Networking technology works, but companies need to know the obstacles in order to avoid snares. Ellen Fussell Policastro reports.
Communications will be of the essence for the Goliat floating production, storage, and offloading vessel (FPSO) once it starts operating in the northern-most portion of the Barents Sea.
Eni Norge, which co-owns the Goliat field with Statoil, leased the Goliat FPSO from Sevan Marine. The cylindrical platform will operate in one of the harshest environmental regions in the world, so it goes without saying reliable operations are vital for the control system.
Rendering of the Goliat FPSO vessel depicted in harsh weather.
Along with a new emergency shutdown, process shutdown, fire and gas detection, and power management systems, the FPSO, which is under construction in a shipyard in South Korea, will receive new telecommunication systems to fully support, manage, and monitor offshore operations from the offshore control room to the onshore remote operation center. The contract contains offshore data networks, wireless coverage to surrounding vessels, an onboard radio system, and more than 20 other subsystems.
Goliat is just one of a growing fleet of offshore platforms across the industry discovering the benefits of wireless connectivity offshore. But there are still concerns about malware and hacker snares.
“The major barrier for firms across the sector remains the perceived risk from inadequate data security,” said Nick Kamen, head of energy and utilities at Vodafone, a multinational telecommunications firm headquartered in London. “The challenge is how to deliver data security within the framework of an open systems-sharing model, while still providing sufficient levels of protection for sensitive and commercially confidential information using third-party devised systems.”
The answer, Kamen said, is to address specific IT system requirements and security needs during the initial analysis and design stages. Despite comments that costs and return on investment posed some risk, the overwhelming message from experienced professionals is improper funding for initiatives is one of the biggest deterrents to success.
Multi-redundancy more reliable
Wireless technology takes on different meanings, depending on its application and location. “Locally, on the offshore platform, wireless is really no different than in a plant,” said Jim Gilsinn, senior investigator at Kenexis in Maryland. The difference comes when using wireless to get from the platform to headquarters onshore. “Long-haul wireless, which is usually light and thin, is tightly controlled,” Gilsinn said. “Because communication is over longer distances, there’s more of a possibility for intrusion.”
Self-healing mesh is only for large-scale deployment of WiFi in a manufacturing environment, which has more access points than normal. “The actual access points talk to each other and determine if there are outages or link failures,” Gilsinn said. “And they can route around those situations.” That’s also the case when dealing with wireless links, and not necessarily going directly to a wired access point. The path could be a wireless access point that connects to another access point, and it’s “meshed” back to the hard-wired infrastructure. “You won’t find that except on the rig itself, yet even mesh on the rig is limited because of limited bandwidth,” Gilsinn said.
WirelessHART (a wireless sensor networking technology based on the highway addressable remote transducer) would be another way to use mesh technology to allow asset management across the network, said Fred Czubba, senior business development manager for the oil and gas industry at Phoenix Contact in Washington.
Communications going back to shore would use long-haul, which requires a license band, where users pay the Federal Communications Commission (FCC) for a certain frequency within a certain range. “Point-to-point is like wire replacement for communication between the offshore oil rig and the onshore control station or network access point,” Gilsinn said. Yet multi-redundant networks are a better option than point-to-point for rig-to-shore communication said Gary Williams, product manager of control and safety for communications and security at Schneider Electric. Wireless mesh is only one type of multi-redundant network.
Here’s how multi-redundancy works. Say you have a ring of multiple platforms; one is going clockwise and one counterclockwise. “The one at 12:00 wants to communicate to the control room at 6:00,” Williams said. It can transmit in either direction. “That’s multi-redundant, but it isn’t mesh.”
Security appliances loaded with a SCADA-specific firewall module protect PLCs, switchgear, and packaged process units.
Authentication, encryption deter attacks
With security being one of the main concerns of asset owners, it’s critical to build a good security system during the network design. One way to do that is to “build in intrusion detection, authentication detection, and encryption,” said Soroush Amidi, manager of product marketing at Honeywell Process Solutions. “Then you’re able to build a safe network, whether it’s in a plant or in the middle of the ocean.”
If you don’t look at the complete architecture from the design point, “all you’re doing is patching,” Czubba said. “Going layer by layer through your architecture up front is more effective, he said, “Otherwise, you’re just filling holes.”
