Owl Computing Technologies, Inc.: Owl OPC Server Transfer Service (OSTS)

1,724 views

Published on

The Owl OPC Server Transfer Service (OSTS) application replicates an OPC client in a secure environment. In the one-way transfer architecture of the Owl Perimeter Defense Solution (OPDS), OSTS reads and transmits OPC data across the process control perimeter. The data is made available to OPC clients in the business network. • Interoperable with FactoryTalk, RSLinks, and RSView32
• OPC Foundation certified

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,724
On SlideShare
0
From Embeds
0
Number of Embeds
8
Actions
Shares
0
Downloads
61
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Owl Computing Technologies, Inc.: Owl OPC Server Transfer Service (OSTS)

  1. 1. Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC INFORMATION OPC Server Transfer Service (OSTS) Owl Computing Technologies Datadiode in the Connected Enterprise
  2. 2. Owl Comprehensive Perimeter Defense Deployment at SABIC/SAFCO Presented by: Owl Computing Technologies, Inc. June 2014
  3. 3. 3  Brief Owl Introduction  The Business Issue  Typical Customer Progression  SABIC/SAFCO Use Case  Overview of Booth Demonstration Agenda
  4. 4. 4 Owl Computing Technologies, Inc. US Owned & Operated Product Suite 1200+ Security Solutions DeployedUS Owned and Operated Owl Product Suite 1500+ Security Solutions Deployed US-based controlled supply chain US-based R&D, manufacturing, sales and service Over 13 years in business Rockwell Automation Encompass™ Partner since 2013 Owl Perimeter Defense Solution One-way transfer systems Configuration management and life cycle support Nuclear, Fossil, and Hydro Generation Oil & Gas and Mining Industries US National Intelligence Community Department of Defense Telecommunications European and Asian Ministries of Defense
  5. 5. Network security is a component of the plant’s reliability. Reliability Reliability Reliability Business Issue 5
  6. 6. • Two-way connections between the plant and business networks • Network connection supports business efficiency • Networks are vulnerable to cyber attack Typical Vulnerable Two-way Network Connection 6
  7. 7. • Disconnection ensures plant safety from external threats • Disconnection impedes business efficiency • Need to strike a balance between security and efficiency Easiest Network Security Separation 7
  8. 8. • Security maintains “disconnected” plant network • Information flows to support efficiency • Better security permits OT and IT to coexist Isolate Plant Network with Data Flows 8
  9. 9. • Security maintains a “disconnected” network • Information flows to support business and plant efficiency • Best security permits OT and IT efficiency p. 9 Network Security Separation 9
  10. 10. A division of SABIC, Saudi Basic Industries Corporation, a diversified manufacturing company, active in chemicals and intermediates, industrial polymers, fertilizers, and metals. About Saudi Arabian Fertilizer Company (SAFCO)  Produces, processes, manufactures, and markets the principal fertilizers for the local and international market  Production and manufacturing of Ammonia, Urea, Melamine, and Sulfuric Acid 10
  11. 11. Attack Cause & Effect Challenges and Solutions Next Generation Cybersecurity Review of the Owl Perimeter Defense Solution around the SAFCO Process Control Network to enable secure export of data to the Business Network. SABIC/SAFCO Installation Benefits and Summary Overview 11
  12. 12. Cyber attacks on the industry's infrastructure are projected to result in damages costing nearly $2 billion by 2018.1 “Isolation works; it is an effective way of protecting critical infrastructure from attacks of this level of sophistication.”2 Source: 1. http://www.upi.com/Business_News/Energy-Resources/2013/11/20/Persian-Gulf-oil-industry-vulnerable-to-cyberattacks/UPI-40101384970243/ 2. Martin Libnicki, Senior Management Scientist, Rand Corporation. http://www.rigzone.com/news/oil_gas/a/121596/Middle_East_Attacks_Highlight_Cybersecurity_Threat_for_OG_Industry#sthash.GgZXMMp4.dp uf Cause: Cyber attack Effect: Industrial Middle East unplugged from the Internet 12
  13. 13. AFTER ATTACK: NETWORK DISCONNECTION WAS THE INITIAL DEFENSE. DISCONNECTING IMPEDED EFFICIENT OPERATIONS. 13
  14. 14. 1200+ Security Solutions Deployed SAFCO Challenge Owl Solution Business Problem Ensure network security with network domain separations Cybersecurity defense needed to maintain Plant and Business network domain separation Restore business continuity by allowing data flows to resume Replicate DCS and OPC data to business unit historians Limit unauthorized access to plant network from outside the plant Install hardware enforced data diode technology to enforce one-way data flows Owl Solution 14
