- July 05, 2016
Research Triangle Park, North Carolina, USA (06 July 2016) – The Automation Federation announced today that it has released a public report—commissioned on behalf of the Linking Oil and Gas Industry to Improve Cybersecurity (LOGIIC)—detailing the technical, security and operational factors that should be evaluated prior to the selection and implementation of the commercially available Real Time Data Transfer (RTDT) solutions.
RTDT technologies transfer real-time data outside of core industrial automation and control system (IACS) environments. As a result, they have to meet rigorous standards to ensure the protection of core IACS assets, data and operational stability.
The objective of LOGIIC’s Real-Time Data Transfer Project report was to highlight the vital factors that should be weighed when considering an RTDT solution and to support a constructive dialogue between owners and operators of critical infrastructure and the automation vendors. In addition to identifying a number of positive security attributes within the solutions, the report also pinpointed areas of technical consideration that could create threat vectors and compromise the integrity of the data in transfer, or allow unauthorized access to the data.
LOGIIC conducted a series of research surveys and studies to identify product offerings in the marketplace that collect and move data from Level 2 and 3 and to Level 3.5 to 4 (IEC 62443 model) to examine their applicability to IACS environments, and identify their cyber security capabilities. RTDT solutions were installed, configured and assessed in an IACS laboratory environment. The technical findings and operational conclusions that were derived during each assessment were aggregated and summarized in the report.
As specified in the report, some of the critical factors that should be involved in analyzing RTDT solutions prior to their selection and implementation include:
- Differences between automation vendor and third-party solutions
- Solution footprint and management
- The use of third-party components within automation vendor solutions
- Networking components
- Importance of encryption
- Networking and packet handling
- Layered security
- Use and maintenance of the solution
The LOGIIC Consortium, now celebrating its 11-year anniversary, was established by members of the oil and gas industry in partnership with the U.S. Department of Homeland Security (DHS), Science and Technology Directorate (S&T), Cyber Security Division (CSD) to study cybersecurity issues in IACS that impact safety, security and business performance as they pertain to the oil and gas sector.
LOGIIC’s objective is to promote the interests of the sector while maintaining impartiality, the independence of the participants, and vendor neutrality. Current members of LOGIIC include BP, Chevron, Shell, Total, and other large oil and gas companies that operate significant global energy infrastructure.
The Automation Federation serves as the LOGIIC host organization and has entered into agreements with the LOGIIC member companies and all other LOGIIC project participants.
LOGIIC regularly sponsors research initiatives that involve the interests of oil and gas sector stakeholders. Member companies contribute financially and technically, provide personnel who meet regularly to define projects of common interest, and provide staff to serve on the LOGIIC Executive Committee.
The U.S. DHS, S&T Directorate had contracted with the scientific research organization SRI International to provide scientific and technical guidance for LOGIIC.
Industrial control, automation, package, security and other related vendors have made LOGIIC projects possible by volunteering their time, knowledge, equipment and test environments. Subject-matter experts work with SRI International to refine the evaluation strategy, perform the system evaluations and develop project reports.