Honeywell’s acquisition of cybersecurity provider sets sights on manufacturing sector’s deep IoT vulnerabilities

The manufacturing sector is rife with unprotected Internet of Things (IoT) sensors and devices, many of them integrated into enterprises’ mission-critical systems. The resulting gaps make operations technology (OT) and information technology (IT) networks vulnerable to devastating cyberattacks.

Visibility is key. Shivan Mandalam, director of product management for IoT security at CrowdStrike, told VentureBeat that “it’s essential for organizations to eliminate blind spots associated with unmanaged or unsupported legacy systems. With greater visibility and analysis across IT and OT systems, security teams can quickly identify and address problems before adversaries exploit them.”

Honeywell’s acquisition of Israel-based SCADAfence, a leading provider of OT and IoT cybersecurity solutions, is just one example of the manufacturing industry trying to catch up, close these gaps and defend against increasing numbers of ransomware attacks. 

Anything that stops a shop floor from operating can quickly cost a business millions of dollars. That’s why ransomware attacks on manufacturers generate millions in payouts. Hundreds of manufacturers pay ransomware demands without disclosing that fact to customers. 


VB Transform 2023 On-Demand

Did you miss a session from VB Transform 2023? Register to access the on-demand library for all of our featured sessions.

Register Now

Gartner predicts that the financial impact of cyber-physical system (CPS) attacks will reach more than $50 billion by 2023. Recovery from a typical manufacturing breach costs $2.8 million. Not only that: Nearly nine in 10 manufacturers that have suffered a ransomware attack or breach have also had their supply chains disrupted.  

Honeywell acquires SCADAfence to close the gap 

Honeywell’s SCADAfence acquisition provides the manufacturing giant “with additional technology and expertise that help accelerate our innovation roadmap … and support rapidly evolving customer requirements,” Michael Ruiz, GM of Honeywell Cybersecurity Services, said in a recent interview with VentureBeat.

The acquisition will deliver an integrated platform to manufacturers, process industries and infrastructure providers at a time when attacks are escalating. 

“SCADAfence is an ideal complement to Honeywell’s OT cybersecurity portfolio, and when combined with the Honeywell Forge Cybersecurity+ suite, it enables us to provide an end-to-end solution with applicability to asset, site and enterprise across key Honeywell sectors,” said Ruiz. 

Key focus areas include asset discovery, threat detection and compliance management, he told VentureBeat. “Our plan is to have the SCADAfence product portfolio integrate into the Honeywell Forge Cybersecurity+ suite within Honeywell Connected Enterprise, Honeywell’s fast-growing software arm with a strategic focus on digitalization, sustainability and OT cybersecurity SaaS offerings and solutions.” 

Building on process analysis and integration expertise

Known for its process analysis and integration expertise, Honeywell is concentrating on how it can make the most of its strengths in these areas and achieve scale quickly with the new acquisition.

“This integration will enable Honeywell to provide an end-to-end enterprise OT cybersecurity solution to site managers, operations management and CISOs seeking enterprise security management and situational awareness,” said Ruiz. 

SCADAfence CEO Elad Ben Meir also commented on the synergies between the companies. “We are thrilled to join Honeywell as we work towards fulfilling our mission of empowering industrial organizations to operate securely, reliably and efficiently,” Ben Meir said in a press release. “This combination creates a significant opportunity for growth, allowing us to combine our top-tier OT cybersecurity products with one of the world’s leading companies in industrial software.”  

The deal expands Honeywell’s cybersecurity center of excellence in Tel Aviv, where SCADAfence is headquartered. Ruiz told VentureBeat that one of the most valuable aspects of the acquisition is that Honeywell will be able to “nearly double our research and development for OT cybersecurity, probably becoming one of the larger OT cybersecurity research and development organizations out there.”

Why Honeywell moved to acquire SCADAfence

The IBM Security X-Force Threat Intelligence Index found that manufacturing is the most attacked industry worldwide: The sector accounted for 23% of all ransomware attacks last year. More than six in 10 breach attempts on manufacturers first targeted OT systems essential to manufacturing operations.

