OWL PERIMETER DEFENSE SOLUTION (OPDS) INSTALLATION AT SAFCO



Similar documents
OWL PERIMETER DEFENSE SOLUTION INSTALLATION AT SAUDI ARABIAN FERTILIZER COMPANY (SAFCO)

CRITICAL INFRASTRUCTURE

Waterfall for NERC-CIP Compliance

Industrial Network Security and Connectivity. Tunneling Process Data Securely Through Firewalls. A Solution To OPC - DCOM Connectivity

Meeting the Cybersecurity Standards of ANSI/ISA with Data Diodes

Applying NERC-CIP CAN-0024 Guidance for Data Diodes To Unidirectional Security Gateways

OPCNet Broker TM for Industrial Network Security and Connectivity

Safe Network Integration

Secure Software Update Service (SSUS ) White Paper

OWL CROSS DOMAIN FORUM

UNIDIRECTIONAL SECURITY GATEWAYS. Utilizing Unidirectional Security Gateways to Achieve Cyber Security for Industrial Environments

White Paper Levels of Linux Operating System Security

Introduction to Waterfall Unidirectional Security Gateways: True Unidirectionality, True Security

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions

Strong Security in NERC CIP Version 5: Unidirectional Security Gateways

An Introduction to SCADA-ICS System Security. Document Number IG-101 Document Issue 0.1 Issue date 03 February 2015

The Information Revolution for the Enterprise

DeltaV OPC.NET Server

Keys To Developing an Embedded UA Server

An Analysis of the Capabilities Of Cybersecurity Defense

Network Architecture & Active Directory Considerations for the PI System. Bryan Owen - OSIsoft Joel Langill - SCADAhacker

Stronger Than Firewalls: Unidirectional Security Gateways

OmniServer UA Interface Tutorial. A Guide to Configuring the OmniServer OPC UA Server Settings

OPC UA vs OPC Classic

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

FactoryTalk Historian Site Edition Architectures and Design Considerations

ARC VIEW. OSIsoft-SAP Partnership Deepens SAP s Predictive Analytics at the Plant Floor. Keywords. Summary. By Peter Reynolds

CROSS DOMAIN SOLUTIONS

OPC & Security Agenda

Tank Gauging & Inventory Management Solutions

SCADA Questions and Answers

New Era in Cyber Security. Technology Development

PFP Technology White Paper

DeltaV System Cyber-Security

Keeping the Lights On

The Rise of Industrial Big Data

All Data Diodes Are Not Equal

The Advanced Process Data Historian Solution

Architecture and Best Practices: Recommendations for PI Systems

Agenda. Introduction to SCADA. Importance of SCADA security. Recommended steps

SCADA Cyber Security

Advanced Monitoring and Diagnostics:

Industrial Cyber Security. Complete Solutions to Protect Availability, Safety and Reliability of Industrial Facilities

Impact of Cybersecurity Innovations in Key Sectors (Technical Insights)

An International Perspective on Security and Compliance

Symphony Plus Cyber security for the power and water industries

Cybersecurity on a Global Scale

Plantwide Event Historian

PI Server Security Best Practice Guide Bryan Owen Cyber Security Manager OSIsoft

How To Secure Your System From Cyber Attacks

Reliable DNS and DHCP for Microsoft Active Directory

Samsung SDS. Enterprise Mobility Management

Larry Wilson Version 1.0 November, University Cyber-security Program Critical Asset Mapping

Raising the Bar on Scalability. By Phil Couling, Marketing Program Manager, Supervisory HMI

A New Layer of Security to Protect Critical Infrastructure from Advanced Cyber Attacks. Alex Leemon, Sr. Manager

The Advantages of Plant-wide Historians vs. Relational Databases

Industrial IT cpmplus Enterprise Connectivity Collaborative Production Management. Improving the total cost of ownership of your ERP System

Process Solutions. Uniformance Process History Database (PHD) Product Information Note

New Technologies for Substation Cyber Hardening

Cloud Networking: A Novel Network Approach for Cloud Computing Models CQ1 2009

CONCEPTS IN CYBER SECURITY

Seven Strategies to Defend ICSs

CIP Cyber Security Electronic Security Perimeter(s)

i-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors

Access is power. Access management may be an untapped element in a hospital s cybersecurity plan. January kpmg.com

