By Gregory Hale
Oil and gas continues to be a hotbed of activity when it comes to automation and that also means security is top of mind.
When it comes to designing a network diagram for any kind of oil and gas environment, everyone has to understand the main assets that need protection and they need a clear understanding of what they need to secure.
“In one greenfield offshore platform, control systems engineers developed a diagram and IT came in to design security and they found the PLCs were the critical assets,” said Scott Howard, commercial engineer at Belden Inc. during his talk Tuesday on security applications in the oil and gas market at the 2014 Industrial Ethernet Infrastructure Design Seminar, Houston, TX.
They also found that PCs were threats along with networks the control engineers could not control, and that included the business system. “The first rule in security is to not trust anything you can’t control,” Howard said.
After they made their first draft at a network diagram for the platform network, Howard said they went and analyzed the system. They then created zones for the critical assets. Zones for the junction boxes, the switch gear, subsea cabinets, the PLC cabinet and the enterprise network.
They also found they had an I/O server that was a shared asset between the enterprise and the control network, so they had to create a demilitarized zone (DMZ), which allows access to a shared network using a multiport device.
After they created the zones which segmented the critical assets and created the DMZ, the network diagram became more understandable and more secure.
Another example Howard talked about was a refinery which was running a parallel network.
“We did a risk assessment and looked at zones and conduits and we did a risk analysis and looked at the threats,” Howard said. “This was a very complex plant.”
Part of a defense in depth model calls for segmentation via zones and conduits which is part of the IEC 62443 standard. This model helps lock down a network. Using this model, a user should only allow minimum required traffic into zones and when threats do come through alarms sound, Howard said.
A conduit is a pathway of communications that exits and enters a zone. A zone is a specialized area on the network that needs protection.
The threats they understood for the refinery were a release of hazardous products, a process reactivity incident and a process shutdown.
They then created a chart that looked at the vulnerability, then the possible threat source, skill levels, potential consequence, severity, likelihood and the risk.
When they looked at the process shut down they found an interesting development.
“No one ever considered the safety system to be a security threat,” Howard said. “That ended up being a surprise. The safety system was so critical it needed its own zone separate from the control system zone.”
By creating a solid zones and conduits model, they were able to get a solid segmented security program up and running for the refinery.
“We could protect the entire plant with 14 (Tofino firewalls). We could do that entire refinery for less than $200,000,” Howard said.
One of the final project Howard discussed was a pipeline installation in Alaska. Again, they found through a security diagram, the PLC was the critical asset. “This guy has to keep working no matter what,” he said.
One of the other issues they had was with a business scenario. Pipeline owners buy and sell oil as it enters the pipeline and as it exits at the refinery. To ensure the proper amount of oil ends up bought and sold, operators will use a flow meter to measure the amount of oil in the pipeline.
Because the flow meter connected to the system it ended up being a vulnerable asset. In this case, Howard said, a partner called one day to tell the operator it appeared the PLC they were using was not operating properly.
It ended up being the flow meter had a connection to the network and the partner was able to look at the data from the PLC.
“The next day a firewall was put in there to not allow visibility to the network,” Howard said. The flow meter, he said, ended up being a shared resource and they put in a DMZ around that device.
Oil and gas are no different than any other industry, it is all about knowing and understanding your network.