Chemical Technology • October 2015

31

For example, if heavy rain falls in one region, process

operators know the system will receive an influx into the

treatment systems there. The operators can then adjust

their processes to ensure capacity is available or to divert

untreated water into storage reservoirs.

In the past, limited data from this telemetry would

have been delivered to the central control centre via an

automation network, with separate networks for video

surveillance, swipe-card entry systems and other onsite

security.

Today, outstations are connected using a single IP

network infrastructure that carries all data from the auto-

mation equipment, closed-circuit television and physical

security devices as well as normal office traffic, such as

e-mail and IP telephony.

This is possible because of various technologies,

such as quality of service (QoS), Application Visibility

and Control (AVC) and bandwidth management.  These

technologies are built into the IP network devices and

accomplish the critical task of delivering network data

according to the needs of the specific applications. If

issues arise that cause network congestion, QoS and

AVC ensure the most critical automation control traffic

is delivered first and then prioritises delivery of other

business and security traffic depending on criticality.

For example, non-essential closed-circuit video from

the outstation could be classed as low priority traffic,

closed-circuit video for process monitoring would have

a higher level of priority and automation control traffic

would be the highest priority. 

In-depth network security

Oil well heads and drilling pads tend to be located in

remote locations, including some of the hottest and the

coldest places on the planet. These assets may be far

from the nearest human outpost, however, they are still

targeted by people who want to gain unauthorised access

to the IP network supporting them.

The first lines of defense are simple: physically secur-

ing remote assets with fences and putting the automation

and network devices into locked enclosures and cabinets.

It may also be appropriate to provide closed-circuit sur-

veillance and associated video analytics to detect intru-

sions.  However, how should the network be secured from

a 'cyber' standpoint?  If somebody successfully bypasses

these physical barriers, they can plug into the network.

How do you protect against that threat?

Some of the simplest safeguards come down to the

capabilities built into the network access switch and then

more advanced technologies can be layered on top of this

to provide the 'Defense-In-Depth' approach that presents

multiple barriers to cyber attackers.

Managed switches have basic built-in security capa-

bilities to limit the number and types of devices that can

PLANT MAINTENANCE, SAFETY,

HEALTH & QUALITY