Your SlideShare is downloading. ×
0
Owl Computing Technologies,  Inc.: Owl OPC Server Transfer Service (OSTS)
Owl Computing Technologies,  Inc.: Owl OPC Server Transfer Service (OSTS)
Owl Computing Technologies,  Inc.: Owl OPC Server Transfer Service (OSTS)
Owl Computing Technologies,  Inc.: Owl OPC Server Transfer Service (OSTS)
Owl Computing Technologies,  Inc.: Owl OPC Server Transfer Service (OSTS)
Owl Computing Technologies,  Inc.: Owl OPC Server Transfer Service (OSTS)
Owl Computing Technologies,  Inc.: Owl OPC Server Transfer Service (OSTS)
Owl Computing Technologies,  Inc.: Owl OPC Server Transfer Service (OSTS)
Owl Computing Technologies,  Inc.: Owl OPC Server Transfer Service (OSTS)
Owl Computing Technologies,  Inc.: Owl OPC Server Transfer Service (OSTS)
Owl Computing Technologies,  Inc.: Owl OPC Server Transfer Service (OSTS)
Owl Computing Technologies,  Inc.: Owl OPC Server Transfer Service (OSTS)
Owl Computing Technologies,  Inc.: Owl OPC Server Transfer Service (OSTS)
Owl Computing Technologies,  Inc.: Owl OPC Server Transfer Service (OSTS)
Owl Computing Technologies,  Inc.: Owl OPC Server Transfer Service (OSTS)
Owl Computing Technologies,  Inc.: Owl OPC Server Transfer Service (OSTS)
Owl Computing Technologies,  Inc.: Owl OPC Server Transfer Service (OSTS)
Owl Computing Technologies,  Inc.: Owl OPC Server Transfer Service (OSTS)
Owl Computing Technologies,  Inc.: Owl OPC Server Transfer Service (OSTS)
Owl Computing Technologies,  Inc.: Owl OPC Server Transfer Service (OSTS)
Owl Computing Technologies,  Inc.: Owl OPC Server Transfer Service (OSTS)
Owl Computing Technologies,  Inc.: Owl OPC Server Transfer Service (OSTS)
Owl Computing Technologies,  Inc.: Owl OPC Server Transfer Service (OSTS)
Owl Computing Technologies,  Inc.: Owl OPC Server Transfer Service (OSTS)
Owl Computing Technologies,  Inc.: Owl OPC Server Transfer Service (OSTS)
Owl Computing Technologies,  Inc.: Owl OPC Server Transfer Service (OSTS)
Owl Computing Technologies,  Inc.: Owl OPC Server Transfer Service (OSTS)
Owl Computing Technologies,  Inc.: Owl OPC Server Transfer Service (OSTS)
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Owl Computing Technologies, Inc.: Owl OPC Server Transfer Service (OSTS)

565

Published on

The Owl OPC Server Transfer Service (OSTS) application replicates an OPC client in a secure environment. In the one-way transfer architecture of the Owl Perimeter Defense Solution (OPDS), OSTS reads …

The Owl OPC Server Transfer Service (OSTS) application replicates an OPC client in a secure environment. In the one-way transfer architecture of the Owl Perimeter Defense Solution (OPDS), OSTS reads and transmits OPC data across the process control perimeter. The data is made available to OPC clients in the business network. • Interoperable with FactoryTalk, RSLinks, and RSView32
• OPC Foundation certified

