Company Overview
Major petrochemical manufacturer with annual production over 2 million tons.
Case Summary:
Industry: Petrochemical Production
Challenge: Malware breach destroyed data, causing company to disconnect operational and business networks.
Solution: OPDS data diodes deployed along with OPTS PI System replication and OSTS OPC replication applications to re-establish business continuity.
Benefits: Deterministic, one-way data flow of PI System/OT data into HQ increased visibility without increasing risk. Enabled real-time OPC alarm monitoring at corporate HQ.
Cybersecurity Challenge
A malware breach destroyed data and servers, severely impacting daily operations. In response, the company disconnected their operational technology (OT) network from their wide-area networks (WAN), and the WAN from their corporate IT network at HQ. While this prevented any future malware proliferation, it led to lack of visibility and business continuity, due to the severed electronic communications.
Requirements:
- Maintain a “disconnected” or segmented cybersecurity architecture
- Restore plant performance data to corporate IT networks via replication of Open Platform Communications (OPC) servers
- Enable OSIsoft PI System historian replication from OT network to corporate IT network
- Allow real-time OPC alarm monitoring at corporate HQ
Use Case | Before
Solution
Owl data diodes utilizing patented technology (OPDS-100) were selected for effective network segmentation and deterministic, one-way data transfer from OT assets to the corporate network. PI System replication (OPTS) added to enable transfer of plant operations data to the business unit, as well as OPC server replication (OSTS).
Use Case | After
Deployment
Solutions:
Owl Perimeter Defense Solution – 100 (OPDS-100)
Self-contained 1U data diode, purpose-built for network segmentation and deterministic, one-way data transfer.
Interface Module:
Owl PI Transfer Service (OPTS)
Specialized software developed specifically for secure replication and transfer of OSIsoft® PI System historian data across network boundaries.
OPC Secure Transfer Service (OSTS)
Specialized and certified application for secure, real-time OPC data and event monitoring across network boundaries.
Results
- Provided security through effective network segmentation at both the plant OT and headquarters IT network boundaries, helping to prevent malware breach and proliferation
- Enabled redundant, deterministic outbound OT data flows from the plants into the corporate data stores
- Replicated OSIsoft® data historians allowing full production data use and visibility from within the HQ
- Provided full insight into security performance with central monitoring from the Security Operations Center