As explained in my previous post about Cyber Security for pipeline management solutions, security measures should always span an entire organization to be fully effective. OT, IT and physical assets all need to be covered to meet safety requirements and reliability goals. Schneider Electric’s solutions cover all the components of a Pipeline Management System in an intelligently architected way.
Every system is only as strong as its weakest link; a cyberattack can strike at any part of a Pipeline Management System’s network. An ‘ecosystem approach’ should be taken when securing a network, as third party contractors and devices play a key role alongside primary contractors. Every aspect must contribute to the overall security goals. For example, defense in depth is an approach of multi-layered defense that spans from individual devices to the entire enterprise. This should be a part of any security architecture. Don’t forget that security is about much more than systems alone; it encompasses people, processes and policies, all of which need to come together in a cohesive way.
Operational traffic should always be treated as a priority, but multiservice applications should be included in secure communications architecture. The right architecture is secure for multi-party solutions across these sections: control center tier, pipeline station tier, operational telecoms WAN tier, security and secure remote access tier. Support covers both operational and multiservice applications. Each tier is important, because if one is compromised then so is the entire system. However, a secure architecture needs to deliver more than security alone; high availability, open standards, multiservice support and integrated management need to come as part of the package.
The SCADA system by Schneider Electric is an excellent example of this. Its features include an access control mechanism and rigorous password requirements. With various best practices in place, operational systems will receive the best security.
Antivirus and anti-malware technology is also important in the approach to cyber security. These optimize the SCADA system, letting it streamline processes, manage activities and define groups on a variety of factors. The SCADA system further ensures security through restricted dataflow, a timely response to events, high availability (either for a single model or distributed model), compute segmentation where each environment has its own server, and basic infrastructure mechanisms that protect the switching infrastructure.
Zoning and Segmentation
Network segmentation is an approach that prevents cross-pollination of traffic between untrusted entities. Dataflow is restricted and network-based encryption ensures that the data itself is stored or shared safely. However, securing the pipeline station itself is just as important as securing its telecommunications. A defense in depth strategy should be adopted by every station and devices should be authenticated to prevent the most common attacks seen in the O&G sector. Restricting and monitoring access to networks can help secure wired and wireless network infrastructures in the station. Finally, stations should also follow a zoning and segmentation approach created from an initial risk assessment.
Each of these approaches works together to cover all bases to preserve and improve the pipeline’s cyber security.