SlideShare a Scribd company logo

abstract LNG world

Andrea Vallavanti
Andrea Vallavanti
1 of 6
Download to read offline
ABSTRACT FOR GASTECH 2017 Andrea Vallavanti ICT Manager
FSRU TOSCANA – LINKS ON OFF SHORE AND SECURITY ANALYSIS The FSRU TOSCANA is composed by : a Floating Storage and Regasification Unit, “FSRU Toscana”, permanently anchored to the seabed at about 22 km offshore between Livorno and Pisa "FSRU Toscana" is permanently anchored offshore through a mooring system having a single point of rotation at the bow to allow the ship to move around the anchorage turret and adapting to sea weather conditions. The EPCIC contract foresee only a VSAT link connection 512 kbps and a back up connection of 128 Kbps Fleet 77. The total amount of bandwidth available was been not enough to transmit the minimum amount of data needed to manage the FSRU . The link between the shore and the FSRU had to ensure constant communication in both directions, despite the long distance over-water. The path profile between the two end points on shore and off shore , shows number of complex technical challenges. Location settled at sea level was not the best solution due to the long distance (22 km) and curvature of earth’s surface adding the ships passing through the harbor that constituted an additional unpredictable obstacle. The vessel has got six defined movement plus the rotation of 360°: Roll: ± 17.84° Surge ± 4,56m Pitch: ± 5.25° Heave: ± 7.46m Yaw: ± 2.03° Sway: ± 6.19m The final solution was to install three points of connection : one in on shore base, one rebound point at 900 mt asl elevation and one on FSRU Toscana. In this way LOS was been completely free but the length of the link was been 75 Km compared with the initial 22 km . The same was thus realized in two steps: • First link (29 Km) was set using an Aviat Eclipse in the 7 GHz band from Leghorn to first point of rebound ; • A second link was made between the same location and the FSRU. This link (47 Km) was realized with 4RF Aprisa XE in the 1.5 Ghz band In order to minimize the impact of multipath fading the Hitless Space Diversity configuration was used. This solution provides both radio link protection from fading and redundancy. Further hw installed • Pointing System over the Radar mast , provided with a QPT 50 MOOG computer controlled • Rotary Joint with Yagi antenna . The FSRU Toscana was finally (and is ) connected with a primary link - 11 Mbps (Radio) - with back up system (Vsat 512 Kbps) Sat technologies based. The Floating Storage Regassification Unit is in this way linked to WAN connection in order to feed OLT ‘s headquarter with all the relevant data for maintenance and supervision. For this reason a Security Assessment activities was also the starting point in order to evaluate the ICT threat level on the vessel and its DCS. The Assessment activity normally is aimed to analyze, in terms of Cyber Security, the industrial processes on the basis of a methodology analysis founded on international standards that were repeatable, measurable and reusable. In second place, identify a set of macro-activity for the security of the vessel as well as lay the foundation for the establishment of a process of raising the level of knowledge on the Cyber Security industry issues. All the information are collected and analyzed carried out the level of criticality with respect to security domains shown in the list below : • Account Management: • Authenticator Management: • Access Control:. • Audit & Accountability:
• Security Assessment & Vulnerability Scanning: Configuration/Change Management: questions/checks . • System Backup: • Security Incident Response: • Communication Protection: • Maintenance. • Monitoring & Malicious code: • Portable/Media/Wireless: • Remote Access Control - External System and Remote Access: • System Integrity & Protection: • Software Usage: These activities are intended to be developed considering the aspects of operational impact on industrial process and based on the applicable technological resources, properly placed within a model of security management of industrial sites. Network traffic analysis sometimes it is difficult to evaluate with consequential loss of information regarding the internal data flow from the ICS, losing also accuracy in the analysis of the data and detection of suspicious activities. Invasive operation have to be analyzed with a pre detailed Risk Analysis . Due to the nature of the assessment, mainly technical, have been selected only those control of the ISO 27001:2005 standard which has direct impact in the security technology Definition and sharing of security guidelines for ICT security systems, networks and applications which increase the level of security of industrial sites on the basis of a common standard of reference. The definition of guidelines should be carried out with the help of technology providers and the site crew in order to make more effective interventions o remediate the current vulnerability, but also to address security issues in new implementations.
It is normal recommended for the definition of these guidelines using references such as NIST or NERC which have already been defined in technology terms best practice for the context of industrial sites. The adoption of a more segregated network architecture is one of the most greater extent that strengthens the security of ICS systems. The other functional elements of data analysis (eg. Data Historian, Database Server) should be isolated in specific DMZ, as well as support elements such as Domain Controller, WSUS, and printers. The NIST has identified several layout possibilities of the ICS networks that can be used also as a reference for the context FSRU In according to the NIST Network Layout presented in previous Figure , the ISA 95 standard provides levels of logical networks segregation and areas involved in the process. This division is shown in next Figure and suggest 6 levels of segregation depth, plus an intermediate DMZ level
As regards the communication flows, on the basis of the network architecture as indicated above, it is recommended to introduce/strengthen best practices such as: • Firewall Rules that have a highly granularity (in each rule must always be defined IP Source/IP Destination/Group Network Services). • Avoid communications from DMZ that are directed toward the DCS network, in this way the compromise of a system in the DMZ does not affect the DCS network. • Replace the administration unencrypted protocols preferring encrypted solutions (e.g. Terminal Services instead of VNC or SSH instead of Telnet). Related to the DCS areas, the introduction of monitoring instruments of ICT security such as IDS and IPS solutions allow more control and time reaction in case of abnormal or malicious activity within the specific VLAN. In some cases it would be appropriate to consider : • technologies are able to detect activities typical of the ICT contexts (e.g. attacks to the Microsoft Windows operating system) • technologies are able to interpret specific attacks related to the industrial context (e.g. manipulation of the basic parameters of a pump or a valve through iteration with the network protocol). The centralization of the events generated by these solutions through the use of SIEM allow an integrated vision and management of security. In any case, even the activation of native audit systems (OS-level or application) with a centralization of log produced could help to limit the impact on the existing infrastructure. The accounts, sometimes based on Microsoft Windows system, must be reviewed in order to unify the management methods and to enhance the security features. In this case: • Adoption of nominal accounts;
• Regards the role of the operators may be necessary the insertion/maintenance of group account for the purposes of operating the industrial process. Due to the complexity to manage the security of application flows in the industry field (authentication and encryption), it is important to act on the protection of the systems themselves. In particular on the elements of active defense and log & audit. Most of the systems installed on the vessels present standard features of the ICT context, it is therefore conceivable to start pro-active security measures such as centralized upgrade systems or adoption of antivirus systems with standard configurations, up to the use of Host Intrusion Prevention. Regarding the most critical systems closer to the process network (e.g. operator stations), it is necessary to evaluate with the technology suppliers which tools and technologies allow to act in a pro-active way on the level of security in place. Other option is : • Adoption of Host Intrusion Detection which while not interfering with the system; • Use unique and centralized standard solutions (e.g. for the Antivirus) and not related to the local area of process would allow a security integrated vision and management.

