In a recent webinar, RasGas’ Mayan Shah and Dennis Lanahan (Owl Computing Technologies) explained how RasGas, Qatar’s main liquid natural gas exporter, has hardened its IT systems following a virus scare last year. RasGas operates seven LNG export trains along with natural gas production facilities, shipping contracts and a global partner network. The company was confronted by a pressing need for better security when, in August 2012, its office computer systems were struck by a virus (believed to be the Shamoon/Disttrack). To protect its facilities, the company immediately disconnected all automation systems from the corporate network and managed to continue production uninterrupted.
But the incident got the RasGas IT team reflecting on better ways of protecting its facilities than simply ‘pulling the plug.’ While network disconnection is a good defense, it does hamper operations by eliminating real time communications with the office network.
Enter OSIsoft’s PI ‘secure transfer support,’ an OEM edition of Owl’s electronic perimeter defense solution (EPDS). The key component of the EPDS is Owl’s ‘dual diode,’ an optical connection that ensures that network traffic can only go one way. Dual diode technology originated as Sandia Labs data diode and is used under license.
Since most data protocols actually require bi-directional communications, the device has to understand a multitude of control system protocols to handle both ends of the dialog.
The RasGas implementation uses Owl to replicate its PI database in real time—providing the office system with visibility into its operations. A virtual screen provides a replicated view of the control room to external support. Files and alarms are likewise sharable using certified and compliant hardware. The system provides enough bandwidth for all seven LNG trains—over 50k tag values per second. The diode hardware runs on Owl’s security-enhanced Linux (OSEL), a policy-based architecture that assures transfer security and reliability.
Of course one-way communications means that control—even advisory—is impossible. Here Owl has another solution (not currently deployed at RasGas), its ‘dual path’ technology. Here, a second device provides unidirectional traffic into the plant—leveraging OSEL and Owl’s software controls to ensure that only kosher data gets back to operations. More from info@owlcti.com.
© Oil IT Journal - all rights reserved.