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
565
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
35
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC INFORMATION OPC Server Transfer Service (OSTS) Owl Computing Technologies Datadiode in the Connected Enterprise
  • 2. Owl Comprehensive Perimeter Defense Deployment at SABIC/SAFCO Presented by: Owl Computing Technologies, Inc. June 2014
  • 3. 3  Brief Owl Introduction  The Business Issue  Typical Customer Progression  SABIC/SAFCO Use Case  Overview of Booth Demonstration Agenda
  • 4. 4 Owl Computing Technologies, Inc. US Owned & Operated Product Suite 1200+ Security Solutions DeployedUS Owned and Operated Owl Product Suite 1500+ Security Solutions Deployed US-based controlled supply chain US-based R&D, manufacturing, sales and service Over 13 years in business Rockwell Automation Encompass™ Partner since 2013 Owl Perimeter Defense Solution One-way transfer systems Configuration management and life cycle support Nuclear, Fossil, and Hydro Generation Oil & Gas and Mining Industries US National Intelligence Community Department of Defense Telecommunications European and Asian Ministries of Defense
  • 5. Network security is a component of the plant’s reliability. Reliability Reliability Reliability Business Issue 5
  • 6. • Two-way connections between the plant and business networks • Network connection supports business efficiency • Networks are vulnerable to cyber attack Typical Vulnerable Two-way Network Connection 6
  • 7. • Disconnection ensures plant safety from external threats • Disconnection impedes business efficiency • Need to strike a balance between security and efficiency Easiest Network Security Separation 7
  • 8. • Security maintains “disconnected” plant network • Information flows to support efficiency • Better security permits OT and IT to coexist Isolate Plant Network with Data Flows 8
  • 9. • Security maintains a “disconnected” network • Information flows to support business and plant efficiency • Best security permits OT and IT efficiency p. 9 Network Security Separation 9
  • 10. A division of SABIC, Saudi Basic Industries Corporation, a diversified manufacturing company, active in chemicals and intermediates, industrial polymers, fertilizers, and metals. About Saudi Arabian Fertilizer Company (SAFCO)  Produces, processes, manufactures, and markets the principal fertilizers for the local and international market  Production and manufacturing of Ammonia, Urea, Melamine, and Sulfuric Acid 10
  • 11. Attack Cause & Effect Challenges and Solutions Next Generation Cybersecurity Review of the Owl Perimeter Defense Solution around the SAFCO Process Control Network to enable secure export of data to the Business Network. SABIC/SAFCO Installation Benefits and Summary Overview 11
  • 12. Cyber attacks on the industry's infrastructure are projected to result in damages costing nearly $2 billion by 2018.1 “Isolation works; it is an effective way of protecting critical infrastructure from attacks of this level of sophistication.”2 Source: 1. http://www.upi.com/Business_News/Energy-Resources/2013/11/20/Persian-Gulf-oil-industry-vulnerable-to-cyberattacks/UPI-40101384970243/ 2. Martin Libnicki, Senior Management Scientist, Rand Corporation. http://www.rigzone.com/news/oil_gas/a/121596/Middle_East_Attacks_Highlight_Cybersecurity_Threat_for_OG_Industry#sthash.GgZXMMp4.dp uf Cause: Cyber attack Effect: Industrial Middle East unplugged from the Internet 12
  • 13. AFTER ATTACK: NETWORK DISCONNECTION WAS THE INITIAL DEFENSE. DISCONNECTING IMPEDED EFFICIENT OPERATIONS. 13
  • 14. 1200+ Security Solutions Deployed SAFCO Challenge Owl Solution Business Problem Ensure network security with network domain separations Cybersecurity defense needed to maintain Plant and Business network domain separation Restore business continuity by allowing data flows to resume Replicate DCS and OPC data to business unit historians Limit unauthorized access to plant network from outside the plant Install hardware enforced data diode technology to enforce one-way data flows Owl Solution 14
  • 15. Process Flow 1. DCS Plant Network to run the plant 2. Network security provided by traditional software firewall 3. Business access to plant data 4. Firewall disconnected after attack for increased security SABIC/SAFCO Original Architecture 15
  • 16. Owl Next Generation Cybersecurity Data Diode: An appliance or device that creates a one-way communication link to ensure that data travels securely in only one direction. Plant Process Network Center Business Network Center Network Boundary Separation 16