Recommended

Update On The Cern. Computing And Network Infrastructure For Controls. (Cnic)...
Update On The Cern. Computing And Network Infrastructure For Controls. (Cnic)...Update On The Cern. Computing And Network Infrastructure For Controls. (Cnic)...
Update On The Cern. Computing And Network Infrastructure For Controls. (Cnic)...ESS BILBAO
 
IRJET- Data Security in Local Network through Distributed Firewalls: A Review
IRJET- Data Security in Local Network through Distributed Firewalls: A ReviewIRJET- Data Security in Local Network through Distributed Firewalls: A Review
IRJET- Data Security in Local Network through Distributed Firewalls: A ReviewIRJET Journal
 
Network Architecture Review Checklist
Network Architecture Review ChecklistNetwork Architecture Review Checklist
Network Architecture Review ChecklistEberly Wilson
 
Training manual on scada
Training manual on scadaTraining manual on scada
Training manual on scadabhavuksharma10
 
IRJET- SDN Simulation in Mininet to Provide Security Via Firewall
IRJET- SDN Simulation in Mininet to Provide Security Via FirewallIRJET- SDN Simulation in Mininet to Provide Security Via Firewall
IRJET- SDN Simulation in Mininet to Provide Security Via FirewallIRJET Journal
 
SICAM PAS Software (6MD90)
SICAM PAS Software (6MD90)SICAM PAS Software (6MD90)
SICAM PAS Software (6MD90)ashwini reliserv
 
IRJET- Data Security in Local Network for Mobile using Distributed Firewalls
IRJET- Data Security in Local Network for Mobile using Distributed FirewallsIRJET- Data Security in Local Network for Mobile using Distributed Firewalls
IRJET- Data Security in Local Network for Mobile using Distributed FirewallsIRJET Journal
 
infraxstructure: Piotr Wojciechowski "Secure Data Center"
infraxstructure: Piotr Wojciechowski "Secure Data Center"infraxstructure: Piotr Wojciechowski "Secure Data Center"
infraxstructure: Piotr Wojciechowski "Secure Data Center"PROIDEA
 

Recommended

Update On The Cern. Computing And Network Infrastructure For Controls. (Cnic)...
Update On The Cern. Computing And Network Infrastructure For Controls. (Cnic)...Update On The Cern. Computing And Network Infrastructure For Controls. (Cnic)...
Update On The Cern. Computing And Network Infrastructure For Controls. (Cnic)...ESS BILBAO
 
IRJET- Data Security in Local Network through Distributed Firewalls: A Review
IRJET- Data Security in Local Network through Distributed Firewalls: A ReviewIRJET- Data Security in Local Network through Distributed Firewalls: A Review
IRJET- Data Security in Local Network through Distributed Firewalls: A ReviewIRJET Journal
 
Network Architecture Review Checklist
Network Architecture Review ChecklistNetwork Architecture Review Checklist
Network Architecture Review ChecklistEberly Wilson
 
Training manual on scada
Training manual on scadaTraining manual on scada
Training manual on scadabhavuksharma10
 
IRJET- SDN Simulation in Mininet to Provide Security Via Firewall
IRJET- SDN Simulation in Mininet to Provide Security Via FirewallIRJET- SDN Simulation in Mininet to Provide Security Via Firewall
IRJET- SDN Simulation in Mininet to Provide Security Via FirewallIRJET Journal
 
SICAM PAS Software (6MD90)
SICAM PAS Software (6MD90)SICAM PAS Software (6MD90)
SICAM PAS Software (6MD90)ashwini reliserv
 
IRJET- Data Security in Local Network for Mobile using Distributed Firewalls
IRJET- Data Security in Local Network for Mobile using Distributed FirewallsIRJET- Data Security in Local Network for Mobile using Distributed Firewalls
IRJET- Data Security in Local Network for Mobile using Distributed FirewallsIRJET Journal
 
infraxstructure: Piotr Wojciechowski "Secure Data Center"
infraxstructure: Piotr Wojciechowski "Secure Data Center"infraxstructure: Piotr Wojciechowski "Secure Data Center"
infraxstructure: Piotr Wojciechowski "Secure Data Center"PROIDEA
 
SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...
SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...
SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...Dale Butler
 
European smart grid cyber and scada security
European smart grid cyber and scada securityEuropean smart grid cyber and scada security
European smart grid cyber and scada securityYulia Rotar
 
IWSN with OMNET++ Simulation
IWSN with OMNET++ SimulationIWSN with OMNET++ Simulation
IWSN with OMNET++ Simulation@zenafaris91
 
A review on software defined network security risks and challenges
A review on software defined network security risks and challengesA review on software defined network security risks and challenges
A review on software defined network security risks and challengesTELKOMNIKA JOURNAL
 
Wsn handbook
Wsn handbookWsn handbook
Wsn handbooknarmada alaparthi
 
MIIM Short Overview
MIIM Short OverviewMIIM Short Overview
MIIM Short Overviewsamuelhuber
 
Security assignment (copy)
Security assignment (copy)Security assignment (copy)
Security assignment (copy)Amare Kassa
 
Seminar
SeminarSeminar
SeminarAbhinav Kushwah
 
Network management aa
Network management aaNetwork management aa
Network management aaDhani Ahmad
 
Firewall
FirewallFirewall
FirewallIdris Shah
 
A COMBINATION OF THE INTRUSION DETECTION SYSTEM AND THE OPEN-SOURCE FIREWALL ...
A COMBINATION OF THE INTRUSION DETECTION SYSTEM AND THE OPEN-SOURCE FIREWALL ...A COMBINATION OF THE INTRUSION DETECTION SYSTEM AND THE OPEN-SOURCE FIREWALL ...
A COMBINATION OF THE INTRUSION DETECTION SYSTEM AND THE OPEN-SOURCE FIREWALL ...IJCNCJournal
 
Data center
Data centerData center
Data centerEmad Soltani
 
Integrating nvrs into_ip_surveillance_systems_en
Integrating nvrs into_ip_surveillance_systems_enIntegrating nvrs into_ip_surveillance_systems_en
Integrating nvrs into_ip_surveillance_systems_enTSOLUTIONS
 
Network Management Fundamentals - Back to the Basics
Network Management Fundamentals - Back to the BasicsNetwork Management Fundamentals - Back to the Basics
Network Management Fundamentals - Back to the BasicsSolarWinds
 
Firewall and its types and function
Firewall and its types and functionFirewall and its types and function
Firewall and its types and functionNisarg Amin
 
Security Design Considerations Module 3 - Training Sample
Security Design Considerations Module 3 - Training SampleSecurity Design Considerations Module 3 - Training Sample
Security Design Considerations Module 3 - Training SampleContent Rules, Inc.
 
Nuevo estándar para diseño de data center ANSI/BICSI-002
Nuevo estándar para diseño de data center ANSI/BICSI-002Nuevo estándar para diseño de data center ANSI/BICSI-002
Nuevo estándar para diseño de data center ANSI/BICSI-002Data Center Consultores
 
IRJET- Ad-hoc Based Outdoor Positioning System
IRJET- Ad-hoc Based Outdoor Positioning SystemIRJET- Ad-hoc Based Outdoor Positioning System
IRJET- Ad-hoc Based Outdoor Positioning SystemIRJET Journal
 
Practical Distribution and Substation Automation (incl. communications) for E...
Practical Distribution and Substation Automation (incl. communications) for E...Practical Distribution and Substation Automation (incl. communications) for E...
Practical Distribution and Substation Automation (incl. communications) for E...Living Online
 
Critical infrastructure Protection and Cyber Attack Modeling
Critical infrastructure Protection and Cyber Attack ModelingCritical infrastructure Protection and Cyber Attack Modeling
Critical infrastructure Protection and Cyber Attack ModelingBlaz Ivanc
 
Visual guide change_stakeholders
Visual guide change_stakeholdersVisual guide change_stakeholders
Visual guide change_stakeholdersMamta C, MSc.
 
Petita guineu
Petita guineuPetita guineu
Petita guineusecrebosco
 

More Related Content

What's hot

SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...
SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...
SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...Dale Butler
 
European smart grid cyber and scada security
European smart grid cyber and scada securityEuropean smart grid cyber and scada security
European smart grid cyber and scada securityYulia Rotar
 
IWSN with OMNET++ Simulation
IWSN with OMNET++ SimulationIWSN with OMNET++ Simulation
IWSN with OMNET++ Simulation@zenafaris91
 
A review on software defined network security risks and challenges
A review on software defined network security risks and challengesA review on software defined network security risks and challenges
A review on software defined network security risks and challengesTELKOMNIKA JOURNAL
 
MIIM Short Overview
MIIM Short OverviewMIIM Short Overview
MIIM Short Overviewsamuelhuber
 
Security assignment (copy)
Security assignment (copy)Security assignment (copy)
Security assignment (copy)Amare Kassa
 
Network management aa
Network management aaNetwork management aa
Network management aaDhani Ahmad
 
A COMBINATION OF THE INTRUSION DETECTION SYSTEM AND THE OPEN-SOURCE FIREWALL ...
A COMBINATION OF THE INTRUSION DETECTION SYSTEM AND THE OPEN-SOURCE FIREWALL ...A COMBINATION OF THE INTRUSION DETECTION SYSTEM AND THE OPEN-SOURCE FIREWALL ...
A COMBINATION OF THE INTRUSION DETECTION SYSTEM AND THE OPEN-SOURCE FIREWALL ...IJCNCJournal
 
Integrating nvrs into_ip_surveillance_systems_en
Integrating nvrs into_ip_surveillance_systems_enIntegrating nvrs into_ip_surveillance_systems_en
Integrating nvrs into_ip_surveillance_systems_enTSOLUTIONS
 
Network Management Fundamentals - Back to the Basics
Network Management Fundamentals - Back to the BasicsNetwork Management Fundamentals - Back to the Basics
Network Management Fundamentals - Back to the BasicsSolarWinds
 
Firewall and its types and function
Firewall and its types and functionFirewall and its types and function
Firewall and its types and functionNisarg Amin
 
Security Design Considerations Module 3 - Training Sample
Security Design Considerations Module 3 - Training SampleSecurity Design Considerations Module 3 - Training Sample
Security Design Considerations Module 3 - Training SampleContent Rules, Inc.
 
