Chapter 10. Oil and Gas

Oil and gas are among the most critical resources used in modern society. Almost every aspect of modern life, from transportation systems to the supply of plastics, relies on the availability of these commodities. Today, the major focus of oil and gas companies is on ways to reduce cost, improve efficiency and speed, and get more from existing investments. Among the most important key performance indicators (KPIs) of the industry include controlling production costs and improving the overall health and safety of hazardous environments.

This is an industry where an increasing number of cyber attacks is compromising security and generating losses. This is occurring in a context where profound technological evolutions are disrupting traditional ways of working and driving rapid changes in productivity. The unprecedented growth of data, advance analytics, increased automation, and connectivity are fundamentally bringing a paradigm shift in how and where work is achieved.

As with other industries, oil and gas companies are using IoT for a wide variety of applications, including the following:

Monitoring the status or behavior of industrial devices in order to provide visibility and control

Optimizing processes and resource use

Improving business decision making

This chapter explores IoT in oil and gas and how digitization is a disruptive force in this industry. It looks at use cases and innovative architectures that are being used to digitize this industry. This chapter includes the following sections:

An Introduction to the Oil and Gas Industry: The section opens by defining oil and gas and then describes the value chain as well as key market players in this industry. This chapter looks at the oil and gas industry’s well-understood vulnerability to price fluctuations as well as the most important industry trends and associated impacts and the opportunities they represent for IoT.

Industry Key Challenges as Digitization Drivers: This section illustrates the challenges the oil and gas industry is facing, some of them influenced by global economic conditions, as well as how new technologies are disrupting older ways of doing things.

Improving Operational Efficiency: This section examines key operational efficiency considerations, use cases, and technologies used in oil and gas IoT systems.

IoT Architectures for Oil and Gas: This section examines key security considerations, use cases, and technologies in the oil and gas industry, as well as how they can be addressed with the correct design methodology.

Conventional oil and natural gas are found in pools in which wells can be drilled so that oil and natural gas flow naturally or can be pumped to the surface. Conventional oil and gas are found in sandstone that can be extracted using traditional methods. The oil and gas resources are usually from another formation but move into the sandstone and are trapped by an impermeable cap rock. Conventional petroleum resources are extracted using traditional methods of drilling through the cap rock and allowing the petroleum to flow up the well, as illustrated in the Figure 10-1.

Unconventional oil and natural gas do not flow naturally through the rock, and they are therefore much more difficult to extract. They usually require extensive well fields and surface infrastructure due to low permeability and porosity. They are produced or extracted using special techniques such as fracking, which is the process of injecting liquid at very high pressure into subterranean rocks in order to force open existing fissures and extract oil or gas.

Oil has various compositions and types, such as rock oil, mineral oil, and crude oil, and is usually classified based on its density, viscosity, and sulfur content. Some examples of oil classification include the following (refer to Figure 10-1):

Tight oils: Tight oils are liquid hydrocarbons contained in reservoirs with very low porosity and equally low permeability.

Heavy and extra-heavy oils: These resources are referred to as heavy because of their high density and viscosity, which make it impossible for them to be extracted in the traditional way.

Oil sands: These deposits are made up of sand and tar mixed together.

Oil shales: Shales are a source rock that has not yet been transformed into hydrocarbon and needs to be heated to be recovered.

Shale oil: With shale oil, the source rock is sufficiently far below the surface that the organic material it contains has been transformed into liquid hydrocarbons. However, as a result of its very low porosity and impermeability, these liquid hydrocarbons remain trapped in the source rock. The extraction of these trapped liquid hydrocarbons requires the use of horizontal drilling and hydraulic fracturing techniques to artificially increase the permeability of the rock.

The following are four elements that must exist for oil and gas to accumulate in “economic” quantities:

A source rock is needed to generate the hydrocarbons.

A suitable reservoir is needed to bear the hydrocarbons.

A trap with a seal is needed to contain the hydrocarbons.

All three elements must occur within a dynamic system where they can interact.

Figure 10-2 illustrates these four elements.

Unlike oil, gas has very low density and viscosity, and it cannot be transported at normal temperature and pressure conditions. Raw natural gas from a well consists of methane as well as many other smaller fractions of heavier hydrocarbons and various other components, such as the following:

Ethane

Propane

Butane

Alkenes

Acid gases

Nitrogen

Helium

Water

Trace pollutants

Natural gas is characterized in several ways, depending on the composition of these components, into the following basic categories:

Wet gas: Raw gas with a methane content less than 85%

Dry gas: Raw or treated natural gas that contains less than 15 liters of condensate per 1000 standard cubic meter

Sour gas: Raw gas with a content of more than 5.7 mg hydrogen sulfide (H₂S) per standard cubic meter

