Company Overview
A global oil and gas producer, manufacturer and marketer, with crude oil production of over 3 billion barrels annually.
Case Summary:
Industry: Oil & Gas
Challenge: Malware breach destroyed data, causing company to disconnect operational and business networks.
Solution: Owl data diodes deployed along with OPTS PI System historian replication software.
Benefits: Deterministic, one-way flow of production data into HQ enabled increased visibility without increased risk. Centralized performance and data flow monitoring.
Cybersecurity Challenge
A malware breach destroyed data and application servers, severely impacting daily operations. In response, the company disconnected their operational technology (OT) network from their wide-area network (WAN) and disconnected their WAN from the corporate IT network. While disconnecting the plant prevented malware proliferation across the various networks, it led to loss of business continuity and lack of visibility into plant operations.
Requirements:
- Restore business continuity and operational visibility
- Maintain a “disconnected” or segmented cybersecurity architecture
- Failover, redundancy, and load-balancing capabilities
- Scalable architecture for additional volume or data types as needed
- Ability to centrally monitor security operations and technology
Use Case | Before
Solution
Owl data diode technology (OPDS/EPDS) was selected for effective network segmentation, and secure one-way data transfer, including IT syslog flow from plant assets to the Network Operations Center in the WAN. OSIsoft® PI System historian replication (OPTS) was also added to enable transfer of OT data to the HQ.
Use Case | After
Deployment
Solutions:
Enterprise Perimeter Defense Solution (EPDS)
Data diode communication card pair, mounted on independent, send-only and receive-only commercial servers, for network segmentation and deterministic, one-way data transfer.
Owl Perimeter Defense Solution – 1000 (OPDS-1000)
Self-contained 1U data diode, purpose-built for network segmentation and deterministic, one-way data transfer.
Interface Module:
Owl PI Transfer Service (OPTS)
Specialized software developed specifically for secure replication and transfer of OSIsoft® PI System historian data across network boundaries.
Results
- Provided security through effective network segmentation at both the plant OT and headquarters IT network boundaries, helping to prevent malware breach and proliferation
- Enabled redundant, deterministic outbound OT data flows from the plants into the corporate data stores
- Replicated OSIsoft® data historians allowing full production data use and visibility from within the HQ
- Provided full insight into security performance with central monitoring from the Security Operations Center