Speaking at the IQPC Oil and gas Cybersecurity conference earlier this year, Noble Energy’s Stuart Bailey and Andrew Ginter of Waterfall Security Solutions showed how Noble is protecting its offshore assets from cyberattack using Waterfall’s unidirectional security gateway. Waterfall’s technology uses a one-way laser-to-photocell communications device to connect the rig to the onshore business network.
Sending control system data over a one-way link is harder than it sounds. The OPC-DA protocol is ‘intensely bi-directional’ with constant to-and-fro handshaking. To get around this type of constraint, Waterfall has developed device emulators that turn OPC traffic into a unidirectional data stream. Waterfall claims the ‘world’s largest’ collection of industrial server replications that includes several OPC flavors and historians from OSIsoft, Siemens and AspenTech.
Noble’s offshore West Africa rigs deploy primarily OPC, WonderWare and PI, all of which are now replicated. The system provides Noble with ‘as much visibility of offshore platform data as from any other control system in the company,’ all with ‘absolute protection’ from attack. The system is fault tolerant with dual redundant data paths. Bandwidth is capable of handling the 4000 plus connected tags (many with sub-second data) and control system backups.
For applications that do require outbound data flow Noble has developed a manual process that writes data to removable media which is scanned on a cleansing workstation prior to connection to the control system. Much work has gone into designing policies and procedures to control data moving out to the control system. Noble has worked with Waterfall on its security framework that allows new services to be implemented in a structured manner such as the addition, late in the project, of GE’s on-site equipment health monitor.
Educating the workforce has been a key component of the project. Noble has found that educated end users help with compliance. ‘Operations guys are good at following logical procedures that make sense.’ Noble is also keen to ‘educate’ other companies regarding the use of the Waterfall solution that is considered to be ‘an important development that can improve security industry wide.’
In case you are not convinced of the risks that a connected control system can encounter, another presentation from Chris Shipp, who works at the US DoE’s Strategic petroleum Reserve, told of a hack that caused ‘massive damage’ to a German steel plant last year. Shipp also recommended an article in Valve Magazine. Those interested in tracking oil country cyber security may be interested in an upcoming IQPC event in Houston.
© Oil IT Journal - all rights reserved.