Authentication tools are another way to keep out intruders, asking users to verify their identity. “Most wireless standards have features such as access point broadcasting and service set identifier (SSID). That’s great for ease of use, but horrible for security,” said Dan Schaffer, business development manager for network and security at Phoenix Contact in Pennsylvania. There’s nothing in the standards that stops you from broadcasting your SSID for the whole world to see, and compliance to the standards is not the same thing as security, he said. “You can make uninformed choices and defeat most of the security, encryption, and authentication of your wireless network.”
Whitelisting is another way to help ensure a secure network. “It’s more of an authorization tool than authentication because it allows an authenticated user to perform a known set of authorized actions,” Gilsinn said. Whitelisting works along the lines of known programs can pass through, but if the software is not on the accepted list, then it ends right there. That compares to blacklisting which lets users pinpoint the source of the virus after it’s happened. Until a blacklisting tool knows about a virus, it can’t block it.
Segregation keeps network clear
With the potential for malware or viruses intruding on the network, even accidentally, operators need to make sure their networks remain segregated so operators on the rig can access the web, communicate with family on Skype, and rest assured all that activity is segregated from the control network, said Graham Speake, principal systems architect at Yokogawa. With the use of more sophisticated technology and firewalls, random checks sometimes occur to make sure nothing unusual is getting into the network. But because of limited manpower and the rigs’ remoteness, these checks don’t occur on a regular basis, Speake said. Think of the offshore platform, with its several areas of operation as akin to your house with its several rooms, Schaffer said. “Once someone gets inside your house, maybe through an open window in the kitchen, they have unfettered access to other rooms in your house because you don’t put up significant barriers in between your rooms.“You want to layer your protection and compartmentalize your network so a compromise of one area does not immediately impact other areas,” Schaffer said. “That way you are mitigating your damage, kind of like having locked doors between the rooms of your house, or at least a Rottweiler.”
Stupid human tricks
While attacks and malicious intrusions are a concern in wireless communications, out on the rig itself, malicious intent isn’t quite as problematic. “You’re probably less susceptible to the hacker coming in across the network because it’s difficult to breach the short bandwidth in the middle of the ocean,” Speake said, but it’s easy for people to accidentally cause a problem. It’s kind of like David Letterman’s segment on stupid human tricks, Gilsinn said.
“They could write a password on a sticky note and leave it lying around, or they’ll make their password too easy.” Or people assume the wireless networks are segregated. “They get bored out there, so they plug in their USB sticks and download web sites for personal use or charge their phone,” Speake said. “They aren’t necessarily making phone calls but maybe listening to music, and you don’t know what’s on the phone.” While most oil platforms have a separate line accessing the internet that might not be available for the control room. “But they’ll find ways,” Speake said. “They might hook up a separate wireless hub off of their personal laptop and connect to it from the control room.”
The key to isolating traffic is to think about radio frequency (RF) protection and include only what is really needed. “The onshore link should only be used for things that are absolutely necessary, Gilsinn said. “Email is necessary, but web surfing should be limited. The actual process communication should have a higher priority,” he said. “You should control network flow going through your wireless link, since it’s your sole link from corporate to the outside world.” So while you can never eliminate web traffic, you can limit it in terms of the bandwidth it uses.
Standards as an anchor
Knowing which standard to use with offshore wireless technology isn’t so easy because such a variety of groups developed independently and represent different industries and needs. Some choices include IEEE 802.11 WiFi for use in wireless local area networks (WLANS) or Zigbee or Bluetooth standards for personal area network systems are intended for short-range communication. Yet, as the automation industry is moving to IP-based technologies, some experts are now opting for standards that allow more system flexibility. ANSI/ISA-100.11a-2011, Wireless systems for industrial automation: Process control and related applications, “has tried to go a lot farther than WirelessHART,” Czubba said. “It’s object orientated and designed to support a lot more functionality, such as Foundation Fieldbus, which sees use more offshore than onshore. Plus the standard has a high performance and reliability factor.”
“One great element about ISA-100 is it allows system flexibility and is aligned to IP networking, Amidi said. “A distributed system allows you to have a central hub from which you can get all your data and manage transmitters.”