Nuevo estándar para diseño de data center ANSI/BICSI-002
Nuevo estándar para diseño de data center ANSI/BICSI-002Nuevo estándar para diseño de data center ANSI/BICSI-002
Nuevo estándar para diseño de data center ANSI/BICSI-002Data Center Consultores
 
IRJET- Ad-hoc Based Outdoor Positioning System
IRJET- Ad-hoc Based Outdoor Positioning SystemIRJET- Ad-hoc Based Outdoor Positioning System
IRJET- Ad-hoc Based Outdoor Positioning SystemIRJET Journal
 
Practical Distribution and Substation Automation (incl. communications) for E...
Practical Distribution and Substation Automation (incl. communications) for E...Practical Distribution and Substation Automation (incl. communications) for E...
Practical Distribution and Substation Automation (incl. communications) for E...Living Online
 
Critical infrastructure Protection and Cyber Attack Modeling
Critical infrastructure Protection and Cyber Attack ModelingCritical infrastructure Protection and Cyber Attack Modeling
Critical infrastructure Protection and Cyber Attack ModelingBlaz Ivanc
 

What's hot (20)

SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...
SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...
SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...
 
European smart grid cyber and scada security
European smart grid cyber and scada securityEuropean smart grid cyber and scada security
European smart grid cyber and scada security
 
IWSN with OMNET++ Simulation
IWSN with OMNET++ SimulationIWSN with OMNET++ Simulation
IWSN with OMNET++ Simulation
 
A review on software defined network security risks and challenges
A review on software defined network security risks and challengesA review on software defined network security risks and challenges
A review on software defined network security risks and challenges
 
Wsn handbook
Wsn handbookWsn handbook
Wsn handbook
 
MIIM Short Overview
MIIM Short OverviewMIIM Short Overview
MIIM Short Overview
 
Security assignment (copy)
Security assignment (copy)Security assignment (copy)
Security assignment (copy)
 
Seminar
SeminarSeminar
Seminar
 
Network management aa
Network management aaNetwork management aa
Network management aa
 
Firewall
FirewallFirewall
Firewall
 
A COMBINATION OF THE INTRUSION DETECTION SYSTEM AND THE OPEN-SOURCE FIREWALL ...
A COMBINATION OF THE INTRUSION DETECTION SYSTEM AND THE OPEN-SOURCE FIREWALL ...A COMBINATION OF THE INTRUSION DETECTION SYSTEM AND THE OPEN-SOURCE FIREWALL ...
A COMBINATION OF THE INTRUSION DETECTION SYSTEM AND THE OPEN-SOURCE FIREWALL ...
 
Data center
Data centerData center
Data center
 
Integrating nvrs into_ip_surveillance_systems_en
Integrating nvrs into_ip_surveillance_systems_enIntegrating nvrs into_ip_surveillance_systems_en
Integrating nvrs into_ip_surveillance_systems_en
 
Network Management Fundamentals - Back to the Basics
Network Management Fundamentals - Back to the BasicsNetwork Management Fundamentals - Back to the Basics
Network Management Fundamentals - Back to the Basics
 
Firewall and its types and function
Firewall and its types and functionFirewall and its types and function
Firewall and its types and function
 
Security Design Considerations Module 3 - Training Sample
Security Design Considerations Module 3 - Training SampleSecurity Design Considerations Module 3 - Training Sample
Security Design Considerations Module 3 - Training Sample
 
Nuevo estándar para diseño de data center ANSI/BICSI-002
Nuevo estándar para diseño de data center ANSI/BICSI-002Nuevo estándar para diseño de data center ANSI/BICSI-002
Nuevo estándar para diseño de data center ANSI/BICSI-002
 
IRJET- Ad-hoc Based Outdoor Positioning System
IRJET- Ad-hoc Based Outdoor Positioning SystemIRJET- Ad-hoc Based Outdoor Positioning System
IRJET- Ad-hoc Based Outdoor Positioning System
 
Practical Distribution and Substation Automation (incl. communications) for E...
Practical Distribution and Substation Automation (incl. communications) for E...Practical Distribution and Substation Automation (incl. communications) for E...
Practical Distribution and Substation Automation (incl. communications) for E...
 
Critical infrastructure Protection and Cyber Attack Modeling
Critical infrastructure Protection and Cyber Attack ModelingCritical infrastructure Protection and Cyber Attack Modeling
Critical infrastructure Protection and Cyber Attack Modeling
 

Viewers also liked

Visual guide change_stakeholders
Visual guide change_stakeholdersVisual guide change_stakeholders
Visual guide change_stakeholdersMamta C, MSc.
 
