Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Smith EntNet2008 Slides.ppt
1. Security Optimization For the Digital Oilfield
EntNet 2008 Panel On Communication Networks For Oil, Gas,
Energy and Casino Industries
Raife F. Smith II, Ph.D., P.E.
Professor
Department of Electrical Engineering
Southern University, Baton Rouge, LA
2. Security Optimization For the Digital Oilfield
The oil and gas industry relies on a wide variety of
information and communications technologies (ICT) to
meet its requirements for automation, surveillance,
security and information transfer.
3. Security Optimization For the Digital Oilfield
The “Digital Oilfield” (“eField”, “iField”, “SmartField”) is
increasingly seen as the best way for oil and gas companies
to reduce lifting costs and dramatically improve recovery
and safety, and enhance employee retention and job
satisfaction.
4. Security Optimization For the Digital Oilfield
What exactly is the “Digital Oilfield” or “Digital Oilfield
of The Future (DOFF)?
Digital Oilfield is the evolution and convergence of a
number of oil and gas drilling, exploration, and digital
control techniques coupled with standardized
communication technologies.
5. Security Optimization For the Digital Oilfield
The technologies associated with Digital Oilfields, most of
which are based on Internet Protocol (IP) and wireless
communications, allow real-time production and equipment
data to be viewed in locations many hundreds, or even
thousands of miles away.
6. Security Optimization For the Digital Oilfield
Digital Oilfield Technology has the potential of bringing
real-time data to many part of the business, potentially
allowing more informed trading and risk management and
potentially more informed decisions where other parts of the
business depend on either the volume or quality of the oil or
gas being exported.
7. Security Optimization For the Digital Oilfield
Digital Oilfield Technology has the potential to allow much
closer integration between company subject matter experts,
and local assets.
Often access to deep subject matter expertise lies with
“gurus” within a centralized function, or is dispersed around
the company. Perversely this often has the impact of
removing such expertise from the place where it is most
needed.
8. Security Optimization For the Digital Oilfield
The “Digital Oilfield” (“eField”, “iField”, “SmartField”)
offers much promise for higher levels of automation and
information transfer, but it comes with a price.
As more “intelligence” is deployed into the field, the
opportunity for compromise, distributed error and sabotage
rises exponentially.
9. Security Optimization For the Digital Oilfield
Often, the excitement over a new technological
concept’s benefits overshadows proper concern for its
vulnerabilities and shortcomings.
10. Security Optimization For the Digital Oilfield
As oilfield operations become more and more integrated
by information and communications technology, care
must be taken to minimize the effects of adverse
conditions (e.g. viruses, misappropriation of data from
within and from outside the network, etc.).
11. Security Optimization For the Digital Oilfield
The challenge is to maintain a high degree of
service and interoperability while optimizing
security.
12. Security Optimization For the Digital Oilfield
Security Vulnerabilities For The Digital Oilfield
1. Growing attack sophistication.
2. Lack of employee adherence to security policy.
3. Increasing complexity of security solutions.
13. Security Optimization For the Digital Oilfield
Security Vulnerabilities For The Digital Oilfield
4. Managing increasing network traffic. The larger
the enterprise, the greater the risk posed by
internal sources.
5. Insider abuse of network access.
6. Managing vendor access to the network.
14. Security Optimization For the Digital Oilfield
The best practices developed for perimeter (edge)
security still apply, but they must now be deployed
more pervasively and become an integral part of a
new distributed, dynamic network architecture.
15. Security Optimization For the Digital Oilfield
For optimal security, the Digital Oilfield
administrator(s) must:
1. Strictly control individual user access to network
services and data.
2. Audit the behavior of individual users in real
time to ensure compliance with security policies
and regulations.
16. Security Optimization For the Digital Oilfield
For optimal security, the Digital Oilfield
administrator(s) must:
3. Implement a strict network partitioning scheme
(domain allocation) with appropriate traffic routing
(traffic directionality) and policies for threat
containment.
4. Rigorously manage the network’s topology (physical
arrangement) and growth and contraction (size).
17. Security Optimization For the Digital Oilfield
For optimal security, the Digital Oilfield
administrator(s) must:
5. Implement a thorough test and evaluation plan (for
both performance and potential security risk) for new
information and communications technologies that
are under consideration for deployment.