The threat of cyber-attack is real

Monday, May 28, 2018 15:35

Honeywell opened the first industrial cyber security centre of excellence for Asia in Singapore on April, 25. The centre will help defend the region’s industrial manufacturers against evolving cyber security threats. — Photo courtesy of Honeywell

Cyber security protection has seen as an important role for the sustainable development of business community, especially industrial manufacturers and enterprises. Chee Ban Ngai, Global Product Marketing Manager, Honeywell Industrial Cyber Security talks with Viet Nam News about cyber threats and measures to improve cyber security protection for successful digital transformation in the industrial sector.

Can you share with us the current landscape of cyber threats in the region, especially Viet Nam? What are you most concerned about?

Viet Nam is experiencing incredible business growth right now, and we see companies moving toward more use of technologies to scale and compete. At the same time, as companies embark on their digital transformation, they are prioritizing security alongside daily operations because the threat of cyberattack is real.

Vietnamese industrial companies face similar types of cyber security threats as the Southeast Asia region – there are more frequent attacks specifically targeting industrial networks, and use of increasingly sophisticated tools. We are also beginning to see more nation-state driven type of cyber threats across the geographies.

Organisations used to discount concerns about cyber threats, but now a trail of real-world incidents has leaders prioritising cyber security, especially for critical manufacturing or infrastructure service companies like oil refineries and power utilities. For example, Binh Son Refining & Petrochemical in Viet Nam has engaged Honeywell’s Managed Security Services since 2010 for constant monitoring of the site’s Process Control Networks to reduce the risk of security breaches in their plant.

There are also risks including malware infecting an Industrial Control System (ICS) and impacting operations, or a major cyber security incident causing significant damage to the system or plant. Threats may be introduced intentionally, or can be a result of negligence.

Additionally, cyber risk is often seen as an IT issue rather than a business problem, and with security left out of the boardroom, it could mean a significant underinvestment by Vietnamese companies in cyber security. Lack of home-grown cyber security professionals is also a problem, especially in localized markets, even if efforts are taken to increase security staffing. This is one reason why you see many ASEAN companies calling on specialists like Honeywell to perform sensitive, high-skilled ICS cyber security work.

Honeywell has established the first industrial cyber security centre of excellence for Asia in Singapore. How does this benefit business community and customers in Viet Nam?

This is the first cyber security CoE by Honeywell in Asia Pacific. Through this, we will be able to provide businesses across the region with access to global cyber security expertise and local support. Customers in Viet Nam will benefit from having a facility available in the region for testing, demos and training.

Industrial control systems (ICS) are one of the most attractive targets for advanced cyber-attacks because the consequences and impact are far more afflictive. ICS leaders must diligently and proactively protect their systems from these attacks.

This is why Honeywell has invested heavily in cyber security infrastructure and technologies such as the new Centre of Excellence (CoE) in Singapore, which is an addition to Honeywell’s global network of innovation centres focused on the development and testing of new technologies and software to defend industrial facilities and operations such as refineries and manufacturing plants from cyberattacks.

We hope ASEAN companies will visit the CoE and test out their solutions to quickly identify gaps and improve their industrial cyber security posture.

Do you have suggestions for business community, including industrial firms, to improve cyber security in Viet Nam?

From our experience dealing with ICS-related cyber incidents, an easy place for companies to start improving their cyber security posture is by looking at how employees and contractors use removable media. Indiscriminate and uncontrolled use of thumb drives or USB sticks potentially introduces malware-ridden files into facilities.

Detection is often too late when the malware has already propagated itself to adjacent networks and systems. A best practice is to control and regularly check removable media devices to keep malware out of the organization in the first place.

That is why Honeywell developed SMX (Secure Media Exchange), a proven and tested technology to protect plants against threats from removable media such as thumb drives, without the need for complex procedures or restrictions that impact productivity. SMX helps to defend ICS from infected USB devices.

There are also many new dangerous hacking techniques that leverage USBs to take over industrial control systems. Starting by regularly monitoring just this one USB vector can significantly reduce the company’s risk exposure.

As companies develop their industrial cyber security maturity, they can then layer in additional steps across people, process and assets to lower risk. For example, another best practice is to automate and centralize operational security, to give you complete visibility and control.

Will Honeywell have investment or technical projects to help businesses improve their cyber security in Viet Nam?

Honeywell has supported companies in Viet Nam since 2005, and we have offices across Hanoi and HCM City. One of the biggest challenges facing our customers in Viet Nam is determining the appropriate security investment to manage the constantly changing threat landscape facing their plants. They have to define the acceptable risk level that the business and site can tolerate – referred to as risk appetite. Then they have to deploy sufficient security protection to manage that risk.

We help them with a proactive approach to protect their ICS from cyber-attacks, addressing security at all phases of the system lifecycle, and integrating cyber security into the site culture.

Our new cyber security CoE in Singapore will play an instrumental role in helping our customers in Viet nam address their cyber security issues and challenges, and defend their facilities and operations against cyber-attacks. It’s important to take any action rather than no action, considering the high threat levels and likelihood of an attack.— VNS

Comments (0)