OWL PERIMETER DEFENSE SOLUTION INSTALLATION AT SAUDI ARABIAN FERTILIZER COMPANY (SAFCO)



Similar documents
OWL PERIMETER DEFENSE SOLUTION (OPDS) INSTALLATION AT SAFCO

CRITICAL INFRASTRUCTURE

Waterfall for NERC-CIP Compliance

Applying NERC-CIP CAN-0024 Guidance for Data Diodes To Unidirectional Security Gateways

Meeting the Cybersecurity Standards of ANSI/ISA with Data Diodes

Industrial Network Security and Connectivity. Tunneling Process Data Securely Through Firewalls. A Solution To OPC - DCOM Connectivity

OPCNet Broker TM for Industrial Network Security and Connectivity

Safe Network Integration

Secure Software Update Service (SSUS ) White Paper

OPC UA vs OPC Classic

UNIDIRECTIONAL SECURITY GATEWAYS. Utilizing Unidirectional Security Gateways to Achieve Cyber Security for Industrial Environments

White Paper Levels of Linux Operating System Security

CROSS DOMAIN SOLUTIONS

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions

DeltaV OPC.NET Server

The Information Revolution for the Enterprise

SCADA Questions and Answers

OWL CROSS DOMAIN FORUM

Keys To Developing an Embedded UA Server

Introduction to Waterfall Unidirectional Security Gateways: True Unidirectionality, True Security

An Introduction to SCADA-ICS System Security. Document Number IG-101 Document Issue 0.1 Issue date 03 February 2015

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

OmniServer UA Interface Tutorial. A Guide to Configuring the OmniServer OPC UA Server Settings

New Era in Cyber Security. Technology Development

Samsung SDS. Enterprise Mobility Management

All Data Diodes Are Not Equal

DeltaV System Cyber-Security

An Analysis of the Capabilities Of Cybersecurity Defense

Strong Security in NERC CIP Version 5: Unidirectional Security Gateways

Network Architecture & Active Directory Considerations for the PI System. Bryan Owen - OSIsoft Joel Langill - SCADAhacker

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

FactoryTalk Historian Site Edition Architectures and Design Considerations

OPC & Security Agenda

Architecture and Best Practices: Recommendations for PI Systems

Advanced Monitoring and Diagnostics:

Stronger Than Firewalls: Unidirectional Security Gateways

Raising the Bar on Scalability. By Phil Couling, Marketing Program Manager, Supervisory HMI

Security for. Industrial. Automation. Considering the PROFINET Security Guideline

The Rise of Industrial Big Data

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Tank Gauging & Inventory Management Solutions

ARC VIEW. OSIsoft-SAP Partnership Deepens SAP s Predictive Analytics at the Plant Floor. Keywords. Summary. By Peter Reynolds

Plantwide Event Historian

SCADA Cyber Security

Symphony Plus Cyber security for the power and water industries

CIP Cyber Security Electronic Security Perimeter(s)

Cybersecurity on a Global Scale

SOFTWARE ASSET MANAGEMENT Continuous Monitoring. September 16, 2013

Choosing the correct Time Synchronization Protocol and incorporating the 1756-TIME module into your Application

Cloud Computing for SCADA

How To Secure Your System From Cyber Attacks

Industrial Cyber Security. Complete Solutions to Protect Availability, Safety and Reliability of Industrial Facilities

SICAM PAS - the Key to Success Power Automation compliant with IEC and your existing system

Larry Wilson Version 1.0 November, University Cyber-security Program Critical Asset Mapping

Tufts University. Department of Computer Science. COMP 116 Introduction to Computer Security Fall 2014 Final Project. Guocui Gao

ISACA rudens konference

Security in SCADA solutions

Best Practices for Deploying and Managing Linux with Red Hat Network

Securing Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.

i-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors

Product Summary of XLReporter with OPC Servers

Satellite REPRINTED FROM. John D. Prentice, Stratos Global Corp., USA,

The Advanced Process Data Historian Solution

ABB Group March 1, 2010 Slide 1

PCN Cyber-security Considerations for Manufacturers. Based on Chevron Phillips Chemical Company PCN Architecture Design and Philosophy

Cisco Fog Computing Solutions: Unleash the Power of the Internet of Things

CIP- 005 R2: Understanding the Security Requirements for Secure Remote Access to the Bulk Energy System

Sygate Secure Enterprise and Alcatel

Agenda. Introduction to SCADA. Importance of SCADA security. Recommended steps

Access is power. Access management may be an untapped element in a hospital s cybersecurity plan. January kpmg.com

