Every day of downtime for exploration and production assets due to a cyber-attack represents a significant lost opportunity, and attacks threatening safety systems are an even greater concern. Oil fields, gas fields and offshore platforms all rely critically on industrial control systems, SCADA systems and other computer systems for safe and reliable operation. Waterfall Unidirectional Security Gateways and related products are deployed widely to secure upstream operations in the era of the digital oilfield.
Unidirectional Security Gateways provide safe IT/OT integration by replicating industrial servers and devices to business networks through a system of hardware modules that physically prevents any attack from reaching back into the protected critical control system network. Unidirectional Gateways replace firewalls in this role. Firewalls are inadequate to the needs of reliability-critical and safety-critical networks, because every path through a firewall that permits data to leave a critical network for use by an enterprise, also allows attacks to pass back into that critical network.
The upstream threat landscape has changed dramatically in the last five years. Today’s threats include organized crime groups, competitors, hacktivists and even nation-state sponsored hacktivists and terrorists. Modern attacks can be utterly silent, reliably defeating the most sophisticated of IT-centric security systems. Waterfall Security
Solutions only focus is technology solutions for protecting critical infrastructure control systems. Unlike firewalls and other IT-centric solutions, Waterfall’s Unidirectional Security Gateways prevent any network attack from external, untrusted networks from reaching back into protected control system and SCADA networks.
Waterfall products used routinely in upstream operations include:
- Secure historian database replication
- Secure SQL database replication
- Secure OPC server replication
- Secure file server replication
Waterfall’s products are recognized by leading oil & gas and industrial control systems standards and standards bodies, including:
National Institute of Standards and Technology (NIST) in their NIST 800-82r2 standardFrench ANSSI standards
The North American Electric Reliability Corporation’s Critical Infrastructure version 5 and 6 standards (NERC CIP V5
The International Society of Automation’s ISA SP-99 standards
The International Electrotechnical Commission’s 62443 series of standards
In addition, the stronger-than-firewalls security provided by Unidirectional Security Gateway products simplifies and reduces the cost of compliance with SCADA security provisions in the Department of Homeland Security’s Chemical Facilities Anti-Terrorism Standards (DHS CFATS), International Organization of Standards (ISO) 27001, and American Petroleum Institute 1164 standards.
Firewalls are inadequate protections for safety-critical and reliability critical SCADA security and control system security programs. Upstream operations are not expendable. The time has come to deploy Unidirectional Security Gateways to enable safe IT/OT integration in today’s digital oilfields.