Automation Federation News Release
Contact: Jennifer Infantino Halsey
Final LOGIIC report outlines technical and security considerations when evaluating and selecting Real Time Data Transfer (RTDT) solutions for industrial automation and control system environments
Research Triangle Park, North Carolina, USA (06 July 2016) – The Automation Federation announced today that it has released a public report—commissioned on behalf of the Linking Oil and Gas Industry to Improve Cybersecurity (LOGIIC)—detailing the technical, security and operational factors that should be evaluated prior to the selection and implementation of the commercially available Real Time Data Transfer (RTDT) solutions.
RTDT technologies transfer real-time data outside of core industrial automation and control system (IACS) environments. As a result, they have to meet rigorous standards to ensure the protection of core IACS assets, data and operational stability.
The objective of LOGIIC’s Real-Time Data Transfer Project report was to highlight the vital factors that should be weighed when considering an RTDT solution and to support a constructive dialogue between owners and operators of critical infrastructure and the automation vendors. In addition to identifying a number of positive security attributes within the solutions, the report also pinpointed areas of technical consideration that could create threat vectors and compromise the integrity of the data in transfer, or allow unauthorized access to the data.
LOGIIC conducted a series of research surveys and studies to identify product offerings in the marketplace that collect and move data from Level 2 and 3 and to Level 3.5 to 4 (IEC 62443 model) to examine their applicability to IACS environments, and identify their cyber security capabilities. RTDT solutions were installed, configured and assessed in an IACS laboratory environment. The technical findings and operational conclusions that were derived during each assessment were aggregated and summarized in the report.
As specified in the report, some of the critical factors that should be involved in analyzing RTDT solutions prior to their selection and implementation include:
- Differences between automation vendor and third-party solutions
- Solution footprint and management
- The use of third-party components within automation vendor solutions
- Networking components
- Importance of encryption
- Networking and packet handling
- Layered security
- Use and maintenance of the solution
The LOGIIC Consortium, now celebrating its 11-year anniversary, was established by members of the oil and gas industry in partnership with the U.S. Department of Homeland Security (DHS), Science and Technology Directorate (S&T), Cyber Security Division (CSD) to study cybersecurity issues in IACS that impact safety, security and business performance as they pertain to the oil and gas sector.
LOGIIC’s objective is to promote the interests of the sector while maintaining impartiality, the independence of the participants, and vendor neutrality. Current members of LOGIIC include BP, Chevron, Shell, Total, and other large oil and gas companies that operate significant global energy infrastructure.
The Automation Federation serves as the LOGIIC host organization and has entered into agreements with the LOGIIC member companies and all other LOGIIC project participants.
LOGIIC regularly sponsors research initiatives that involve the interests of oil and gas sector stakeholders. Member companies contribute financially and technically, provide personnel who meet regularly to define projects of common interest, and provide staff to serve on the LOGIIC Executive Committee.
The U.S. DHS, S&T Directorate had contracted with the scientific research organization SRI International to provide scientific and technical guidance for LOGIIC.
Industrial control, automation, package, security and other related vendors have made LOGIIC projects possible by volunteering their time, knowledge, equipment and test environments. Subject-matter experts work with SRI International to refine the evaluation strategy, perform the system evaluations and develop project reports.
All LOGIIC project reports can be found on the LOGIIC website. For more information about LOGIIC, email at firstname.lastname@example.org.
About the Automation Federation
The Automation Federation is a global umbrella organization of seventeen (17) member organizations and six working groups engaged in automation activities. The Automation Federation enables its members to more effectively fulfill their missions, advance the science and engineering of automation technologies and applications, and develop the workforce needed to capitalize on the benefits of automation. The Automation Federation is the "Voice of Automation." For more information about the Automation Federation, visit www.automationfederation.org.