Chemical Technology October 2015

PLANT MAINTENANCE, SAFETY, HEALTH & QUALITY

closed-circuit video for process monitoring would have a higher level of priority and automation control traffic would be the highest priority.  In-depth network security Oil well heads and drilling pads tend to be located in remote locations, including some of the hottest and the coldest places on the planet. These assets may be far from the nearest human outpost, however, they are still targeted by people who want to gain unauthorised access to the IP network supporting them. The first lines of defense are simple: physically secur- ing remote assets with fences and putting the automation and network devices into locked enclosures and cabinets. It may also be appropriate to provide closed-circuit sur- veillance and associated video analytics to detect intru- sions.  However, how should the network be secured from a 'cyber' standpoint?  If somebody successfully bypasses these physical barriers, they can plug into the network. How do you protect against that threat? Some of the simplest safeguards come down to the capabilities built into the network access switch and then more advanced technologies can be layered on top of this to provide the 'Defense-In-Depth' approach that presents multiple barriers to cyber attackers. Managed switches have basic built-in security capa- bilities to limit the number and types of devices that can

For example, if heavy rain falls in one region, process operators know the system will receive an influx into the treatment systems there. The operators can then adjust their processes to ensure capacity is available or to divert untreated water into storage reservoirs. In the past, limited data from this telemetry would have been delivered to the central control centre via an automation network, with separate networks for video surveillance, swipe-card entry systems and other onsite security. Today, outstations are connected using a single IP network infrastructure that carries all data from the auto- mation equipment, closed-circuit television and physical security devices as well as normal office traffic, such as e-mail and IP telephony. This is possible because of various technologies, such as quality of service (QoS), Application Visibility and Control (AVC) and bandwidth management.  These technologies are built into the IP network devices and accomplish the critical task of delivering network data according to the needs of the specific applications. If issues arise that cause network congestion, QoS and AVC ensure the most critical automation control traffic is delivered first and then prioritises delivery of other business and security traffic depending on criticality. For example, non-essential closed-circuit video from the outstation could be classed as low priority traffic,

31

Chemical Technology • October 2015