- Rick Irons-Mclean, Oil & Gas and Energy Architecture Lead
- Jason Greengrass, IoT Solution Architect
Connected Pipelines Validated Design: coming this week! Cisco.com/go/cvd > Oil & Gas area
- This CVD was built with customer input (from around the globe) and Cisco account team input (including yours truly)
- Next iteration of the CVD will contain more security, including providing better visibility into traffic and events in the control center network
For those that aren’t familiar with the oil/gas business, there’s three areas:
- Upstream: discovery and extraction
- Midstream: storage and transport
- Downstream: refining (turning it into product) and marketing/selling
Cisco can work and play in all three areas. Eg:
- Connected Pipeline
- Connected Refinery
- Secure Ops (managed security services from Cisco)
- Connected Oilfield
ISA95/99 (aka Perdue Model) – describes an architecture for different security zones within the industrial environment.
- Bottom is Level 0 – where the process actually happens (valves, pumps, etc)
- Top is Level 5 – the business/enterprise network
Operational principles (compare this with a typical enterprise environment and principles):
- Continuous operation: 24×7, 365 days a year
- Continuous visibility and control: operators need constant communication to the pipeline
- Safety and compliance: pipeline integrity, safety, security and reliability
With respect to 24×7 visibility:
- Operators are like air traffic controllers
- If ATC loses visibility, planes don’t fall out of the sky, but the operators lose the ability to control the situation
- Each plane ends up being on its own
- If pipeline operators lose their visibility, the line doesn’t shut but control is lost
- Eventually, local safety processes will shut the line but that’s a last resort and always costs money!
Unintuitive use of fiber along the pipeline: leak detection and third-party intrusion.
- Fiber optic cables run along the pipeline can be used not only for data but also as a large sensor to detect earth movement/land slides, nearby digging, and so on.
“Who thinks security is important in an industrial environment?” — every hand in the room goes up.
- IEC 62443 – standard which outlines key fundamental security requirements
- AAA, use control, data confidentiality, restricted data flow, timely response to events
- FYI, 62443 allows segmentation via virtual means (eg VLANs, VRFs) and does not mandate physical separation
Q: Why is there a DMZ shown in the control center [of the validated design]?
- Segments enterprise/business network from the operational/SCADA network
- Enterprise network is often viewed as untrusted — or even as a threat.
- Operational data is mirrored to a historian in the DMZ which allows users from the enterprise network to see the data, without having access into the operational network
Q: Is there guidance on when to use virtual vs. physical segmentation?
- It largely depends on customer philosophy
- The standards (eg 62443) allow for either
- There are real-world deployments doing both
- Interesting: European customers seem more comfortable with virtualization; North American customers prefer physical separation
Q: Are there requirements for latency across the WAN?
- Not really. The network is expected to deliver round trip times of 100s of milliseconds, to seconds. Sometimes even minutes. No hard targets.
- By contrast: between the control centers, latency is likely in the 10s or low 100s of milliseconds due to much better, low latency connectivity between those two locations.