1979 Dodge and Chrysler Car dealer, Venezuela
1979 Dodge and Chrysler Car dealer, Venezuela1979 Dodge and Chrysler Car dealer, Venezuela
1979 Dodge and Chrysler Car dealer, VenezuelaJose Lorenzo
 
Descubriendo la #Red #Social #Medium
Descubriendo la #Red #Social #Medium Descubriendo la #Red #Social #Medium
Descubriendo la #Red #Social #MediumManuel Mateo
 
How should marketers adjust their strategies and tactics
How should marketers adjust their strategies and tacticsHow should marketers adjust their strategies and tactics
How should marketers adjust their strategies and tacticsSameer mathur
 
Prove ammissioneingegneria scuole secondarie
Prove ammissioneingegneria scuole secondarieProve ammissioneingegneria scuole secondarie
Prove ammissioneingegneria scuole secondarieMontagnin Mariano
 
Bipolar and Me - by Maya
Bipolar and Me - by MayaBipolar and Me - by Maya
Bipolar and Me - by MayaDavid Richard
 
IOSH_Working_Safely_cert
IOSH_Working_Safely_certIOSH_Working_Safely_cert
IOSH_Working_Safely_certRauf Nuriyev
 
Modeling, Simulation and Optimization of a Robotic Flexible Manufacturing Pac...
Modeling, Simulation and Optimization of a Robotic Flexible Manufacturing Pac...Modeling, Simulation and Optimization of a Robotic Flexible Manufacturing Pac...
Modeling, Simulation and Optimization of a Robotic Flexible Manufacturing Pac...AM Publications,India
 
Bone Shredder | PROSINO
Bone Shredder | PROSINOBone Shredder | PROSINO
Bone Shredder | PROSINOSaqib Nadeem
 
Viaggio a Madrid 2 c
Viaggio a Madrid 2 cViaggio a Madrid 2 c
Viaggio a Madrid 2 cicfalcone
 
Building HPC Clusters as Code in the (Almost) Infinite Cloud | AWS Public Sec...
Building HPC Clusters as Code in the (Almost) Infinite Cloud | AWS Public Sec...Building HPC Clusters as Code in the (Almost) Infinite Cloud | AWS Public Sec...
Building HPC Clusters as Code in the (Almost) Infinite Cloud | AWS Public Sec...Amazon Web Services
 
Flexible Manufacturing System (FMS)
Flexible Manufacturing System (FMS)Flexible Manufacturing System (FMS)
Flexible Manufacturing System (FMS)Prasanna3804
 

Viewers also liked (15)

Visual guide change_stakeholders
Visual guide change_stakeholdersVisual guide change_stakeholders
Visual guide change_stakeholders
 
Petita guineu
Petita guineuPetita guineu
Petita guineu
 
1979 Dodge and Chrysler Car dealer, Venezuela
1979 Dodge and Chrysler Car dealer, Venezuela1979 Dodge and Chrysler Car dealer, Venezuela
1979 Dodge and Chrysler Car dealer, Venezuela
 
Descubriendo la #Red #Social #Medium
Descubriendo la #Red #Social #Medium Descubriendo la #Red #Social #Medium
Descubriendo la #Red #Social #Medium
 
How should marketers adjust their strategies and tactics
How should marketers adjust their strategies and tacticsHow should marketers adjust their strategies and tactics
How should marketers adjust their strategies and tactics
 
Prove ammissioneingegneria scuole secondarie
Prove ammissioneingegneria scuole secondarieProve ammissioneingegneria scuole secondarie
Prove ammissioneingegneria scuole secondarie
 
Bipolar and Me - by Maya
Bipolar and Me - by MayaBipolar and Me - by Maya
Bipolar and Me - by Maya
 
IOSH_Working_Safely_cert
IOSH_Working_Safely_certIOSH_Working_Safely_cert
IOSH_Working_Safely_cert
 
Il_genere_coaching
Il_genere_coachingIl_genere_coaching
Il_genere_coaching
 
Modeling, Simulation and Optimization of a Robotic Flexible Manufacturing Pac...
Modeling, Simulation and Optimization of a Robotic Flexible Manufacturing Pac...Modeling, Simulation and Optimization of a Robotic Flexible Manufacturing Pac...
Modeling, Simulation and Optimization of a Robotic Flexible Manufacturing Pac...
 
Bone Shredder | PROSINO
Bone Shredder | PROSINOBone Shredder | PROSINO
Bone Shredder | PROSINO
 
Viaggio a Madrid 2 c
Viaggio a Madrid 2 cViaggio a Madrid 2 c
Viaggio a Madrid 2 c
 
Building HPC Clusters as Code in the (Almost) Infinite Cloud | AWS Public Sec...
Building HPC Clusters as Code in the (Almost) Infinite Cloud | AWS Public Sec...Building HPC Clusters as Code in the (Almost) Infinite Cloud | AWS Public Sec...
Building HPC Clusters as Code in the (Almost) Infinite Cloud | AWS Public Sec...
 
Flexible Manufacturing System (FMS)
Flexible Manufacturing System (FMS)Flexible Manufacturing System (FMS)
Flexible Manufacturing System (FMS)
 
розвиток людини 4 клас
розвиток людини 4 класрозвиток людини 4 клас
розвиток людини 4 клас
 

Similar to abstract LNG world

Critical Information Infrastructure Systems Worldwide
Critical Information Infrastructure Systems WorldwideCritical Information Infrastructure Systems Worldwide
Critical Information Infrastructure Systems WorldwideAngela Hays
 
Ignite 2019
Ignite 2019Ignite 2019
Ignite 2019TI Safe
 
Development of of power plants functionality
Development of of power plants functionality Development of of power plants functionality
Development of of power plants functionality Hossam Zein
 
RITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADA
RITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADARITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADA
RITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADAcsandit
 
Investigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a SecureInvestigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a SecureFiras Alsayied
 
Sb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinetSb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinetIvan Carmona
 
Activity 3 watch the video and answer
Activity 3 watch the video and answerActivity 3 watch the video and answer
Activity 3 watch the video and answernikshaikh786
 
TECHNICAL WHITE PAPER: NetBackup Appliances WAN Optimization
TECHNICAL WHITE PAPER: NetBackup Appliances WAN OptimizationTECHNICAL WHITE PAPER: NetBackup Appliances WAN Optimization
TECHNICAL WHITE PAPER: NetBackup Appliances WAN OptimizationSymantec
 
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)Byres Security Inc.
 