NERC CIP VERSION 5 COMPLIANCE

Carbon Black and Palo Alto Networks

PCN Cyber-security Considerations for Manufacturers. Based on Chevron Phillips Chemical Company PCN Architecture Design and Philosophy

SysAid IT On-Demand Architecture Including Security and Disaster Recovery Plan

Reliable DNS and DHCP for Microsoft Active Directory Protecting and Extending Active Directory Infrastructure with Infoblox Appliances

Trend Micro. Advanced Security Built for the Cloud

Lumeta IPsonar. Active Network Discovery, Mapping and Leak Detection for Large Distributed, Highly Complex & Sensitive Enterprise Networks

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

GE Fanuc Production Management Software

OpenScape UC Firewall and OpenScape Session Border Controller

ISACA rudens konference

Monitoring Underground Power Networks

Security in SCADA solutions

Cloud Computing for SCADA

Best Practices for Deploying and Managing Linux with Red Hat Network

WIND RIVER SECURE ANDROID CAPABILITY

OPC: The Ins and Outs to What It s About

Product Summary of XLReporter with OPC Servers

OPC and DCOM: 5 things you need to know Author: Randy Kondor, B.Sc. in Computer Engineering

Building A Secure Microsoft Exchange Continuity Appliance

MANUFACTURING. Communications Solutions for Industrial Automation and Control

Energy Cybersecurity Regulatory Brief

Project Finance in Saudi Arabia

VantagePoint Getting Results Guide

Transcription:

Owl Computing Technologies R Case Study OWL PERIMETER DEFENSE SOLUTION (OPDS) INSTALLATION AT SAFCO Case Study Owl Computing Technologies 38A Grove Street Suite 101 Ridgefield, CT 06877 USA Toll Free: 866-695-3387 P: +1 203-894-9342 F: +1 203-894-1297

About SAFCO Saudi Arabian Fertilizer Company (SAFCO), a division of Saudi Arabia Basic Industries Corporation s (SABIC), produces, processes, manufactures, and markets the principal fertilizers found in local and international markets. SAFCO products include ammonia, urea, melamine, and sulfuric acid. SAFCO is controlled by SABIC, a 50 billion dollar diversified manufacturing company active in chemicals and intermediates, industrial polymers, fertilizers, and metals. Problem Challenges In August of 2012, a number of heavy industry locations in the Middle East suffered a serious cyberattack. As a result, many of the companies in the region disconnected their manufacturing and process plant networks from their corporate networks. This disconnection reduced the vulnerability of the process plants by isolating their process control networks from their business networks. SAFCO was no exception, isolating its process plant networks to minimize their risk exposure. This plant network isolation disrupted the normal information flows thereby creating operating inefficiencies because data examination and queries had to be physically performed within the plant perimeter. 1

Challenges The process plant network isolation challenged SAFCO with the tasks of safely and efficiently moving their process data from applications on the plant network to the business network. This included: Restoration of business continuity to allow data flows to resume Ensure network security with network domain separation Limit unauthorized access to plant network from outside the plant Replication of Yokogawa DCS and GE Bently Nevada operations data to the business unit OPC servers and OSIsoft PI Historian applications SAFCO Company Snapshot Saudi Arabian Fertilizer Company engages in the manufacture and sale of fertilizer products in Saudi Arabia and internationally. Its products include ammonia, urea, melamine, and sulfuric acid. The company was founded in 1965 and is based in Jubail, Saudi Arabia. *Source: http://investing.businessweek.com/research/stocks/snapshot/snapshot_article.asp?ticker=safco:ab 2

