxtbook.com/atp/MaintenanceTechnology/epseptember2019
https://www.nxtbook.com/atp/MaintenanceTechnology/epaugust2018
https://www.nxtbook.com/atp/MaintenanceTechnology/0818schneider
https://www.nxtbook.com/atp/MaintenanceTechnology/epjuly2018
https://www.nxtbook.com/atp/MaintenanceTechnology/epjune2018
https://www.nxtbook.com/atp/MaintenanceTechnology/epmay2018
https://www.nxtbook.com/atp/MaintenanceTechnology/epapril2018
https://www.nxtbook.com/atp/MaintenanceTechnology/epmarch2018
https://www.nxtbook.com/atp/MaintenanceTechnology/epfebruary2018
https://www.nxtbook.com/atp/MaintenanceTechnology/epjanuary2018
https://www.nxtbook.com/atp/MaintenanceTechnology/epdecember2017
https://www.nxtbook.com/atp/MaintenanceTechnology/epnovember2017
https://www.nxtbook.com/atp/MaintenanceTechnology/epoctober2017
https://www.nxtbook.com/atp/MaintenanceTechnology/mtsept2017
https://www.nxtbook.com/atp/MaintenanceTechnology/mtaugust2017
https://www.nxtbook.com/atp/MaintenanceTechnology/mtjuly2017
https://www.nxtbook.com/atp/MaintenanceTechnology/mtjune2017
https://www.nxtbook.com/atp/MaintenanceTechnology/mtmay2017
https://www.nxtbook.com/atp/MaintenanceTechnology/mtapril2017
https://www.nxtbook.com/atp/MaintenanceTechnology/mtmarch2017
https://www.nxtbook.com/atp/MaintenanceTechnology/mtfebruary2017
https://www.nxtbook.com/atp/MaintenanceTechnology/mtjanuary2017
https://www.nxtbook.com/atp/MaintenanceTechnology/mtdecember2016
https://www.nxtbook.com/atp/MaintenanceTechnology/mtnovember2016
https://www.nxtbook.com/atp/MaintenanceTechnology/mtoctober2016
https://www.nxtbook.com/atp/MaintenanceTechnology/mtseptember2016
https://www.nxtbook.com/atp/MaintenanceTechnology/mtaugust2016
https://www.nxtbook.com/atp/MaintenanceTechnology/mtjuly2016
https://www.nxtbook.com/atp/MaintenanceTechnology/mtjune2016
https://www.nxtbook.com/atp/MaintenanceTechnology/mtmay2016
https://www.nxtbook.com/atp/MaintenanceTechnology/mtapril2016
https://www.nxtbook.com/atp/MaintenanceTechnology/mtmarch2016
https://www.nxtbook.com/atp/MaintenanceTechnology/mtfebruary2016
https://www.nxtbook.com/atp/MaintenanceTechnology/mtjanuary2016
https://www.nxtbook.com/atp/MaintenanceTechnology/mtdecember2015
https://www.nxtbook.com/atp/MaintenanceTechnology/mtnovember2015
https://www.nxtbook.com/atp/MaintenanceTechnology/mtoctober2015
https://www.nxtbook.com/atp/MaintenanceTechnology/mtseptember2015
https://www.nxtbook.com/atp/MaintenanceTechnology/MTAugust2015
https://www.nxtbook.com/atp/MaintenanceTechnology/MTJuly2015
https://www.nxtbook.com/atp/MaintenanceTechnology/MTJune2015
https://www.nxtbook.com/atp/MaintenanceTechnology/M
https://www.nxtbook.com/atp/MaintenanceTechnology/0415endress
https://www.nxtbook.com/atp/MaintenanceTechnology/MTApril2015
https://www.nxtbook.com/atp/MaintenanceTechnology/MTMarch2015
https://www.nxtbook.com/atp/MaintenanceTechnology/MTFebruary2015
https://www.nxtbook.com/atp/MaintenanceTechnology/MTJanuary2015
https://www.nxtbook.com/atp/MaintenanceTechnology/MTDecember2014
https://www.nxtbook.com/atp/MaintenanceTechnology/MTNovember2014
https://www.nxtbook.com/atp/MaintenanceTechnology/MTOctober2014
https://www.nxtbook.com/atp/MaintenanceTechnology/MTSeptember2014
https://www.nxtbook.com/atp/MaintenanceTechnology/MTAugust2014
https://www.nxtbook.com/atp/MaintenanceTechnology/MTJuly2014
https://www.nxtbookmedia.com