9 minute read
An immutable ledger enables multi-party operations
Advertisement
By Norman Thorlakson
Figure 1: A layered and decentralized cybersecurity enforcement approach is universally applicable across different assets installed at the edge. Image courtesy: Xage Security
The age of digitalization promises accuracy, speed and safety, but to harness these benefits, it is imperative that oil & gas operations implement comprehensive cybersecurity solutions that are legacy-device compatible, scalable, and capable of enforcing roles-based access control policies (RBAC) and multi-party trust.
Oil & gas operations are often spread out geographically and in remote locations –– leaving digital assets to the mercy of the elements, and reliant on the accuracy of operators to calibrate devices, update firmware and maintain accurate records of meter readings (particularly during custody transfer). With many processes dependent on manual input — and using a single password across personnel — transparency and accountability can disappear, resulting in financial loss, settlement disputes and even physical danger that can arise from operations malfunctions.
What’s more, the energy industry is a target for cybercriminals who focus on industrial IT/ OT disruption, including competitive and rogue nations going after rival states, and organized criminals hoping to extract ransomware payments. A variety of threats, including phishing, malware infected devices inside the firewall, and even disgruntled employees, can initiate attacks that result in damage and halts in operation. These threats must be met with comprehensive cybersecurity capable of detecting, identifying and blocking such events, to prevent financial, physical, legal, and business impacts.
Risks to operations
Oil & gas organizations employ a unique operational architecture, and one that is as complex as it is interdependent. Characteristically, this architecture is decentralized — by the sheer quantity and location of geographically disparate devices — and diverse, with assets that span different generations, vendors, types, makes, models, and connectivity means (wired, wireless, serial, RF).
As operations continue to digitalize, it is common for legacy and next-generation technology to work together — exchanging data across channels, under the same firewall and within adjacent domains. These devices require access from various personnel to calibrate systems, deliver maintenance and record data. These devices, once isolated but now connected, present vulnerabilities and entry points for malicious actors seeking access to oil & gas operations.
In an ecosystem where so many different components (data, applications, devices and people) play a role in day-to-day functionality, control is essential. A security system that allows organizations to log all interactions or changes made by internal personnel, block unauthorized access attempts, and tamperproof devices across an ecosystem, creates an invaluable blanket of trust across the entire operation, and between multiple parties in the supply chain.
For example, on a pipeline, commodities are exchanged between supply chain partners that rely on accurate meter reporting. These devices are in near constant use and left out in the field where they are exposed to harsh conditions — requiring frequent recalibration. As a result, it is not uncommon for personnel to override faulty meters and adjust numbers based on assumptions or historical estimations. When this occurs, however, financial settlements can be thrown into question when records undergo an audit. Unverified recording can result in settlement disputes and inaccurate product volumes.
A second example is the refinery, where inputs like feedstocks, electricity from the local
utility and other raw materials are consumed daily. To minimize external operations, refineries will track feedstocks and record meter readings on devices susceptible to inaccurate reporting. These meters are often physically and digitally exposed, lack adequate cybersecurity and require manual record keeping. If a valve is left open, stock records may not account for the isolated loss. If an oil tanker makes a delivery and a receiver is not onsite, there is no cross-check of the shipment details. Mistakes are made, devices are faulty, or people file false paperwork –– so much so that some multinational corporations admit up to 3% of production is lost and unaccounted for as a result of discrepancies during custody transfer. When this happens, the integrity of the delivery record can be put into question, and settlement disputes between supply chain partners can ensue.
Belt/Sheave Laser Alignment System New Green laser delivers these important benefits: ● Reduces Vibration ● Eliminates downtime and productions ● At an affordable price ● Visible indoors and Outdoors ● Brightness great for long distances
1-800-72-SHIMS (1-800-727-4467)
Guaranteed integrity
To put settlement disputes to bed and ensure multiparty accountability, oil & gas operations need to employ comprehensive cybersecurity solutions and strategies that guarantee integrity and clarity across operations. One way to establish accountability and trust is using an immutable ledger, i.e., a record that cannot be changed.
The ability to accurately and definitively record all transactions, adjustments, and access attempts across systems eliminates uncertainty in the case of any supply chain transaction, modification, or (at worst) cyberattack. It is essential that cybersecurity solutions guarantee an immutable ledger to avoid questionable devices, such as meters. Distributed cybersecurity approaches, often underpinned by decentralized blockchain technology, copy records across devices (nodes), creating an irrefutable account of all access, readings and modifications.
