Page 22: of Offshore Engineer Magazine (May/Jun 2013)

21 23

Security Solution

Security for Offshore Platforms

Eric Byres

Over the past few years, the need to large numbers of hard-to-secure project to improve cyber security on protect industrial control systems nodes, integrated with business the platform. (ICS) from cyber threats has greatly systems and operating 24 hours a

Securing platform control systems increased. The integration of indus- day – it’s a signifcant security chal- trial Ethernet infrastructure with lenge. Combine this with the heavily The network on the platform business networks (and the outside regulated environment and safety spanned across business, operations, world) has exposed once propri- concerns of offshore processing plat- and safety systems. As is common on etary systems to attacks no one ever forms, and the task is even harder. offshore facilities, a wireless back- thought they would have to with- bone connected the platform to the

Project: improve reliability, stand. offce and control facilities “on the security, availability

At the same time, the cyber threat beach.” level, especially threats aimed at This was the situation facing one Control system networks inter- the energy industry, has increased fxed natural gas and oil gathering connected a large quantity of pro- dramatically. Control systems have and processing platform, located on grammable logic controllers (PLCs), become a key target for security the US continental shelf. Designed instrumentation, “smart” automated researchers, hackers, and government to process a large volume of natural equipment, and packaged process spy agencies, resulting in exponen- gas and oil from multiple wells, its control equipment. Additionally, the tial growth in security alerts for operating company placed a heavy facility communicated with subsea supervisory control and data acquisi- emphasis on reliability. Any down- systems and virtual fow meters us- tion (SCADA) and ICS products. time, whether caused by accidental ing the OPC protocol.

Add it up: vital networks with or malicious forces, interrupts feld Consequently, there was the po- production and is costly. tential for large amounts of network

Complicating mat- traffc and crosstalk. Some PLCs used

DIN rail-mounted security appliances.

ters, the platform is both a UDP broadcast/multicast protocol,

MTSA (Maritime which further increased the volume

Transportation Security of network traffc. Since many auto-

Act) and TWIC (Trans- mation devices cannot ignore or flter portation Worker Identity out extraneous network messages,

Credential) regulated, due it was necessary to protect those to its large production devices from excessive traffc.

volumes. The cyber security solution thus

This meant that the had to protect systems from malware required level of security and excessive/malformed network was signifcantly more traffc to minimize the possibility of stringent on this platform. unintended network or automation

Physical security includ- system shutdowns.

ed card readers, closed

Cyber Security Solution circuit TV and local/ remote monitoring. The A “defense in depth” network ar- company wanted to ex- chitecture was developed, in accor- tend this level of security dance with guidelines recommended to include cyber-related by the Department of Homeland risks. Security and the ISA/IEC62443 stan-

So with the goal of dards. This architecture separated maximizing the reliability layers of the business and process and uptime, the operating control network, using frewalls to company embarked on a permit only necessary traffc between

OE | May 2013 oedigital.com 24 0513OER_Byres col2_b.indd 24 4/22/13 3:31 PM