2. FSRU TOSCANA – LINKS ON OFF SHORE AND SECURITY ANALYSIS
The FSRU TOSCANA is composed by :
a Floating Storage and Regasification Unit, “FSRU Toscana”, permanently anchored to the
seabed at about 22 km offshore between Livorno and Pisa
"FSRU Toscana" is permanently anchored offshore through a mooring system having a single point of
rotation at the bow to allow the ship to move around the anchorage turret and adapting to sea weather
conditions.
The EPCIC contract foresee only a VSAT link connection 512 kbps and a back up connection of 128 Kbps
Fleet 77. The total amount of bandwidth available was been not enough to transmit the minimum amount of
data needed to manage the FSRU .
The link between the shore and the FSRU had to ensure constant communication in both directions, despite
the long distance over-water. The path profile between the two end points on shore and off shore , shows
number of complex technical challenges.
Location settled at sea level was not the best solution due to the long distance (22 km) and curvature of
earth’s surface adding the ships passing through the harbor that constituted an additional unpredictable
obstacle.
The vessel has got six defined movement plus the rotation of 360°:
Roll: ± 17.84° Surge ± 4,56m
Pitch: ± 5.25° Heave: ± 7.46m
Yaw: ± 2.03° Sway: ± 6.19m
The final solution was to install three points of connection : one in on shore base, one rebound point at 900
mt asl elevation and one on FSRU Toscana. In this way LOS was been completely free but the length of
the link was been 75 Km compared with the initial 22 km .
The same was thus realized in two steps:
• First link (29 Km) was set using an Aviat Eclipse in the 7 GHz band from Leghorn to first point of
rebound ;
• A second link was made between the same location and the FSRU. This link (47 Km) was realized
with 4RF Aprisa XE in the 1.5 Ghz band In order to minimize the impact of multipath fading the
Hitless Space Diversity configuration was used. This solution provides both radio link protection from
fading and redundancy.
Further hw installed
• Pointing System over the Radar mast , provided with a QPT 50 MOOG computer controlled
• Rotary Joint with Yagi antenna .
The FSRU Toscana was finally (and is ) connected with a primary link - 11 Mbps (Radio) - with back up
system (Vsat 512 Kbps) Sat technologies based.
The Floating Storage Regassification Unit is in this way linked to WAN connection in order to feed OLT ‘s
headquarter with all the relevant data for maintenance and supervision. For this reason a Security
Assessment activities was also the starting point in order to evaluate the ICT threat level on the vessel and
its DCS.
The Assessment activity normally is aimed to analyze, in terms of Cyber Security, the industrial processes
on the basis of a methodology analysis founded on international standards that were repeatable, measurable
and reusable. In second place, identify a set of macro-activity for the security of the vessel as well as lay the
foundation for the establishment of a process of raising the level of knowledge on the Cyber Security industry
issues.
All the information are collected and analyzed carried out the level of criticality with respect to security
domains shown in the list below :
• Account Management:
• Authenticator Management:
• Access Control:.
• Audit & Accountability:
3. • Security Assessment & Vulnerability Scanning: Configuration/Change Management:
questions/checks .
• System Backup:
• Security Incident Response:
• Communication Protection:
• Maintenance.
• Monitoring & Malicious code:
• Portable/Media/Wireless:
• Remote Access Control - External System and Remote Access:
• System Integrity & Protection:
• Software Usage:
These activities are intended to be developed considering the aspects of operational impact on industrial
process and based on the applicable technological resources, properly placed within a model of security
management of industrial sites.
Network traffic analysis sometimes it is difficult to evaluate with consequential loss of information regarding
the internal data flow from the ICS, losing also accuracy in the analysis of the data and detection of
suspicious activities.
Invasive operation have to be analyzed with a pre detailed Risk Analysis .
Due to the nature of the assessment, mainly technical, have been selected only those control of the ISO
27001:2005 standard which has direct impact in the security technology
Definition and sharing of security guidelines for ICT security systems, networks and
applications which increase the level of security of industrial sites on the basis of a common
standard of reference.
The definition of guidelines should be carried out with the help of technology providers and the
site crew in order to make more effective interventions o remediate the current vulnerability,
but also to address security issues in new implementations.
4. It is normal recommended for the definition of these guidelines using references such as NIST
or NERC which have already been defined in technology terms best practice for the context of
industrial sites.
The adoption of a more segregated network architecture is one of the most greater extent that
strengthens the security of ICS systems. The other functional elements of data analysis (eg.
Data Historian, Database Server) should be isolated in specific DMZ, as well as support
elements such as Domain Controller, WSUS, and printers.
The NIST has identified several layout possibilities of the ICS networks that can be used also
as a reference for the context FSRU
In according to the NIST Network Layout presented in previous Figure , the ISA 95 standard
provides levels of logical networks segregation and areas involved in the process. This division
is shown in next Figure and suggest 6 levels of segregation depth, plus an intermediate DMZ
level
5. As regards the communication flows, on the basis of the network architecture as indicated
above, it is recommended to introduce/strengthen best practices such as:
• Firewall Rules that have a highly granularity (in each rule must always be defined IP
Source/IP Destination/Group Network Services).
• Avoid communications from DMZ that are directed toward the DCS network, in this way
the compromise of a system in the DMZ does not affect the DCS network.
• Replace the administration unencrypted protocols preferring encrypted solutions (e.g.
Terminal Services instead of VNC or SSH instead of Telnet).
Related to the DCS areas, the introduction of monitoring instruments of ICT security such as
IDS and IPS solutions allow more control and time reaction in case of abnormal or malicious
activity within the specific VLAN.
In some cases it would be appropriate to consider :
• technologies are able to detect activities typical of the ICT contexts (e.g. attacks to the
Microsoft Windows operating system)
• technologies are able to interpret specific attacks related to the industrial context (e.g.
manipulation of the basic parameters of a pump or a valve through iteration with the
network protocol).
The centralization of the events generated by these solutions through the use of SIEM allow
an integrated vision and management of security. In any case, even the activation of native
audit systems (OS-level or application) with a centralization of log produced could help to limit
the impact on the existing infrastructure.
The accounts, sometimes based on Microsoft Windows system, must be reviewed in order to
unify the management methods and to enhance the security features. In this case:
• Adoption of nominal accounts;
6. • Regards the role of the operators may be necessary the insertion/maintenance of group
account for the purposes of operating the industrial process.
Due to the complexity to manage the security of application flows in the industry field
(authentication and encryption), it is important to act on the protection of the systems
themselves. In particular on the elements of active defense and log & audit.
Most of the systems installed on the vessels present standard features of the ICT context, it is
therefore conceivable to start pro-active security measures such as centralized upgrade
systems or adoption of antivirus systems with standard configurations, up to the use of Host
Intrusion Prevention.
Regarding the most critical systems closer to the process network (e.g. operator stations), it is
necessary to evaluate with the technology suppliers which tools and technologies allow to act
in a pro-active way on the level of security in place.
Other option is :
• Adoption of Host Intrusion Detection which while not interfering with the system;
• Use unique and centralized standard solutions (e.g. for the Antivirus) and not related to
the local area of process would allow a security integrated vision and management.