Percentage of extortion cases by industry as observed by X-Force in 2022. Numbers do not add up to 100% due to rounding. Source: IBM 2023 X-Force Threat Intelligence Index
<em>Percentage of extortion cases by industry as observed by X-Force in 2022. Source: IBM 2023 X-Force Threat Intelligence Index</em>

Research firm Dragos predicts that ransomware attacks on industrial organizations will accelerate this year. Dragos’ most recent Industrial Ransomware Attack Analysis from Q2 2023 found that 47.5% of ransomware attacks tracked globally impacted industrial organizations and infrastructure in North America, an increase of 27% over the last quarter.

All told, seven out of 10 ransomware attacks in Q2 were aimed at manufacturing, followed by the industrial control systems (ICS) equipment and engineering sector, which accounted for16% of attacks.

Percentage of extortion cases by industry
<em>Seven out of 10 ransomware attacks in Q2 2023, were aimed at electronics and equipment manufacturers. Source: <a href="" target="_blank" rel="noreferrer noopener">Dragos Industrial Ransomware Attack Analysis: Q2 2023 (7/31/23)</a></em>

The rapid rise in Fileless malware attacks reflects this trend. Fileless malware is designed to evade detection by cloaking its presence using legitimate tools. Kurt Baker, senior director of product marketing for CrowdStrike Falcon Intelligence, writes that “fileless malware is a type of malicious activity that uses native, legitimate tools built into a system to execute a cyber-attack. Unlike traditional malware, fileless malware does not require an attacker to install any code on a target’s system, making it hard to detect. This fileless technique of using native tools to conduct a malicious attack is sometimes referred to as living off the land or LOLbins.”

Closing OT/IoT blind spots 

Security providers are upping their games.

Last year at Fal.Con 2022, CrowdStrike augmented Falcon Insight, launching Falcon Insight XDR and Falcon Discover for IoT that target security gaps in and between industrial control systems (ICSs). 

Ivanti, for its part, has successfully launched four solutions for IoT security: Ivanti Neurons for RBVM, Ivanti Neurons for UEM, Ivanti Neurons for Healthcare — which supports the Internet of Medical Things (IoMT) — and Ivanti Neurons for IIoT based on the company’s Wavelink acquisition, which secures Industrial Internet of Things (IIoT) networks.

Other leading providers offering IoT cybersecurity solutions include AirGap Networks, Absolute Software, Armis, Broadcom, Cisco, CradlePoint, CrowdStrike, Entrust, Forescout, Fortinet, Ivanti, JFrog and Rapid7.

AI and cybersecurity

Airgap Networks has created one of the most innovative approaches to closing the OT-IT gap. Its   Zero Trust Firewall (ZTFW) combines agentless microsegmentation, secure access for critical assets and network and asset intelligence. Airgap’s unique approach provides its customers with the option of fully segmenting legacy servers, ICS, IoT and private 5G endpoints. The platform can also integrate into a running network without agents, hardware upgrades or major device changes. 

VentureBeat interviewed Ritesh Agrawal, CEO of Airgap Networks, immediately following its launch of ThreatGPT, the company’s ChatGPT integration with the Airgap Zero Trust Firewall. Agrawal told VentureBeat: “Because ThreatGPT is fully integrated into the core of the ZTFW architecture, our customers can use all available data to train the models. I believe we are first to market with this.”

ThreatGPT uses graph databases and GPT-3 models to help SecOps teams gain new threat insights. The GPT-3 models analyze natural language queries and identify security threats, while graph databases provide contextual intelligence on endpoint traffic relationships. 

Agrawal told VentureBeat that, “IoT puts a lot of pressure on enterprise security maturity. Extending zero trust to IoT is hard because the endpoints vary, and the environment is dynamic and filled with legacy devices.”

Asked how manufacturers and other high-risk industry targets could get started, Agrawal advised that “accurate asset discovery, microsegmentation and identity are still the right answer, but how to deploy them with traditional solutions when most IoT devices can’t accept agents? This is why many enterprises embrace agentless cybersecurity like Airgap as the only workable architecture for IoT and IoMT.”

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.