  15. 15. Process Flow 1. DCS Plant Network to run the plant 2. Network security provided by traditional software firewall 3. Business access to plant data 4. Firewall disconnected after attack for increased security SABIC/SAFCO Original Architecture 15
  16. 16. Owl Next Generation Cybersecurity Data Diode: An appliance or device that creates a one-way communication link to ensure that data travels securely in only one direction. Plant Process Network Center Business Network Center Network Boundary Separation 16
  17. 17. DCS Station 153 (OPC DA) DCS Station 261 (OPC DA) DCS Station 363 (OPC DA, A&E) (OPC DA) OwlOPC BLUE Home Node OwlOPC BLUE Remote Node SABIC New System DCOM DCOM DCOM TCP/ IP UDP Process Flow: 1. Collect OPC data on Plant Network 2. Collect using either DCOM or Tunneling 3. Route OPC data to one- way data diode 4. Diode sends data out of Plant Network SABIC/SAFCO OPDS Installation 17
  18. 18. Oversees and manages all the operations associated with seven LNG trains, two sales gas production facilities, helium production facilities, and major shipping contracts and global commercial partnerships Process Flow: 1. One-way diode allows data into Business Network 4. OPC Servers are an exact replica 2. Route data to OPC Servers 5. Allow OPC compliant connections to use data 3. Tunneling avoids DCOM issues SABIC/SAFCO OPDS Installation 18 OwlOPC BLUE Home Node OwlOPC BLUE Remote Node DCOM DCOM DCOM TCP/ IP UDP UDP TCP/ IP OwlOPC RED Home Node TCP/ IP TCP/ IP TCP/ IP TCP/ IP TCP/ IP TCP/ IP TCP/ IP TCP/ IP TCP/ IP OwlOPC RED Remote DA Sever (153) OwlOPC RED Remote A&E Sever (363) OwlOPC RED Remote DA Sever (363) OwlOPC RED Remote DA Sever (261) OwlOPC RED Remote DA Sever Historian OwlOPC RED Remote DA Sever (153) OwlOPC RED Remote A&E Sever (363) OwlOPC RED Remote DA Sever (363) OwlOPC RED Remote DA Sever (261) OwlOPC RED Remote DA Sever OSI PI Historian
  19. 19. Oversees and manages all the operations associated with seven LNG trains, two sales gas production facilities, helium production facilities, and major shipping contracts and global commercial partnerships Process Flow: 1. OPC server presents OPC Data 3. OSI PI OPC Interface collects OPC data 2. Data moved to OSI PI Historian 4. Tunneling avoids DCOM Issues SABIC/SAFCO OSIsoft® PI System 19
  20. 20. Product Suite 1200+ Security Solutions Deployed Benefits Restored business continuity by allowing data flows to resume • OPC data sent to OSIsoft® PI Historian • OPC Foundation DA and A&E certified for compliance and easy installation • Owl tunneling technology avoids DCOM issues • OPC Servers are precisely replicated Ensured network security with network domain separation • Owl DualDiode enforces Plant and Business Network domain separation Enforced no access to plant network from outside the plant • DualDiode is hardware enforced one-way data flows out • No access or data flows into the plant network of any kind 20
  21. 21. Generic Network Diagram Owl DualDiode Data Source: Rockwell FactoryTalk Applications and Devices Data Destination: OSIsoft PI Historians OPC Historians OPC-DA/UA for data transport p. 21 21
  22. 22. • First network security vendor in Rockwell Automation PartnerNetwork™ • Encompass™ Product Partner since 2013 • Rockwell Automation FactoryTalk interoperability with RsLink and RSView32 source applications • Owl Perimeter Defense Solution (OPDS) provides plant network isolation and mitigates cyber-attack • OPC Compliant 22
  23. 23. The Owl Perimeter Defense Solution (OPDS) is interoperable with Rockwell Automation FactoryTalk and OPC-compliant applications. Owl DualDiode Technology™, a proprietary data diode, is optimally constructed to complement Rockwell Automation solutions and secure automated industrial control systems. OPDS and Rockwell Automation FactoryTalk Architecture Diagram Rockwell Automation One-way Architecture 23
  24. 24. p. 24 Rockwell Automation Demonstration Receive Side Platform RSLinx Classic Owl OPC Client RSView32 Windows Platform Owl OPC Server RSView32 Windows Platform OPDS100-D Owl OPC Channel Protocol Rockwell PLC Send Side Platform DualDiode Technology™ Owl OPC Channel Protocol Remote Monitoring 24
  25. 25. • Security breach called for urgent need to secure the plant and business operations • Cybersecurity risks and challenges were effectively solved • Business continuity and data flows were re-established • Scalable architecture deployed that replicates to other sites easily • Provides a new level of cybersecurity and risk mitigation previously unavailable SABIC/SAFCO business needs solved with Owl products 25
  26. 26. 26 Thank You Owl Computing Technologies, Inc. 203.894.9342 Owl Computing Technologies 38A Grove Street, Suite 101 Ridgefield, CT 06877 www.owlcti.com Toll Free: 866-695-3387 Phone: +1 203-894-9342 Fax: +1 203-894-1297
  27. 27. 27
  28. 28. Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. www.rsteched.com Follow RSTechED on Facebook & Twitter. Connect with us on LinkedIn. PUBLIC INFORMATION Questions? THANK YOU

×