/dq/media/agency_attachments/UPxQAOdkwhCk8EYzqyvs.png)
Follow Us/dq/media/media_files/2026/02/25/paul-smith-2026-02-25-12-07-06.jpg)
Paul Smith, Global Portfolio Director, Cybersecurity, Honeywell
As counter-intuitive as it may sound, is automation a stupid loud colour to wear that attracts predators because of bigger attack surfaces, or is it strangely aposematic enough to tell the bad actors - stay away? Especially when security is baked in and bold- and ready for any camouflage? And what happens when Quantum and third-party supply chains make their way into industrial forests? We may not have all the answers, but how about a purple-team approach to begin with?
Paul Smith, Global Portfolio Director, Cybersecurity, Honeywell, has spent over 20 years in the Automation Control space, and that too tackling the ‘red herring’ problems that were thrown his way. He has been facing unique issues include measurement imbalances resulting from flare sensor saturation, database migration mishaps, EEPROM production line failures, and many more. As his career evolved, he began spending most of his time in the Industrial Cybersecurity space, pioneering the use of new security technology in the energy, utility and critical infrastructure sectors. He has been both busy and adept with red team/pentest engagements, cybersecurity risk assessments, and tabletop exercises for some of the world’s largest government contractors, industrial organisations, and municipalities. Let’s ask him what makes any critical infrastructure strong or weak in the wake of today’s threats and tomorrow’s adversaries. Especially with larger attack surfaces and Quantum forces.
What has changed about Factory and plant automation-related security implications recently? Has automation created a security paradox of a bigger and easier attack surface in OT realms as well?
A lot of the technologies that you see around these days are adapting to new security imperatives. Most of the vendors are trying to have security baked in, especially in the industrial space. Even the future-parked quantum-resistant cryptography is being taken into radar. Quantum supremacy is still in talks. OEMs are looking at building Quantum-resistant solutions in their product lines and underlining security in industrial telemetry.
We stress on the five 9s confidence. The attack surface may be large but we are cognizant and with strong controls in place.
As to automation, anytime you become more connected, you provide a point of entry. That said, many attack surfaces are being managed with caution and diligence. Ouroduct lifecycle engineers run tests and QA, but product and security also run tests thvehaveke sure there are no gaps. We stress on the five 9s confidence. The attack surface may be large but we are cognizant and with strong controls in place.
Speaking of Quantum- how easy is it to segue in that direction when a lot of industrianvironments are legacy-heavy?
It is going to be a bit complex. Specially when equipment has a lifecycle of 20-30 years on an aver, age. Cybersecurity is baked into our platforms. We help witha smooth transition, and on a case-by-case basis. Not a heavy lift but a software change so that a full-blown change is not required. We accommodatethe future by building the readiness into our products – right now.
How can ‘red herrings’ be addressed by industrial enterprises?
Making sure about education and training – that’s very vital. It is not just about training staff but also about executive-level awareness. Hire people smarter than you- but also know why that smartness matters. Doing your assessments and tests, having the ability to run assessments across product lines and strengtheninthe g visibility- everything helps.
How much trouble does heterogeneity cause for industrial security?
After some incidents like SolarWinds incident, kn,wespeciallys inside has become important. One has to be sure of the dependencies and third-party players in one’s environment-app updateswhen a lot of software gets outsourced these days. Implicit trust in managers can make malicious activity easy in app-updates. But poisoning is a real threat. That is why visibility across all tech aspects is a bidefence tacticssecurity. It also helpDDoSDDoS strengthening cyber-insurance strategies.
What’s your reckoning of the gravity and defence tactics around IIoT attacks, DDOS incidents, and all the security incidents, like those at Jaguar Rover, Clorox, N,ucor, Boeing and Dole etc.?
Those have been unfortunate. We are living in an era where trust w, as re, placed by trust-but-verify, and now it’s about verifying to earn that trust. In factories, acceptance tests, safety tests etc. are integral to industrial processes. That approach is also necessardiligencecurity. Due diligence before implicitly trusting vendors is crucial. We are bringing in all the rigour and due due-diligence across all our product lines – and strengthening our customers on every front with built-in security capabilities.
pratimah@cybermedia.co.in