Webinar: Evolving Global OT Cyber Guidelines, Recent Developments and What is Driving it
Days
Hours
Minutes
Seconds
Register Now

Waterfall And W-Industries Secure Offshore Platforms

Partnering With Global Systems Integrator To Secure Critical Production Processes
Customer/ Partner:

Offshore Oil & Gas Producer.

Customer Requirement:

Secure safe and continuous operation of offshore platforms from remote cyber attacks, while enabling reliable real-time monitoring and reporting of production data and the status of essential platform systems.

Waterfall’s Unidirectional Solution:

Secures the platform control system network perimeter from external threats with Unidirectional Security Gateways, enabling real-time enterprise monitoring and third-party monitoring and diagnostics, while creating fully operational Wonderware PCS, OPCDA, power turbine monitoring and file server replicas.

Offshore Production Modernisation And Containing Remote Cyber Threats

The energy industry is the second most prone critical infrastructure to cyber attacks with nearly threequarters of U.S. oil & gas companies experiencing at least one industrial cyber incident annually. Remote cyber attacks targeting offshore oil platforms can result in severe consequences to human and environmental safety. Waterfall partnered with W-Industries, a leading global systems integrator for the offshore industry, to secure a fleet of offshore platforms and operational processes from cyber attacks.

The Challenge icon
The challenge

Waterfall Unidirectional Gateways were deployed, both on the platform and in onshore facilities. Each gateway is the only point of connection between IT and OT networks, replicating information from control networks to the enterprise network. A central OSIsoft PI enterprise server served as a repository for analyzing operations data, company-wide. An OPC-DA server in each control network pulls realtime data from industrial servers. The Waterfall Gateway replicates OPC-DA servers to platform and onshore IT networks. The enterprise PI server pulls data from the Waterfall OPC-DA replicas and makes it available enterprise-wide for reporting, analysis and optimization planning.

Waterfall solution - icon
Waterfall solution

W-Industries replaced the IT/OT firewall with a Unidirectional Security Gateway. The gateways replicate an OSIsoft PI historian from the OT network to the IT network. The IT PI replica provides enterprise users and applications with real-time access to all operations data authorized to be shared with the enterprise. The enterprise hydraulic analysis application draws real-time reservoir levels, pressures and pump indications from the replica historian. A secure web portal accesses equipment status information, billing information and other readings from the replica as well. This data IS available to utility management, end users and field personnel.

Results and benefits - icon
Results & benefits

Security: Absolute protection from online attacks originating on the IT network, and from Internet-based attacks which might breech the enterprise network.

Visibility: Online access to real-time operations data, with no change in end-user or business application integration procedures.

Cost: Reduced training, admin, audit, testing, and monitoring costs when compared to a conventional firewall-based solution.

vertical red line
Theory of Operation
Click to enlarge

“Using the Waterfall Gateways gave our customer the assurance of true unidirectional server replication from the control network to the business network.”

Waterfall Unidirectional Security Gateways replace firewalls in industrial network environments, providing absolute protection to control systems and industrial control networks from attacks emanating from external less-trusted networks. Waterfall Gateways contain both hardware and software components. The hardware is physically able to send information in only one direction. The software replicates servers and emulates devices. The gateway software produces an accurate, timely replica of a production OPC server. Enterprise applications and users interact normally with the replica server.

Unidirectional Gateways enable control system intrusion detection, vendor monitoring, industrial cloud services, and visibility into operations for modern enterprises and customers. The gateways replicates servers, emulate industrial devices, and translate industrial data to cloud formats. Unidirectional Gateway technology represents a plug-and-play replacement for firewalls, without the vulnerabilities and maintenance issues that accompany firewall deployments. Replacing at least one layer of firewalls in a defense-in-depth architecture breaks the attack path from the Internet to critical systems

vertical red line
Unidirectional Security Gateways Benefits:

arrow red rightSafe, continuous monitoring of critical systems

arrow red rightProtects product quality and the safety of personnel, equipment and the environment

arrow red rightSimplifies audits, change reviews, and system documentation

arrow red rightDisciplined, on-demand and scheduled updates of plant systems, without introducing firewall vulnerabilities

arrow red rightReplaces at least one layer of firewalls in a defense-in-depth architecture, breaking the chain of infection and preventing pivoting attacks

Share

Stay up to date

Subscribe to our blog and receive insights straight to your inbox