Enabling The Digital Oil Field

Protecting Pipeline Networks From Evolving Cyber Threats
Picture of Waterfall team

Waterfall team

Enabling The Digital Oil Field
Customer/ Partner:

North American petrochemicals pipeline company.

Customer Requirement:

To secure the safe and continuous operation of diesel engines, compressors and pumps as well as enable reliable real-time monitoring of the natural gas and oil pipeline network.

Waterfall’s Unidirectional Solution:

Protects the critical physical assets and pipelines from remote cyber attacks while ensuring safe IT/OT integration that allows real-time, continuous, and actionable network monitoring.

Oil & Gas Pipeline Industry Modernization And Containing Modern Cyber Threats

The energy industry has become the second most prone to cyber attacks with nearly three-quarters of U.S. oil & gas companies experiencing at least one cyber incident. A remote cyber attack on oil and gas pipelines can result in severe consequences to human and environmental safety in the form of ruptures, explosions, fires, releases, and spills. In addition, disruption of service and deliverability can be devastating for key infrastructure end users such as power plants, airports or national defense.

The Challenge icon
The challenge

To secure the safe, reliable and continuous operation of pipeline control and safety networks from threats emanating from less trusted external networks, yet still provide safe, real-time reporting of operations data to vendor and cloud systems, including predictive maintenance applications, scheduling optimizers, and outsourced network and security monitoring. However efficient, all of these modern applications introduce unacceptable vulnerabilities to critical systems.

Waterfall solution - icon
Waterfall solution

A Waterfall Unidirectional Gateway was installed between the pipeline control system network and the enterprise network. Unidirectional Gateway software connectors replicate OSISoft PI, servers from the control network to the enterprise network where enterprise clients can interact normally and bidirectionally with the replicas. A file server replication connector was also deployed, to eliminate the routine use of USB drives and other removable media. Waterfall’s Unidirectional CloudConnect enabled diesel engine oil monitoring and predictive maintenance cloud based applications to provide visibility into pipeline ICS networks. The CloudConnect hardware physically prevents cyber threats from reaching sensitive industrial control networks and transmits data in only one direction to cloud monitoring networks.

Results and benefits - icon
Results & benefits

100% Security: The pipeline network is now physically protected from threats emanating from external, less-trusted Internet and cloud-based networks.

100% Visibility: The enterprise network continues to operate as if nothing has changed. Instead of accessing servers on the critical operational network, users on the external network now access real-time data from replicated servers for all informational and analytical requirements.

100% Compliance: Unidirectional Gateways simplify compliance with US TSA Pipeline Security Guidelines and are recommended by IEC 62443 as well as other North American and global industrial cyber security standards and regulations.

vertical red line
Theory of Operation
Click to enlarge

Waterfall Unidirectional Security Gateways replace firewalls in industrial network environments, providing absolute protection to control systems and operations networks from attacks originating on external networks. The Gateways enable vendor monitoring, industrial cloud services, and visibility into operations for modern enterprises and customers. Unidirectional Gateways replicate servers, emulate industrial devices, and translate industrial data to cloud formats. As a result, Unidirectional Gateway technology represents a plug-and-play replacement for firewalls, without the vulnerabilities and maintenance issues that always accompany firewall deployments.

Unidirectional Gateways contain both hardware and software components. The hardware components include a TX Module, containing a fiber-optic transmitter/ laser, and an RX Module, containing an optical receiver, but no laser. The gateway hardware can transmit information from an industrial network to an external network, but is physically incapable of propagating any virus, DOS attack, human error or any cyber attack at all back into the protected network.

vertical red line
Unidirectional Security Gateways Benefits:

arrow red right Safe integration of pipeline safety, control, storage, transportation and delivery systems with external networks

arrow red right Safe, continuous monitoring of critical systems • Safe cloud vendor/services supply chain integration

arrow red right Protects product quality, the safety of personnel, property, and the environment 

arrow red right  Replace at least one layer of firewalls in a defense-in-depth architecture, breaking the attack path from the Internet to important control systems

vertical red line
Global Cybersecurity Standards Recommend Unidirectional Security Gateways

Waterfall Security is the market leader in Unidirectional Gateway technology with installations at critical infrastructure sites across the globe. The enhanced level of protection provided by Waterfall’s Unidirectional Security Gateway technology is recognized as best practice by many leading industry standards bodies such as NIST, ANSSI, the IEC, the US DHS/TSA, ENISA and many more.


Stay up to date

Subscribe to our blog and receive insights straight to your inbox