Cybersecurity Training

Impact of Cybersecurity Innovations in Key Sectors (Technical Insights)

Real Time Remote Monitoring over Cellular Networks. Wayne Chen Marketing Specialist

Cloud Networking: A Novel Network Approach for Cloud Computing Models CQ1 2009

Monitoring Underground Power Networks

Protect Your Connected Business Systems by Identifying and Analyzing Threats

Bailey to DeltaV Systems Connectivity

An International Perspective on Security and Compliance

Wireless Process Control Network Architecture Overview

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Avoiding the Top 5 Vulnerability Management Mistakes

Appendix. Key Areas of Concern. i. Inadequate coverage of cybersecurity risk assessment exercises

Reliable DNS and DHCP for Microsoft Active Directory

Certification Report

Environmental Monitoring System (EMS) Architectures

PI Server Security Best Practice Guide Bryan Owen Cyber Security Manager OSIsoft

The Journey To Real-time Operational Intelligence

A Data Collection Revolution?

Process Solutions. Uniformance Process History Database (PHD) Product Information Note

Industrial IT cpmplus Enterprise Connectivity Collaborative Production Management. Improving the total cost of ownership of your ERP System

New Technologies for Substation Cyber Hardening

Impact of OPC UA and Information Modeling on Monitoring Solutions. Ron DeSerranno, Founder / CEO rdeserranno@b-scada.com

NASCIO 2015 State IT Recognition Awards

Cisco Security Optimization Service

1.1.1 Introduction to Cloud Computing

Transcription:

Owl Computing Technologies R Case Study OWL PERIMETER DEFENSE SOLUTION INSTALLATION AT SAUDI ARABIAN FERTILIZER COMPANY (SAFCO) Case Study Owl Computing Technologies 38A Grove Street Suite 101 Ridgefield, CT 06877 USA Toll Free: 866-695-3387 P: +1 203-894-9342 F: +1 203-894-1297

About SAFCO Saudi Arabian Fertilizer Company (SAFCO), a division of Saudi Arabia Basic Industries Corporation s (SABIC), produces, processes, manufactures, and markets the principal fertilizers found in local and international markets. SAFCO products include ammonia, urea, melamine, and sulfuric acid. SAFCO is controlled by SABIC, a 50 billion dollar diversified manufacturing company active in chemicals and intermediates, industrial polymers, fertilizers, and metals. Problem In August of 2012, a number of heavy industry locations in the Middle East suffered a serious cyberattack. As a result, many of the companies in the region disconnected their manufacturing and process plant networks from their corporate networks. This disconnection reduced the vulnerability of the process plants by isolating their process control networks from their business networks. SAFCO was no exception, isolating its process plant networks to minimize their risk exposure. This plant network isolation disrupted the normal information flows thereby creating operating inefficiencies because data examination and queries had to be physically performed within the plant perimeter. 1

Challenges The process plant network isolation challenged SAFCO with the tasks of safely and efficiently moving their process data from applications on the plant network to the business network. This included: Restoration of business continuity to allow data flows to resume Ensure network security with network domain separation Limit unauthorized access to plant network from outside the plant Replication of Yokogawa DCS and GE Bently Nevada operations data to the business unit OPC servers, OSIsoft PI, and Yokogawa Historian SAFCO Company Snapshot Saudi Arabian Fertilizer Company engages in the manufacture and sale of fertilizer products in Saudi Arabia and internationally. Its products include ammonia, urea, melamine, and sulfuric acid. The company was founded in 1965 and is based in Jubail, Saudi Arabia. *Source: http://investing.businessweek.com/research/stocks/snapshot/snapshot_article.asp?ticker=safco:ab 2