The standard also allows vendors with big data packets, such as vibration, to use proprietary protocols without having to make changes, Amidi said. They can use the tunneling features of ISA100.
Advanced encryption standards (AES) let you protect data in flight. “AES-256 tells you how big the key is to encrypt and decrypt the data. It’s pretty much unhackable,” Schaffer said. “The 802.11 Internet protocol (IP) standard will support radios as a way to authenticate. But some of the other industrial protocols, such as Bluetooth, which can be used in industrial settings, have weak or nonexistent authentication,” Schaffer said. “You can follow the standards and have a secure system or insecure system based on the choices you make. The standard doesn’t demand you use AES-256 encryption. If you choose not to do that, you’re still following the standards, but you’ve severely weakened your security.” In such a diverse world of standards for wireless and security, the bottom line is you need to think on an all-encompassing level.
Security standard enables defense
The ISA99 control system security standards played a major role in the development of a new architecture for one company operating a platform on the US continental shelf. By using a Defense in Depth network architecture (an information assurance strategy from the US National Security Agency [NSA]) in accordance with ANSI/ISA-99 standards and the Department of Homeland Security guidelines, the new architecture isolated layers of the business and process control network, using routers and firewall appliances to permit only the minimum traffic that was necessary between these layers.
“The concepts of zones and conduits in ISA-99 (now IEC 62443) are critical to any communications, whether wired or wireless, because these models give you the ability to divide your platform into security zones so you can tailor your defenses to specific areas as well as security capabilities and needs,” said Eric Byres, CTO of Tofino Security. The case above is a prime example of using ISA/IEC 62443 zone and conduits with security products, Byres said. “The firewalls give engineers the ability to control what traffic flows into a zone (see graphic), and sends out alarms when it notices suspicious traffic.”
Benefits over risks
As users become more educated about the potential for wireless communication offshore and the savings it represents, experts believe they will realize benefits over risks. Even though wireless today sees use mainly for monitoring and reporting and not control, because of security and reliability concerns, in the next five years we will start to see more comfort and use of control in noncritical areas.
Today’s use of real-time wireless communication for safety uses should help spur on acceptance. In an emergency, wireless devices can help operators know who’s made it to the lifeboats and who hasn’t. One helpful tool is as a card helicopter passengers swipe to ensure they’re compliant with regulations before boarding the rig. When a person gets off the helicopter, he gets tagged. “We can monitor personnel to find out which floor of the platform they’re on. In case of emergency, when somebody has to initiate a rescue, you don’t want people searching the platform to find those individuals.”
With so many older platforms needing upgrades, wireless will see more use, and more checks will be in place, ensuring devices only connect to other devices, and flagging those from a separate access point, Speake said.
Today’s technology will only get more sophisticated as time goes on. The way new engineers interact with technology is quickly evolving, with technologies such as a touch screens instead of a mouse and monitor. Today’s workforce has to interact differently and come up to speed a lot faster. In addition to firewalls and levels of encryption, the industry is seeing more use of retina and finger-print recognition and digital video.
There are applications and efficiencies the industry has not seen yet. That is why it is just scratching the tip of the automation-networking iceberg.
Security, funding predict digital oilfield’s future
Vodafone, and Huawei, a Chinese networking and telecommunications equipment and services firm, surveyed 120 industry leaders across the globe, revealing an overall positive outlook about wireless communications in securing operations offshore.
In the survey, 75% of companies said they use wireless technology for communications. Only 33% of respondents reported no experience with a digital oilfield trial. Just over 33% regarded digital oilfields as a way to improve production economics and 66% believed the digital oilfield to be important relative to other strategic business initiatives.
Regarding investments and priorities, 52% said their individual spending would exceed US$10 million, 26% would exceed $30 million, and 11% would exceed $100 million. In order of priorities for investment, security of data and information ranked first, followed by security of people, premises, and physical assets, data collection, data sharing, and finally monitoring and control of maintenance.
Just over 50% reported a concern with the inevitable security surrounding IT and systems, and 75% acknowledged cultural concerns and the internal readiness to adopt automation and wireless technology. Only 33% said they were culturally prepared to adapt to the needs of the digital oilfield. Just under 66% agreed a lack of knowledge of the digital oilfield is hindering cross-industry adoption.