Ieeepro techno solutions 2013 ieee embedded project an integrated design fr...
Ieeepro techno solutions 2013 ieee embedded project an integrated design fr...Ieeepro techno solutions 2013 ieee embedded project an integrated design fr...
Ieeepro techno solutions 2013 ieee embedded project an integrated design fr...srinivasanece7
 
White paper scada (2)
White paper scada (2)White paper scada (2)
White paper scada (2)Ivan Carmona
 
Standards based security for energy utilities
Standards based security for energy utilitiesStandards based security for energy utilities
Standards based security for energy utilitiesNirmal Thaliyil
 
Network design consideration
Network design considerationNetwork design consideration
Network design considerationlavanya marichamy
 
5G Edge Computing Whitepaper, FCC Advisory Council
5G Edge Computing Whitepaper, FCC Advisory Council5G Edge Computing Whitepaper, FCC Advisory Council
5G Edge Computing Whitepaper, FCC Advisory CouncilDESMOND YUEN
 
Deploying Distributed Traffic Capture Systems
Deploying Distributed Traffic Capture SystemsDeploying Distributed Traffic Capture Systems
Deploying Distributed Traffic Capture SystemsChris Fenton
 
IEC61850: Use of IEC61850 to telecontrol MV grids (Article)
IEC61850: Use of IEC61850 to telecontrol MV grids (Article)IEC61850: Use of IEC61850 to telecontrol MV grids (Article)
IEC61850: Use of IEC61850 to telecontrol MV grids (Article)iGrid T&D
 
Structural Health Monitoring by Payload Compression in Wireless Sensors Netwo...
Structural Health Monitoring by Payload Compression in Wireless Sensors Netwo...Structural Health Monitoring by Payload Compression in Wireless Sensors Netwo...
Structural Health Monitoring by Payload Compression in Wireless Sensors Netwo...Dr. Amarjeet Singh
 
FFM_–_Technical_Brief_–_Network_Solutions_for_Intelligence_Surveillance_and_R...
FFM_–_Technical_Brief_–_Network_Solutions_for_Intelligence_Surveillance_and_R...FFM_–_Technical_Brief_–_Network_Solutions_for_Intelligence_Surveillance_and_R...
FFM_–_Technical_Brief_–_Network_Solutions_for_Intelligence_Surveillance_and_R...Vince Garr
 
Performance Analysis of Wireless Trusted Software Defined Networks
Performance Analysis of Wireless Trusted Software Defined NetworksPerformance Analysis of Wireless Trusted Software Defined Networks
Performance Analysis of Wireless Trusted Software Defined NetworksIRJET Journal
 

Similar to abstract LNG world (20)

Critical Information Infrastructure Systems Worldwide
Critical Information Infrastructure Systems WorldwideCritical Information Infrastructure Systems Worldwide
Critical Information Infrastructure Systems Worldwide
 
Unit_3.pptx
Unit_3.pptxUnit_3.pptx
Unit_3.pptx
 
Ignite 2019
Ignite 2019Ignite 2019
Ignite 2019
 
Development of of power plants functionality
Development of of power plants functionality Development of of power plants functionality
Development of of power plants functionality
 
RITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADA
RITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADARITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADA
RITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADA
 
Investigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a SecureInvestigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a Secure
 
Sb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinetSb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinet
 
Activity 3 watch the video and answer
Activity 3 watch the video and answerActivity 3 watch the video and answer
Activity 3 watch the video and answer
 
TECHNICAL WHITE PAPER: NetBackup Appliances WAN Optimization
TECHNICAL WHITE PAPER: NetBackup Appliances WAN OptimizationTECHNICAL WHITE PAPER: NetBackup Appliances WAN Optimization
TECHNICAL WHITE PAPER: NetBackup Appliances WAN Optimization
 
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
 
Ieeepro techno solutions 2013 ieee embedded project an integrated design fr...
Ieeepro techno solutions 2013 ieee embedded project an integrated design fr...Ieeepro techno solutions 2013 ieee embedded project an integrated design fr...
Ieeepro techno solutions 2013 ieee embedded project an integrated design fr...
 
White paper scada (2)
White paper scada (2)White paper scada (2)
White paper scada (2)
 
Standards based security for energy utilities
Standards based security for energy utilitiesStandards based security for energy utilities
Standards based security for energy utilities
 
Network design consideration
Network design considerationNetwork design consideration
Network design consideration
 
5G Edge Computing Whitepaper, FCC Advisory Council
5G Edge Computing Whitepaper, FCC Advisory Council5G Edge Computing Whitepaper, FCC Advisory Council
5G Edge Computing Whitepaper, FCC Advisory Council
 
Deploying Distributed Traffic Capture Systems
Deploying Distributed Traffic Capture SystemsDeploying Distributed Traffic Capture Systems
Deploying Distributed Traffic Capture Systems
 
IEC61850: Use of IEC61850 to telecontrol MV grids (Article)
IEC61850: Use of IEC61850 to telecontrol MV grids (Article)IEC61850: Use of IEC61850 to telecontrol MV grids (Article)
IEC61850: Use of IEC61850 to telecontrol MV grids (Article)
 
Structural Health Monitoring by Payload Compression in Wireless Sensors Netwo...
Structural Health Monitoring by Payload Compression in Wireless Sensors Netwo...Structural Health Monitoring by Payload Compression in Wireless Sensors Netwo...
Structural Health Monitoring by Payload Compression in Wireless Sensors Netwo...
 
