![Show Menu](styles/mobile-menu.png)
![Page Background](./../common/page-substrates/page0033.jpg)
Chemical Technology • October 2015
31
For example, if heavy rain falls in one region, process
operators know the system will receive an influx into the
treatment systems there. The operators can then adjust
their processes to ensure capacity is available or to divert
untreated water into storage reservoirs.
In the past, limited data from this telemetry would
have been delivered to the central control centre via an
automation network, with separate networks for video
surveillance, swipe-card entry systems and other onsite
security.
Today, outstations are connected using a single IP
network infrastructure that carries all data from the auto-
mation equipment, closed-circuit television and physical
security devices as well as normal office traffic, such as
e-mail and IP telephony.
This is possible because of various technologies,
such as quality of service (QoS), Application Visibility
and Control (AVC) and bandwidth management. These
technologies are built into the IP network devices and
accomplish the critical task of delivering network data
according to the needs of the specific applications. If
issues arise that cause network congestion, QoS and
AVC ensure the most critical automation control traffic
is delivered first and then prioritises delivery of other
business and security traffic depending on criticality.
For example, non-essential closed-circuit video from
the outstation could be classed as low priority traffic,
closed-circuit video for process monitoring would have
a higher level of priority and automation control traffic
would be the highest priority.
In-depth network security
Oil well heads and drilling pads tend to be located in
remote locations, including some of the hottest and the
coldest places on the planet. These assets may be far
from the nearest human outpost, however, they are still
targeted by people who want to gain unauthorised access
to the IP network supporting them.
The first lines of defense are simple: physically secur-
ing remote assets with fences and putting the automation
and network devices into locked enclosures and cabinets.
It may also be appropriate to provide closed-circuit sur-
veillance and associated video analytics to detect intru-
sions. However, how should the network be secured from
a 'cyber' standpoint? If somebody successfully bypasses
these physical barriers, they can plug into the network.
How do you protect against that threat?
Some of the simplest safeguards come down to the
capabilities built into the network access switch and then
more advanced technologies can be layered on top of this
to provide the 'Defense-In-Depth' approach that presents
multiple barriers to cyber attackers.
Managed switches have basic built-in security capa-
bilities to limit the number and types of devices that can
PLANT MAINTENANCE, SAFETY,
HEALTH & QUALITY