The Business Decision To meet the challenges of safeguarding the process network applications against cyber-attack and to reinstate required, high-priority information flow to support efficient business operations, SAFCO selected the OPDS product from Owl Computing Technologies along with its OPC Server Transfer Service (OPTS) software application. SAFCO selected the Owl products because of the company s leading product line for next generation cybersecurity, its DualDiode Technology, a proprietary data diode, that has been successfully deployed in over 1500 solutions across government, military, and critical infrastructure networks, including power generation and oil & gas, and that the OPTS was OPC Foundation Certified as compliant for OPC-DA and OPC A&E data types. SAFCO Implementation To restore business continuity SAFCO installed the Owl Perimeter Defense Solution (OPDS). The OPDS is a one-way data diode transfer solution, to support the secure transfer of industrial control information, using OPC-DA and OPC A&E to the corporate network into the OSIsoft PI database. To this end, the first step was the installation of the OPDS network isolation security product at the customer site to protect the process control network from cyber-attack. Next, Owl OPC Server Transfer Service (OSTS) application software was installed to provide efficient and robust transfer of the required OPC data from the process control network to the corporate network. OSTS extracts data from various customer OPC servers on the process network. The OPC data is then transferred across the OPDS network boundary isolation product. The Owl OSTS software creates an OPC server on the customer business network making the data available to corporate applications as necessary. The Owl OSTS software solution utilizes the OSI OPC Client connector to extract the data from the Owl created OPC server and place it into an OSIsoft PI historian. In doing so, the Owl OSTS software solution interoperates with the PI historian, OSI OPC Connector, and ProcessBook. As a result of this implementation, high priority data is now flowing from the SAFCO plant network applications to the OSIsoft PI system historian located on the SAFCO business network. Additionally, the plant network is no longer subject to compromise from a cyberattack originating on the business network. Engineers and business management have immediate access to both real-time and historical data from the OSIsoft PI historian located on the business network, which had been unavailable following the forced disconnect. SAFCO no longer had to physically perform data examination and queries from within the plant perimeter thus reinstating the operational efficiencies lost as a result of the plant network isolation. 3

SABIC/SAFCO OPDS Installation OSI PI Historian UDP Yokogawa Historian Remote DA Sever (153) Remote DA Sever (261) Home Node Remote DA Sever (153) Remote DA Sever (261) Remote DA Sever (363) A Whitepaper from Remote DA Sever (363) Remote DA Sever (GE) Remote DA Sever (GE) Remote A&E Sever (363) Remote A&E Sever (363) SABIC/SAFCO OSIsoft PI System Server Home Node OSI PI Server Remote DA Sever (153) Remote DA Sever (261) Remote DA Sever (363) Remote DA Sever (GE) Remote A&E Sever (363) DCOM DCOM DCOM DCOM DCOM OSI PI OPC Interface OSI PI Historian 4

Owl OPC Server Transfer Service OPC Foundation Certified OPC-UA, OPC-DA and OPC Alarms and Events Windows OPC for OPC server interoperability, point selection, and collection ease Conforms with OPC 2.05 & OPC 3.0 specifications Integrated platform functionality eliminates the need for changes to legacy networks OSTS installed in an OPDS Non-routable protocol separation of networks with embedded data diodes; Owl proprietary DualDiode Technology Owl Security Enhanced LINUX OS for transfer security & reliability levels of security classifications. A Whitepaper from Benefits of the Owl OPDS Installation Restored business data flows: Yokogawa DCS OPC data sent via DCOM GE Bently-Nevada OPC data sent via OPC Servers are precisely replicated OSIsoft PI System Historian precisely and timely updated Yokogawa historian timely and accurately updated Conclusion The cyber-attacks created an urgent need to secure the applications operating on the plant operations network. Business continuity of important data flows was re-established with the Owl OPDS and OPTS installation. When SAFCO was forced to disconnect their process network from their business network, they had no immediate or convenient method of extracting or examining plant data without putting their operations at risk. By installing the Owl Computing Technologies OPDS and OSTS products, operational data, including current and historical values, are now available to users on the business network. Furthermore, the system architecture was deployed to be scalable for easy replication to other sites. 5

About Owl Owl Computing Technologies is the leading source for next generation cyber security. Owl s DualDiode Technology, a proprietary data diode, has been successfully deployed in over 1500 solutions across government, military, and critical infrastructure networks, including power generation and oil & gas. Owl s hardware-enforced, non-routable technology enables secure, reliable, and robust information sharing for all files sizes and data-types. As a privately owned US company, Owl maintains a domestically-controlled supply chain that delivers NIAP Common Criteria EAL-4 certified and government approved data diode products. Owl is the source for secure network connections enabling the operational efficiencies from information sharing. A Whitepaper from 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information