FFM_–_Technical_Brief_–_Network_Solutions_for_Intelligence_Surveillance_and_R...
FFM_–_Technical_Brief_–_Network_Solutions_for_Intelligence_Surveillance_and_R...FFM_–_Technical_Brief_–_Network_Solutions_for_Intelligence_Surveillance_and_R...
FFM_–_Technical_Brief_–_Network_Solutions_for_Intelligence_Surveillance_and_R...
 
Performance Analysis of Wireless Trusted Software Defined Networks
Performance Analysis of Wireless Trusted Software Defined NetworksPerformance Analysis of Wireless Trusted Software Defined Networks
Performance Analysis of Wireless Trusted Software Defined Networks
 

More from Andrea Vallavanti

HUMAN FACTOR AND IT/OT CORRELATION
HUMAN FACTOR AND IT/OT CORRELATION HUMAN FACTOR AND IT/OT CORRELATION
HUMAN FACTOR AND IT/OT CORRELATION Andrea Vallavanti
 
Presentataion Oil&Gas Telecommunications Conference - Radio LInk Project
Presentataion Oil&Gas Telecommunications Conference - Radio LInk Project Presentataion Oil&Gas Telecommunications Conference - Radio LInk Project
Presentataion Oil&Gas Telecommunications Conference - Radio LInk Project Andrea Vallavanti
 
Eccellenze in digitale - Certificato (3)
Eccellenze in digitale - Certificato (3)Eccellenze in digitale - Certificato (3)
Eccellenze in digitale - Certificato (3)Andrea Vallavanti
 
Attestato_Competenza_Master_Privacy_Officer_Andrea Vallavanti
Attestato_Competenza_Master_Privacy_Officer_Andrea VallavantiAttestato_Competenza_Master_Privacy_Officer_Andrea Vallavanti
Attestato_Competenza_Master_Privacy_Officer_Andrea VallavantiAndrea Vallavanti
 
Presentazione OIL and GAS Telecommunications Conference rev 6 marzo_va
Presentazione OIL and GAS Telecommunications Conference rev 6 marzo_vaPresentazione OIL and GAS Telecommunications Conference rev 6 marzo_va
Presentazione OIL and GAS Telecommunications Conference rev 6 marzo_vaAndrea Vallavanti
 

More from Andrea Vallavanti (6)

HUMAN FACTOR AND IT/OT CORRELATION
HUMAN FACTOR AND IT/OT CORRELATION HUMAN FACTOR AND IT/OT CORRELATION
HUMAN FACTOR AND IT/OT CORRELATION
 
Presentataion Oil&Gas Telecommunications Conference - Radio LInk Project
Presentataion Oil&Gas Telecommunications Conference - Radio LInk Project Presentataion Oil&Gas Telecommunications Conference - Radio LInk Project
Presentataion Oil&Gas Telecommunications Conference - Radio LInk Project
 
Eccellenze in digitale - Certificato (3)
Eccellenze in digitale - Certificato (3)Eccellenze in digitale - Certificato (3)
Eccellenze in digitale - Certificato (3)
 
B4
B4B4
B4
 
Attestato_Competenza_Master_Privacy_Officer_Andrea Vallavanti
Attestato_Competenza_Master_Privacy_Officer_Andrea VallavantiAttestato_Competenza_Master_Privacy_Officer_Andrea Vallavanti
Attestato_Competenza_Master_Privacy_Officer_Andrea Vallavanti
 
Presentazione OIL and GAS Telecommunications Conference rev 6 marzo_va
Presentazione OIL and GAS Telecommunications Conference rev 6 marzo_vaPresentazione OIL and GAS Telecommunications Conference rev 6 marzo_va
Presentazione OIL and GAS Telecommunications Conference rev 6 marzo_va
 