In the case of a compromised meter or an unauthorized attempt to change a meter reading, the consensus-based blockchain is self-healing: using the immutable ledger to automatically correct any changes made to the record from a rogue device or user. Further, if a device is compromised, the system isolates that device to prevent system-wide interruptions — another critical capability. This process of automatic synchronization and consistency across assets should be the standard in an industry where marginal errors can result in hefty losses. With an immutable ledger, operational records and the devices they originate from are given integrity and provide immutable records — from wellhead to pipeline operator and/or refinery and beyond.
Decentralized enforcement strategy
A decentralized cybersecurity enforcement approach also offers oil & gas organizations the ability to scale without the increased cybersecurity risk, as is the case with a traditional centralized cybersecurity architecture. The immutable ledger logs all transactions, events, and logins, then automatically copies recorded data across system nodes. Because the cybersecurity system is based on consensus, the addition of assets creates a stronger record and voting system with each device added to the network — in direct opposition to a centralized approach that becomes more vulnerable with more points of entry.
Why this, and why now?
Decentralized cybersecurity enforcement, based on policies that can be defined centrally and automatically replicated to every corner of the operation, is the best fit for new industry challenges related to oil & gas digitalization. Although the increase and expansion of connected digital operations promises accuracy, speed, and safety, it also opens oil & gas operations to new deployment obstacles and vulnerabilities.
In the face of these potential risks, an immutable distributed ledger provides a comprehensive foundation and solution for IT/OT cybersecurity challenges. It offers an irrefutable record that preserves data integrity, enforces RBAC, and safeguards the larger ecosystem for multiparty collaboration and transactions across the supply chain. This spares companies time and money from audits, reporting disputes, operational disruption, trade settlements, compromise of confidential operational data, and any inconsistencies that may otherwise impact the bottom line. The immutable ledger offers a unique solution and gives oil & gas operations the opportunity to reap the benefits of digital transformation to the fullest. OG
Challenge: Telephone companies are discontinuing support or disconnecting analog phone circuits which have been used by oil and gas companies for data transfer for many years. In many cases, they are not offering a replacement solution.
Solution: Private, licensed wireless radios can replace these analog phone circuits. Wireless technology has improved in the past few years and can have very low latencies providing a solution for many Supervisory Control and Data Acquisition (SCADA) circuits including some transfer trip applications.
Result: Implementing wireless solutions before a phone company discontinues support of these circuits can minimize or eliminate downtime for critical data.
Warning! Analog telephone circuits are being discontinued! What are your options?
Summary: As telephone companies discontinue support or even disconnect analog telephone circuits, critical industries that have used these circuits for transmitting mission critical data are facing some formidable challenges. Many of these circuits are in rural locations where it is cost prohibitive for telephone companies to build fiber circuits or replacement of the circuits are not in the telephone companies’ business plan.
For many oil and gas companies, this creates a great challenge as they need the circuits to send critical information or even controls, but there is no longer a wired solution. In the past, many wireless solutions had higher latency than could be tolerated by some control applications. As wireless technology has progressed, wireless solutions are approaching lower latencies and in some cases, private, licensed wireless networks or point to point links can replace these antiquated telephone leased circuits.
In cases of control circuits or mission critical data, it is important to look for a private, licensed wireless solution as public wireless carriers do not typically have the availability, reliability, security, and low latency these circuits require. Unlicensed wireless alternatives are susceptible to interference and may also not meet latency requirements.
By working with manufacturers that provide private, licensed wireless solutions and not waiting until analog leased circuits fails, oil and gas companies can ensure their critical control and data is not compromised.
IIoT READY
Class 1, Div. 2
750 Series XTR:
• eXTReme Vibration: up to 5g acceleration • eXTReme Temperature: from -40 ⁰C to +70 ⁰C • eXTReme Isolation: up to 5 kV impulse voltage • eXTReme Intrinsic Safety: signal acquisition and transmission in Zones 0 and 1 eXTReme Vibration: up to 5g acceleration • eXTReme Temperature: from -40 ⁰C to +70 ⁰C • eXTReme Isolation: up to 5 kV impulse voltage • eXTReme Intrinsic Safety: signal acquisition and transmission in Zones 0 and 1
