• Rick Irons-Mclean, Oil & Gas and Energy Architecture Lead
  • Jason Greengrass, IoT Solution Architect

Connected Pipelines Validated Design: coming this week! > Oil & Gas area

  • This CVD was built with customer input (from around the globe) and Cisco account team input (including yours truly)
  • Next iteration of the CVD will contain more security, including providing better visibility into  traffic and events in the control center network

For those that aren't familiar with the oil/gas business, there's three areas:

  • Upstream: discovery and extraction
  • Midstream: storage and transport
  • Downstream: refining (turning it into product) and marketing/selling

Cisco can work and play in all three areas. Eg:

  • Connected Pipeline
  • Connected Refinery
  • Secure Ops (managed security services from Cisco)
  • Connected Oilfield

ISA95/99 (aka Perdue Model) - describes an architecture for different security zones within the industrial environment.

  • Bottom is Level 0 - where the process actually happens (valves, pumps, etc)
  • Top is Level 5 - the business/enterprise network

Operational principles (compare this with a typical enterprise environment and principles):

  • Continuous operation: 24×7, 365 days a year
  • Continuous visibility and control: operators need constant communication to the pipeline
  • Safety and compliance: pipeline integrity, safety, security and reliability

With respect to 24×7 visibility:

  • Operators are like air traffic controllers
  • If ATC loses visibility, planes don't fall out of the sky, but the operators lose the ability to control the situation
  • Each plane ends up being on its own
  • If pipeline operators  lose their visibility, the line doesn't shut but control is lost
  • Eventually, local safety processes will shut the line but that's a last resort and always costs money!

Unintuitive use of fiber along the pipeline: leak detection and third-party intrusion.

  • Fiber optic cables run along the pipeline can be used not only for data but also as a large sensor to detect earth movement/land slides, nearby digging, and so on.

"Who thinks security is important in an industrial environment?" — every hand in the room goes up.

  • IEC 62443 - standard which outlines key fundamental security requirements 
  • AAA, use control, data confidentiality, restricted data flow, timely response to events
  • FYI, 62443 allows segmentation via virtual means (eg VLANs, VRFs) and does not mandate physical separation

Q: Why is there a DMZ shown in the control center [of the validated design]?

  • Segments enterprise/business network from the operational/SCADA network
  • Enterprise network is often viewed as untrusted — or even as a threat.
  • Operational data is mirrored to a historian in the DMZ which allows users from the enterprise network to see the data, without having access into the operational network

Q: Is there guidance on when to use virtual vs. physical segmentation?

  • It largely depends on customer philosophy 
  • The standards (eg 62443) allow for either
  • There are real-world deployments doing both
  • Interesting: European customers seem more comfortable with virtualization; North American customers prefer physical separation

Q: Are there requirements for latency across the WAN?

  • Not really. The network is expected to deliver round trip times of 100s of milliseconds, to seconds. Sometimes even minutes. No hard targets.
  • By contrast: between the control centers, latency is likely in the 10s or low 100s of milliseconds due to much better, low latency connectivity between those two locations.