  • 17. DCS Station 153 (OPC DA) DCS Station 261 (OPC DA) DCS Station 363 (OPC DA, A&E) (OPC DA) OwlOPC BLUE Home Node OwlOPC BLUE Remote Node SABIC New System DCOM DCOM DCOM TCP/ IP UDP Process Flow: 1. Collect OPC data on Plant Network 2. Collect using either DCOM or Tunneling 3. Route OPC data to one- way data diode 4. Diode sends data out of Plant Network SABIC/SAFCO OPDS Installation 17
  • 18. Oversees and manages all the operations associated with seven LNG trains, two sales gas production facilities, helium production facilities, and major shipping contracts and global commercial partnerships Process Flow: 1. One-way diode allows data into Business Network 4. OPC Servers are an exact replica 2. Route data to OPC Servers 5. Allow OPC compliant connections to use data 3. Tunneling avoids DCOM issues SABIC/SAFCO OPDS Installation 18 OwlOPC BLUE Home Node OwlOPC BLUE Remote Node DCOM DCOM DCOM TCP/ IP UDP UDP TCP/ IP OwlOPC RED Home Node TCP/ IP TCP/ IP TCP/ IP TCP/ IP TCP/ IP TCP/ IP TCP/ IP TCP/ IP TCP/ IP OwlOPC RED Remote DA Sever (153) OwlOPC RED Remote A&E Sever (363) OwlOPC RED Remote DA Sever (363) OwlOPC RED Remote DA Sever (261) OwlOPC RED Remote DA Sever Historian OwlOPC RED Remote DA Sever (153) OwlOPC RED Remote A&E Sever (363) OwlOPC RED Remote DA Sever (363) OwlOPC RED Remote DA Sever (261) OwlOPC RED Remote DA Sever OSI PI Historian
  • 19. Oversees and manages all the operations associated with seven LNG trains, two sales gas production facilities, helium production facilities, and major shipping contracts and global commercial partnerships Process Flow: 1. OPC server presents OPC Data 3. OSI PI OPC Interface collects OPC data 2. Data moved to OSI PI Historian 4. Tunneling avoids DCOM Issues SABIC/SAFCO OSIsoft® PI System 19
  • 20. Product Suite 1200+ Security Solutions Deployed Benefits Restored business continuity by allowing data flows to resume • OPC data sent to OSIsoft® PI Historian • OPC Foundation DA and A&E certified for compliance and easy installation • Owl tunneling technology avoids DCOM issues • OPC Servers are precisely replicated Ensured network security with network domain separation • Owl DualDiode enforces Plant and Business Network domain separation Enforced no access to plant network from outside the plant • DualDiode is hardware enforced one-way data flows out • No access or data flows into the plant network of any kind 20
  • 21. Generic Network Diagram Owl DualDiode Data Source: Rockwell FactoryTalk Applications and Devices Data Destination: OSIsoft PI Historians OPC Historians OPC-DA/UA for data transport p. 21 21
  • 22. • First network security vendor in Rockwell Automation PartnerNetwork™ • Encompass™ Product Partner since 2013 • Rockwell Automation FactoryTalk interoperability with RsLink and RSView32 source applications • Owl Perimeter Defense Solution (OPDS) provides plant network isolation and mitigates cyber-attack • OPC Compliant 22
  • 23. The Owl Perimeter Defense Solution (OPDS) is interoperable with Rockwell Automation FactoryTalk and OPC-compliant applications. Owl DualDiode Technology™, a proprietary data diode, is optimally constructed to complement Rockwell Automation solutions and secure automated industrial control systems. OPDS and Rockwell Automation FactoryTalk Architecture Diagram Rockwell Automation One-way Architecture 23
  • 24. p. 24 Rockwell Automation Demonstration Receive Side Platform RSLinx Classic Owl OPC Client RSView32 Windows Platform Owl OPC Server RSView32 Windows Platform OPDS100-D Owl OPC Channel Protocol Rockwell PLC Send Side Platform DualDiode Technology™ Owl OPC Channel Protocol Remote Monitoring 24
  • 25. • Security breach called for urgent need to secure the plant and business operations • Cybersecurity risks and challenges were effectively solved • Business continuity and data flows were re-established • Scalable architecture deployed that replicates to other sites easily • Provides a new level of cybersecurity and risk mitigation previously unavailable SABIC/SAFCO business needs solved with Owl products 25
  • 26. 26 Thank You Owl Computing Technologies, Inc. 203.894.9342 Owl Computing Technologies 38A Grove Street, Suite 101 Ridgefield, CT 06877 www.owlcti.com Toll Free: 866-695-3387 Phone: +1 203-894-9342 Fax: +1 203-894-1297
  • 27. 27
  • 28. Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. www.rsteched.com Follow RSTechED on Facebook & Twitter. Connect with us on LinkedIn. PUBLIC INFORMATION Questions? THANK YOU

×