abstract LNG world

  • 1. ABSTRACT FOR GASTECH 2017 Andrea Vallavanti ICT Manager
  • 2. FSRU TOSCANA – LINKS ON OFF SHORE AND SECURITY ANALYSIS The FSRU TOSCANA is composed by : a Floating Storage and Regasification Unit, “FSRU Toscana”, permanently anchored to the seabed at about 22 km offshore between Livorno and Pisa "FSRU Toscana" is permanently anchored offshore through a mooring system having a single point of rotation at the bow to allow the ship to move around the anchorage turret and adapting to sea weather conditions. The EPCIC contract foresee only a VSAT link connection 512 kbps and a back up connection of 128 Kbps Fleet 77. The total amount of bandwidth available was been not enough to transmit the minimum amount of data needed to manage the FSRU . The link between the shore and the FSRU had to ensure constant communication in both directions, despite the long distance over-water. The path profile between the two end points on shore and off shore , shows number of complex technical challenges. Location settled at sea level was not the best solution due to the long distance (22 km) and curvature of earth’s surface adding the ships passing through the harbor that constituted an additional unpredictable obstacle. The vessel has got six defined movement plus the rotation of 360°: Roll: ± 17.84° Surge ± 4,56m Pitch: ± 5.25° Heave: ± 7.46m Yaw: ± 2.03° Sway: ± 6.19m The final solution was to install three points of connection : one in on shore base, one rebound point at 900 mt asl elevation and one on FSRU Toscana. In this way LOS was been completely free but the length of the link was been 75 Km compared with the initial 22 km . The same was thus realized in two steps: • First link (29 Km) was set using an Aviat Eclipse in the 7 GHz band from Leghorn to first point of rebound ; • A second link was made between the same location and the FSRU. This link (47 Km) was realized with 4RF Aprisa XE in the 1.5 Ghz band In order to minimize the impact of multipath fading the Hitless Space Diversity configuration was used. This solution provides both radio link protection from fading and redundancy. Further hw installed • Pointing System over the Radar mast , provided with a QPT 50 MOOG computer controlled • Rotary Joint with Yagi antenna . The FSRU Toscana was finally (and is ) connected with a primary link - 11 Mbps (Radio) - with back up system (Vsat 512 Kbps) Sat technologies based. The Floating Storage Regassification Unit is in this way linked to WAN connection in order to feed OLT ‘s headquarter with all the relevant data for maintenance and supervision. For this reason a Security Assessment activities was also the starting point in order to evaluate the ICT threat level on the vessel and its DCS. The Assessment activity normally is aimed to analyze, in terms of Cyber Security, the industrial processes on the basis of a methodology analysis founded on international standards that were repeatable, measurable and reusable. In second place, identify a set of macro-activity for the security of the vessel as well as lay the foundation for the establishment of a process of raising the level of knowledge on the Cyber Security industry issues. All the information are collected and analyzed carried out the level of criticality with respect to security domains shown in the list below : • Account Management: • Authenticator Management: • Access Control:. • Audit & Accountability:
  • 3. • Security Assessment & Vulnerability Scanning: Configuration/Change Management: questions/checks . • System Backup: • Security Incident Response: • Communication Protection: • Maintenance. • Monitoring & Malicious code: • Portable/Media/Wireless: • Remote Access Control - External System and Remote Access: • System Integrity & Protection: • Software Usage: These activities are intended to be developed considering the aspects of operational impact on industrial process and based on the applicable technological resources, properly placed within a model of security management of industrial sites. Network traffic analysis sometimes it is difficult to evaluate with consequential loss of information regarding the internal data flow from the ICS, losing also accuracy in the analysis of the data and detection of suspicious activities. Invasive operation have to be analyzed with a pre detailed Risk Analysis . Due to the nature of the assessment, mainly technical, have been selected only those control of the ISO 27001:2005 standard which has direct impact in the security technology Definition and sharing of security guidelines for ICT security systems, networks and applications which increase the level of security of industrial sites on the basis of a common standard of reference. The definition of guidelines should be carried out with the help of technology providers and the site crew in order to make more effective interventions o remediate the current vulnerability, but also to address security issues in new implementations.
  • 4. It is normal recommended for the definition of these guidelines using references such as NIST or NERC which have already been defined in technology terms best practice for the context of industrial sites. The adoption of a more segregated network architecture is one of the most greater extent that strengthens the security of ICS systems. The other functional elements of data analysis (eg. Data Historian, Database Server) should be isolated in specific DMZ, as well as support elements such as Domain Controller, WSUS, and printers. The NIST has identified several layout possibilities of the ICS networks that can be used also as a reference for the context FSRU In according to the NIST Network Layout presented in previous Figure , the ISA 95 standard provides levels of logical networks segregation and areas involved in the process. This division is shown in next Figure and suggest 6 levels of segregation depth, plus an intermediate DMZ level
  • 5. As regards the communication flows, on the basis of the network architecture as indicated above, it is recommended to introduce/strengthen best practices such as: • Firewall Rules that have a highly granularity (in each rule must always be defined IP Source/IP Destination/Group Network Services). • Avoid communications from DMZ that are directed toward the DCS network, in this way the compromise of a system in the DMZ does not affect the DCS network. • Replace the administration unencrypted protocols preferring encrypted solutions (e.g. Terminal Services instead of VNC or SSH instead of Telnet). Related to the DCS areas, the introduction of monitoring instruments of ICT security such as IDS and IPS solutions allow more control and time reaction in case of abnormal or malicious activity within the specific VLAN. In some cases it would be appropriate to consider : • technologies are able to detect activities typical of the ICT contexts (e.g. attacks to the Microsoft Windows operating system) • technologies are able to interpret specific attacks related to the industrial context (e.g. manipulation of the basic parameters of a pump or a valve through iteration with the network protocol). The centralization of the events generated by these solutions through the use of SIEM allow an integrated vision and management of security. In any case, even the activation of native audit systems (OS-level or application) with a centralization of log produced could help to limit the impact on the existing infrastructure. The accounts, sometimes based on Microsoft Windows system, must be reviewed in order to unify the management methods and to enhance the security features. In this case: • Adoption of nominal accounts;
  • 6. • Regards the role of the operators may be necessary the insertion/maintenance of group account for the purposes of operating the industrial process. Due to the complexity to manage the security of application flows in the industry field (authentication and encryption), it is important to act on the protection of the systems themselves. In particular on the elements of active defense and log & audit. Most of the systems installed on the vessels present standard features of the ICT context, it is therefore conceivable to start pro-active security measures such as centralized upgrade systems or adoption of antivirus systems with standard configurations, up to the use of Host Intrusion Prevention. Regarding the most critical systems closer to the process network (e.g. operator stations), it is necessary to evaluate with the technology suppliers which tools and technologies allow to act in a pro-active way on the level of security in place. Other option is : • Adoption of Host Intrusion Detection which while not interfering with the system; • Use unique and centralized standard solutions (e.g. for the Antivirus) and not related to the local area of process would allow a security integrated vision and management.