Friday 12 June 2015

Remote connectivity in IACS.

The Automation Federation has released a public report—commissioned on behalf of the Linking Oil and Gas Industry to Improve Cybersecurity (LOGIIC)—that studies the possible use of remote connectivity to systems in the industrial automation and control systems (IACS) environment for the purposes of monitoring and diagnostics.

The objective of the LOGIIC Remote Access Project report (pdf) is to convey important factors when considering remote access in an IACS environment and support a dialogue between asset owners and automation vendors. The report presents conclusions, based on technical assessment and analysis, on the use of remote access for monitoring of end-devices in an IACS environment.

Although remote access solutions are commonly present in business environments, use of this technology in the IACS environment requires evaluation of risk, planning, and security controls to ensure core assets are protected from attack and unauthorized access is prevented.

Vendors use remote connectivity to monitor equipment at asset owner sites. Data collected from this equipment provides insight into system health information and can be useful in troubleshooting and optimization efforts.

Download the Report (pdf)
For the purposes of the report, LOGIIC conducted a series of research surveys and studies to identify product offerings in the marketplace, their applicability to the IACS environment, and cybersecurity capabilities. Hands-on assessment activities, conducted in an IACS environment, identified the security risks and capabilities of remote access solutions and the impacts associated with their use in an operational setting.

This public report follows the completion of successful activities held between IACS automation vendors, subject matter experts and LOGIIC in several countries all over the world. This public report was finalized in parallel with a highly successful LOGIIC workshop held earlier this year in Houston. This LOGIIC workshop was aimed to identify and prioritize key cyber security challenges and opportunities for future LOGIIC projects. Future LOGIIC workshops are under investigation.

The LOGIIC Consortium, now celebrating its 10-year anniversary, was established by members of the oil and gas industry in partnership with the Cybersecurity Research and Development Center (CSRDC) of the US Department of Homeland Security (DHS), Science and Technology (S&T) Directorate to study cybersecurity issues in IACS that impact safety and business performance as they pertain to the oil and gas sector.

LOGIIC’s objective is to promote the interests of the sector while maintaining impartiality, the independence of the participants, and vendor neutrality. Current members of LOGIIC include BP, Chevron, Shell, Total, and other large oil and gas companies that operate significant global energy infrastructure.

The Automation Federation serves as the LOGIIC host organization and has entered into agreements with the LOGIIC member companies and all other LOGIIC project participants.

LOGIIC regularly sponsors research initiatives that involve the interests of oil and gas sector stakeholders. Member companies contribute financially and technically, provide personnel who meet regularly to define projects of common interest, and provide staff to serve on the LOGIIC Executive Committee.

The US DHS, Science and Technology Directorate has contracted with the scientific research organization SRI International to provide scientific and technical guidance for LOGIIC.

Industrial control, automation, package, security and other related vendors have made LOGIIC projects possible by volunteering their time, knowledge, equipment and test environments. Subject-matter experts work with SRI International to refine the evaluation strategy, perform the system evaluations and develop project reports.

No comments:

Post a Comment