Waterfall And W-Industries Secure Offshore Platforms
Partnering With Global Systems Integrator To Secure Critical Production Processes
Customer/ Partner:
Offshore Oil & Gas Producer.
Customer Requirement:
Secure safe and continuous operation of offshore platforms from remote cyber attacks, while enabling reliable real-time monitoring and reporting of production data and the status of essential platform systems.
Waterfall’s Unidirectional Solution:
Secures the platform control system network perimeter from external threats with Unidirectional Security Gateways, enabling real-time enterprise monitoring and third-party monitoring and diagnostics, while creating fully operational Wonderware PCS, OPCDA, power turbine monitoring and file server replicas.
Offshore Production Modernisation And Containing Remote Cyber Threats
The energy industry is the second most prone critical infrastructure to cyber attacks with nearly threequarters of U.S. oil & gas companies experiencing at least one industrial cyber incident annually. Remote cyber attacks targeting offshore oil platforms can result in severe consequences to human and environmental safety. Waterfall partnered with W-Industries, a leading global systems integrator for the offshore industry, to secure a fleet of offshore platforms and operational processes from cyber attacks.
The challenge
Waterfall Unidirectional Gateways were deployed, both on the platform and in onshore facilities. Each gateway is the only point of connection between IT and OT networks, replicating information from control networks to the enterprise network. A central OSIsoft PI enterprise server served as a repository for analyzing operations data, company-wide. An OPC-DA server in each control network pulls realtime data from industrial servers. The Waterfall Gateway replicates OPC-DA servers to platform and onshore IT networks. The enterprise PI server pulls data from the Waterfall OPC-DA replicas and makes it available enterprise-wide for reporting, analysis and optimization planning.
Waterfall solution
W-Industries replaced the IT/OT firewall with a Unidirectional Security Gateway. The gateways replicate an OSIsoft PI historian from the OT network to the IT network. The IT PI replica provides enterprise users and applications with real-time access to all operations data authorized to be shared with the enterprise. The enterprise hydraulic analysis application draws real-time reservoir levels, pressures and pump indications from the replica historian. A secure web portal accesses equipment status information, billing information and other readings from the replica as well. This data IS available to utility management, end users and field personnel.
Results & benefits
Security: Absolute protection from online attacks originating on the IT network, and from Internet-based attacks which might breech the enterprise network.
Visibility: Online access to real-time operations data, with no change in end-user or business application integration procedures.
Cost: Reduced training, admin, audit, testing, and monitoring costs when compared to a conventional firewall-based solution.
Theory of Operation
“Using the Waterfall Gateways gave our customer the assurance of true unidirectional server replication from the control network to the business network.”
Greg Hanson, W-Industries
Waterfall Unidirectional Security Gateways replace firewalls in industrial network environments, providing absolute protection to control systems and industrial control networks from attacks emanating from external less-trusted networks. Waterfall Gateways contain both hardware and software components. The hardware is physically able to send information in only one direction. The software replicates servers and emulates devices. The gateway software produces an accurate, timely replica of a production OPC server. Enterprise applications and users interact normally with the replica server.
Unidirectional Gateways enable control system intrusion detection, vendor monitoring, industrial cloud services, and visibility into operations for modern enterprises and customers. The gateways replicates servers, emulate industrial devices, and translate industrial data to cloud formats. Unidirectional Gateway technology represents a plug-and-play replacement for firewalls, without the vulnerabilities and maintenance issues that accompany firewall deployments. Replacing at least one layer of firewalls in a defense-in-depth architecture breaks the attack path from the Internet to critical systems
Unidirectional Security Gateways Benefits:
Safe, continuous monitoring of critical systems
Protects product quality and the safety of personnel, equipment and the environment
Simplifies audits, change reviews, and system documentation
Disciplined, on-demand and scheduled updates of plant systems, without introducing firewall vulnerabilities
Replaces at least one layer of firewalls in a defense-in-depth architecture, breaking the chain of infection and preventing pivoting attacks
Share
Trending posts
Where does IT Security END and OT Security BEGIN?
Insights into Nation State Threats – Podcast Episode 134
Infographic: Top 10 OT Cyberattacks of 2024
Stay up to date
Subscribe to our blog and receive insights straight to your inbox