Webinar: Evolving Global OT Cyber Guidelines, Recent Developments and What is Driving it
Days
Hours
Minutes
Seconds
Register Now

Enabling the Digital Oil Field (Offshore)

Protecting Offshore Exploration And Production From Evolving Cyber Threats
Enabling The Digital Oil Field (Offshore)
Customer/ Partner:

Global Offshore Oil and Gas Company.

Customer Requirement:

To secure the safe and continuous operation of offshore platforms from remote cyber attacks, while enabling reliable real-time monitoring of costs, production and the status of essential platform systems.

Waterfall’s Unidirectional Solution:

Secures the platform control system network perimeter from external threats with Unidirectional Security Gateways, enabling Real-Time Enterprise Connectivity and Third Party Monitoring and creating fully operational Wonderware PCS, OPC-DA, power turbine monitoring and file server replicas.

Offshore Production Modernization And Containing Modern Cyber Threats

The energy industry has become the second most prone to cyber attacks with nearly three-quarters of U.S. oil & gas companies experiencing at least one cyber incident annually. Remote cyber attacks on offshore oil and gas platforms can result in severe consequences to human and environmental safety in the form of ruptures, explosions, fires, releases, and spills.

The Challenge icon
The challenge

To secure the safe, reliable and continuous operation of platform control and safety networks from threats emanating from less trusted external networks. In parallel, provide safe, real-time reporting of operations data to business, vendor, regulatory and cloud systems: including predictive maintenance applications, scheduling optimizers, and outsourced network and security monitoring.

Waterfall solution - icon
Waterfall solution

A Waterfall Unidirectional Gateway was installed connecting platform control system networks to the on-platform extension of the enterprise IT network. Unidirectional Gateway software connectors replicate OPCDA servers from the control network to the enterprise network where OSIsoft PI servers query and otherwise interact normally and bi-directionally with the OPC replicas.

In addition, Waterfall’s Unidirectional CloudConnect provided visibility into natural gas turbine operating parameters for cloud-based turbine monitoring and predictive maintenance applications. A file server replication connector was also deployed, to eliminate the routine use of USB drives and other removable media.

Waterfall’s Unidirectional Gateway and CloudConnect hardware physically prevent cyber threats from reaching sensitive industrial control networks by transmitting data in only one direction to external networks.

Results and benefits - icon
Results & benefits

100% Security: The offshore network is now physically protected from threats emanating from external, less-trusted, Internet-exposed and cloud-based networks.

100% Visibility: The enterprise network continues to operate as if nothing has changed. Instead of accessing servers on the critical operational network, users and applications on external networks access real-time data from real-time replica servers for all informational and analytical requirements.

100% Compliance: Unidirectional Gateways simplify compliance with global industrial-control-system cybersecurity standards and regulations.

vertical red line
Theory of Operation
Click to enlrage

Waterfall Unidirectional Security Gateways replace firewalls in industrial network environments, providing absolute protection to control systems and operations networks from attacks originating on external networks. The Gateways enable vendor monitoring, industrial cloud services, and visibility into operations for modern enterprises and customers. Unidirectional Gateways replicate servers, emulate industrial devices and translate industrial data to cloud formats. As a result, Unidirectional Gateway technology represents a plug-andplay replacement for firewalls, without the vulnerabilities and maintenance issues that always accompany firewall deployments. Unidirectional Gateways contain both hardware and software components. The hardware components include a TX Module, containing a fiber-optic transmitter/laser, and an RX Module, containing an optical receiver, but no laser. The gateway hardware can transmit information from an industrial network to an external network, but is physically incapable of propagating any virus, DOS attack, human error or any cyber attack at all back into the protected network.

vertical red line
Unidirectional Security Gateways Benefits:

arrow red rightSafe, continuous monitoring of critical systems

arrow red rightSafe cloud vendor/services supply chain integration

arrow red rightProtect product quality and the safety of personnel, property and the environment from remote internet-based attacks

arrow red rightSimplify audits, change reviews, and security system documentation

arrow red rightReplace at least one layer of firewalls in a defense-in-depth architecture, breaking the attack path from the internet to important control systems

vertical red line
Global Cybersecurity Standards Recommend Unidirectional Security Gateways

Waterfall Security is the market leader for Unidirectional Gateway technology with installations at critical infrastructure sites across the globe. The enhanced level of protection provided by Waterfall’s Unidirectional Security Gateway technology is recognized as best practice by leading industry standards bodies and authorities such as NIST, ANSSI, NERC CIP, the ISA, the US DHS, and ENISA. Waterfall’s solution also facilitates safe real-time data monitoring for compliance with the requirements of the US Department of the Interior’s BSEE Well Control Rule.

Share

Stay up to date

Subscribe to our blog and receive insights straight to your inbox