Industrial Security & Compliance
Cyber Security Vulnerability Assessment
Cyber Security Vulnerability Assessment
A cyber security vulnerability assessment (CSVA) can provide your organization with an evaluation of the security level and risks
related to your industrial control systems. This kind of assessment is quickly becoming a requirement at both corporate and industry
levels for process control industries.
Performing a cyber security vulnerability assessment on industrial control systems critical to operations in a production environment is
extremely challenging and requires special techniques and experience. Industrial Security & Compliance understands these challenges
and has developed a range of techniques for quickly and efficiently assessing control systems without risking an outage or slowdown.
Options for CSVA
The scope of a CSVA can vary, but at a minimum, it involves the
following:
•
•
•
verification that only ports and services required for
operations are enabled
discovery of all access points to the Electronic Security
Perimeter (ESP)
review of controls for default accounts, passwords and
network management community strings
How Matrikon Can Help
Using our field-proven techniques, Industrial Security &
Compliance can:
•
•
•
•
review the security components recommended by industry
standards
assess additional security controls that may be specified in
your corporate security policy
provide all required documentation, including the process,
results and action plan
implement the steps outlined in the action plan
Techniques for Assessing Control Systems
Honeywell use several strategies and techniques to perform
cyber vulnerability assessments.
Industrial Security & Compliance is Powered by Matrikon, which
represents vendor neutrality. This product works with third-party
control systems and applications.
Network Management Strings
Using an SNMP query tool, we poll cyber assets on the network
to identify devices that respond to default community strings.
Only Ports and Services Required for Operations are
Enabled
Where possible, we apply our field-proven techniques to quickly
and efficiently determine open ports and services. Our
preference is to use tools and utilities supplied by the operating
system and device, as this is a more reliable method of obtaining
ports/service information than external port scanning. However,
for cyber assets and ESP access points whose loss would impact
operations, we employ other tools and procedures to obtain this
information. (For Microsoft® Windows® devices, we are able to
obtain open services data through automated means without
risking impact on operation of the device.) For the most critical
and/or legacy device types, we can also scan and evaluate the
device in a non-production environment or mode.
Once we have identified open ports and services, we work with
your staff members and your change management records to
identify which of these ports and services are required for
operations. Additionally, a cyber security professional evaluates
the usage of ports and services to identify the security risks
associated with them, and to suggest alternatives if necessary.
Review of Controls for Default Accounts and Passwords
For Microsoft Windows, Unix®, Cisco® and many other devices,
we can query this information utilizing proven field tools, without
risking impact on operation of the device. For other devices, we
employ other tools or manual methods to accomplish this task. A
security professional will then provide suggestions for default
accounts that can be disabled or modified. They will also provide
ways to enhance security controls for passwords and default
accounts that will reduce security risks.
Cyber Security Vulnerability Assessment
Discovery of all ESP Access Points
We generally apply non-automated tools for this task, to avoid
risk of impact on operations. In order to discover all active
devices on the network, we often start with a simple ping sweep
that will not affect the reliability of control systems. We then
perform a physical inspection of control systems and their
communication connectivity (e.g., network interfaces and
modems) to identify all ESP access points.
Action Plan to Remediate or Mitigate Vulnerabilities
For each vulnerability identified, we assign a risk rating to help
prioritize findings. We then collaborate with you to determine
whether each vulnerability should be remediated or mitigated
through some sort of compensating measure. Finally, we work
with you to develop the required action plan to accomplish these
tasks.
Industrial Control System Expertise
Staff Interviews
We talk with your staff in order to evaluate non-technical security
subjects such as change management, policies versus actual
practices, training, information protection, testing and incident
response.
Honeywell offer the largest and most experienced team of
industrial control system security consultants in the industry. We
have integrated, upgraded and secured DCS and SCADA
systems from all major vendors including Emerson™,
Honeywell®, GE®, Invensys™, ABB®, Areva®, and others.
Microsoft and Windows are registered trademarks of Microsoft Corporation in the United States and other countries. UNIX is a registered trademark of The Open Group. Cisco is a registered
trademark or trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries. Emerson is a trademarks and service marks of Emerson Electric Co.
Honeywell is a trademark of Honeywell International Inc. GE is a registered trademark of General Electric Co. Invensys is a trademark of Invensys plc. ABB is a registered trademark of ABB.
Areva is a registered trademark of the AREVA group.
For more information:
For more information about Industrial Security
& Compliance, visit our website
www.honeywell.com/ps or contact your
Honeywell account manager.
www.matrikon.com
security@matrikon.com
Honeywell Process Solutions
2500 W. Union Hills Dr.
Phoenix, AZ 85027
Tel: 877.466.3993 or 602.313.6665
www.honeywell.com/ps
DS - 969
June 2011
© 2011 Honeywell International Inc.