The Business Decision To meet the challenges of safeguarding the process network applications against cyber-attack and to reinstate required high-priority information flow to support efficient business operations, SAFCO selected the Owl Perimeter Defense Solution (OPDS) from Owl Computing Technologies along with its OPC Server Transfer Service (OPTS) software application. SAFCO selected the Owl products because of the company s leading product line for next generation cybersecurity. Its DualDiode Technology, a proprietary data diode, has been successfully deployed across government, military, and critical infrastructure networks, including power generation, oil & gas, and water plants. Moreover, OPTS is OPC Foundation Certified as compliant for OPC-DA and OPC A&E data types. SAFCO Implementation To restore business continuity SAFCO installed the OPDS. The OPDS is a one-way data diode transfer solution, to support the secure transfer of industrial control information, using OPC-DA and OPC A&E to the corporate network into the OSIsoft PI and Yokogawa Historians. To this end, the first step was the installation of the OPDS network isolation security product at the customer site to protect the process control network from cyber-attack. Next, Owl OPC Server Transfer Service (OSTS) application software was installed to provide efficient and robust transfer of the required OPC data from the process control network to the corporate network. OSTS extracts data from various customer OPC servers on the process network. The OPC data is then transferred across the OPDS network boundary isolation product. The Owl OSTS software creates an OPC server on the customer business network making the data available to corporate applications as necessary. The Owl OSTS software solution utilizes the OSI OPC Client connector to extract the data from the Owl created OPC server and place it into an OSIsoft PI historian. In doing so, the Owl OSTS software solution interoperates with the PI historian, OSI OPC Connector, and ProcessBook. As a result of this implementation, high priority data is now flowing from the SAFCO plant network applications to the OSIsoft PI system historian located on the SAFCO business network. Similarly, Yokogawa s OPC Historian connects to the Owl OPC Server in the business network OPC. In this manner, the Yokogawa Historian also collect the OPC data in the historians on the business network. GE Bently Nevada OPC data flow was resumed from the process control network to the business network. Additionally, the plant network is no longer subject to compromise from a cyber-attack originating on the business network. Engineers and business management have immediate access to both real-time and historical data from the OSIsoft PI historian located on the business network, which had been unavailable following the forced disconnect. SAFCO no longer had to physically perform data examination and queries from within the plant perimeter thus reinstating the operational efficiencies lost as a result of the plant network isolation. 3

R INLET ETHERNET ACTIVITY LINK POWER COMMUNICATION ENGINE STATUS ACTIVE RECEIVE COMMUNICATION ENGINE STATUS POWER OUTLET ETHERNET ACTIVITY LINK WWW.OWLCTI.COM PROCESS CONTROL NETWORK Yokogawa DCS Station 153 (OPC DA) Yokogawa DCS Station 261 (OPC DA) Yokogawa DCS Station 363 (OPC DA, A&E) GE Bently-Nevada (OPC DA) OwlOPC BLUE Remote Node DCOM DCOM DCOM OwlOPC BLUE Home Node A Whitepaper from UDP Owl Computing Technologies PERIMETER DEFENSE 32 CONNECTIONS OSI PI Historian UDP Yokogawa Historian Remote DA Sever (153) Remote DA Sever (261) Home Node Remote DA Sever (153) Remote DA Sever (261) Remote DA Sever (363) Remote DA Sever (363) Remote DA Sever (GE) Remote DA Sever (GE) Remote A&E Sever (363) Remote A&E Sever (363) BUSINESS CONTROL NETWORK 4

Owl OPC Server Transfer Service OPC Foundation Certified OPC-UA, OPC-DA, and OPC Alarms and Events Windows OPC for OPC server interoperability, point selection, and collection ease Conforms with OPC 2.05 & OPC 3.0 specifications Integrated platform functionality eliminates the need for changes to legacy networks Non-routable protocol separation of networks with embedded data diodes; Owl proprietary DualDiode Technology Owl Security Enhanced LINUX OS for transfer security & reliability levels of security classifications A Whitepaper from Benefits of the Owl OPDS Installation Restored business data flows: Yokogawa DCS OPC data sent via DCOM GE Bently-Nevada OPC data sent via OPC Servers are precisely replicated OSIsoft PI System historian precisely and timely updated Yokogawa historian precisely and timely updated Conclusion The cyber-attacks created an urgent need to secure the applications operating on the plant operations network. Business continuity of important data flows was re-established with the Owl OPDS and OSTS installation. When SAFCO was forced to disconnect their process network from their business network, they had no immediate or convenient method of extracting or examining plant data without putting their operations at risk. By installing the Owl Computing Technologies OPDS and OSTS products, operational data, including current and historical values, became available to users on the business network. Moreover, the system architecture was deployed to be scalable for easy replication to other sites. Owl s DualDiode Technology is designed for ease of use and installation. The milestone installation augmented the cybersecurity best practices of SABIC and its affiliates, eliminating threats to network infrastructure and data. About Owl Owl Computing Technologies is the leading source for next generation cybersecurity. Owl s DualDiode Technology, a proprietary data diode, has been successfully deployed in solutions across government, military and critical infrastructure networks. Owl s hardware-enforced technology enables secure, reliable and robust information sharing for streaming data files of all sizes and data-types. As a privately owned US company, Owl maintains a domestically-controlled supply chain that delivers NIAP Common Criteria EAL-4 certified and government approved data diode products. Owl is the source for secure network connections enabling the operational efficiencies and information sharing. 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information