This article was updated on September 12, 2019.
If you’re boots-on-the-ground dealing with the daily oil and gas challenges of control and automation, you’ve likely heard lots about Industry 4.0, the fourth wave of industrial revolution. The waves focused on:
- Industry 1.0 – steam power, water power and mechanization
- Industry 2.0 – electricity, mass production, assembly lines
- Industry 3.0 – computing and automation
- Industry 4.0 – cyber-physical systems
With Industry 4.0, things such as obtuse devices, engineering one-time buys, and commercially marketed systems are all inter-connected. This allows the data generated throughout the physical process to be captured and combined with supply chain and other business information for sophisticated analytics evaluation.
Based on the results of the analysis, an advanced process control and a prescriptive statistical approach is applied, creating a feedback loop for tuning the current process in play. Enabling technologies include the Internet of Things, cloud computing and cognitive computing.
The cyber security challenges of Industry 4.0 are daunting. Let’s start by reviewing an application that has been around for a long time – hosted SCADA / SCADA as a Service. This application is used to monitor, and in some cases, control, oil and gas operations in remote locations.
Addressing the cyber security, data integrity and confidentiality requirements of resource owners using shared SCADA solutions is vital – and exactly what the Nozomi Networks solution delivers for Industry 4.0 applications.
SCADA as a Service for Remote Oil and Gas Sites
In the example above, rather than owning and deploying SCADA equipment in the field, commodity owners contract third parties who deploy equipment, establish communication links, and provide access to data. Think of pipelines, pumping/compressor stations, remote gas production wells and so on in difficult-to-access geographic locations.
Data from the equipment is transmitted to field-based PLCs, which are typically ruggedized and built for the outdoors. The PLCs communicate with gateways that transfer the data, via satellite, 3G cellular communication, and/or line-of-sight radios, to a gateway for a shared data center/server farm. More and more these server farms are provided by Amazon Web Services (AWS), Microsoft Azure or the Google Cloud Platform.
Once transmitted to the server farm, the data is evaluated by cloud-based analytics programs that utilize not just process data, but other business information that can be ultimately applied to statistical models. Depending on the results of the analysis, the SCADA application feeds updated control logic to the PLC in the field.
A simplified deployment architecture is shown further down this page.
While offering oil and gas companies benefits like cost savings and the outsourcing of scarce SCADA expertise, they may still be concerned over the security and completeness of their data. How do they know that it hasn’t been infiltrated by unauthorized parties?
Monitoring SCADA Data and Reliability Risks for Resource Owners
When taking advantage of the cost savings and SCADA management expertise of third party providers, resource owners should ensure that outsourced solutions provide strong cyber security and reliability safeguards. Furthermore, several scenarios related to using shared infrastructure should be addressed. As with Industry 4.0 applications, these scenarios include:
- Data Integrity / Parity at the Field and Cloud Levels
Issue – The extraction data gathered at the gateway level should equal the data being analyzed at the cloud level. If not, then data seepage may have occurred, indicating a security or inadvertent data transfer/integrity problem.
Solution – Nozomi Networks Guardian appliances installed at SPAN or mirror ports at the gateway and cloud levels monitors process variables such as temperature, pressure, flow rates, component compositions, valves open and closed etc. Then, using our CMC to monitor both appliances, comparison reports that highlight any differences can be generated. Forensic tools included in both of our cyber security solutions help drive root cause analysis and facilitate remediation.
- Data Confidentiality
Issue – Shared infrastructure can be vulnerable to improper data access by third parties, and perhaps other users of the same infrastructure backbone. Security monitoring needs to ensure that intrusions and unauthorized behavior are not occurring.
Solution – Guardian detects data breaches in real-time and generates alerts, allowing for immediate action to contain threats. Alternatively, the product can be integrated with firewalls to immediately block improper access and reduce operational risks to reliability.
Issue – Just like any industrial control system, third party SCADA systems need to be monitored for risks to reliability such as firmware changes, misconfigurations, open ports, communication failures, equipment malfunctions and more.
Solution – Guardian, when installed at the gateway level, determines baseline behavior for the SCADA system and identifies risks that threaten reliability. Operations staff of the SCADA service provider should proactively address these risks, improving uptime and defense in depth.
SCADA Security for Industry 4.0
We’ve seen migration of desktop applications to the cloud, and SCADA applications are moving there too. The costs savings and ease-of-deployment of this type of infrastructure are too compelling to ignore. Combined with web-based SCADA applications, this approach also helps address the talent gap for process control engineers and ICS cyber security specialists.
Whether you are a resource owner or a digital oilfield service provider, I urge you not to overlook the cyber security risks of cloud-based SCADA and Industry 4.0 applications. Deploying the Nozomi Networks solution will really help you identify data integrity and confidentiality threats, as well as risks to reliability. To find out more, download the white paper available below.