Acid gas: Gas with a high content of acidic gases, such as hydrogen sulfide

Condensate: A mixture of hydrocarbons and other chemical components

Raw gas is processed into various products, including the following:

Natural gas: Typically 90% methane, with 10% other light alkenes

Natural gas liquids (NGL): Processed purified product that serves as a raw material for the petrochemical industry

Liquefied petroleum gas (LPG): Propane or butane or a mixture of these gases that has been compressed to liquid at normal temperature

Liquefied natural gas (LNG): Natural gas that is refrigerated and liquefied at below −162°C for storage and transport

Compressed natural gas (CNG): Natural gas that is compressed to less than 1% of volume at atmospheric pressure

Upstream segment: This segment is focused on operations related to exploration, capital project development, and production of crude oil and natural gas. In the case of offshore rigs, shipping is also considered. Exploration includes prospecting, seismic, and drilling activities that take place before the development of a field.

Midstream segment: This segment is focused on operations related to process (gas), transport (pipeline, tanker/barge, truck, and rail), and storage of oil and gas. It is where oil and condensates are processed into products with defined specifications such as gasoline or diesel. This segment is where the fundamental differences between oil and gas impact the cost of transport and storage. Pipeline installations consist of driving compressors and pumps, valve stations, and pig receive and launch facilities. In order to control and operate the pipeline, a SCADA system and pipeline management system are also required. (SCADA is introduced in Chapter 6, “Application Protocols for IoT.”) Transporting gas and oil is thus a complex and expensive process.

Downstream segment: This segment is focused on operations related to refining, marketing, distribution, and commercialization. It is important to note that in this segment, the success of a modern refinery depends on economies of scale and the ability to process a wide range of crudes into the maximum quantity of high-value fuels and feedstock.

Low-carbon climate policies are creating a resource-abundant world. Renewable energy technologies, a critical element of the low-carbon pillar of global energy supply, are rapidly gaining ground, aided by global subsidies and climate policies. In many parts of the world, this trend has had the effect of reducing demand for conventional primary energy sources, including oil, gas, and coal.

In January 2014, the European Commission proposed a climate and energy policy framework goal for the European Union for 2030. Its centerpiece is the goal to reduce greenhouse gas emissions by 40% below 1990 levels and to reduce emissions by at least 80% by 2050. If these targets are to be met, renewable energy resources need to play a major role.

Figure 10-4 shows the EU’s projected demand in million tons of oil equivalent (Mtoe) for primary energies from 1990 to 2040 (the ton of oil equivalent is a unit of energy defined as the amount of energy released by burning 1 ton of crude oil). Notice that the demand for cleaner primary energies is expected to grow, whereas the demand for more polluting ones (coal, oil, and so on) is projected to decrease.

Figure 10-5 shows the percentage of primary energy lost (coal source in this case) from production to final consumption. In this example, the energy required to power a light bulb results in almost 98% loss of energy through the cost of production and transmission. This model is clearly inefficient and ripe for improvements through technology.

Energy markets are notoriously volatile, often because of the imbalance between energy supply and demand. Many of the oil-producing countries have been pumping out oil at record levels, leading to low global energy prices. This situation has resulted in a significant focus on cost, efficiency, and speed, with oil and gas firms striving to get more from their existing investments and resisting new ones.

Another trend is the production of shale gas and, in particular, technological breakthroughs in fracking that have led to significant production increases in recent years. The relatively low production costs and ease of entry for smaller producers has meant an easy path to production ramp-up or decrease in response to the slightest market dynamic changes, thus causing further instability.

Other trends related to the use of technology have emerged and are influencing the industry as a whole. For example, the enhanced connectivity offered by technology has meant an increase in the number of cyber attacks in this sector. A serious cyber attack can result in significant financial losses and can impact operations. Along with the adoption of IoT technologies, the amount of available data has also increased significantly. Combined with the power of data analytics, this has helped improve the accuracy and efficiency of oil and gas exploration activities. The improved availability of data also means company executives are able to make better-informed decisions much more quickly than in the past.

This section addresses a series of challenges by category and establishes a mapping with the underlying digitization requirement. In its 2014 report Top 10 Technology Trends Impacting the Oil and Gas Industry in 2014,¹ Gartner identified the following key digitization trends:

Advanced analytics and modeling (business asset planning and optimization)

Big data (business asset planning and optimization)

IT/OT convergence (digital oil fields)

Smart machines (digital oil fields)

Extended infrastructure (digital oil fields)

Mobility (intuitive workflow)

Upstream modeling suites (intuitive workflow)

Collaboration (intuitive workflow)

Cloud (oil and gas business systems)

Asset performance management (oil and gas business systems)

In Table 10-1, notice how these digitization trends are mapped to specific IoT capabilities. The oil and gas industry’s main challenges can be organized into three main categories:

Operational efficiency and cost reductions

Security

Faster and better decision making

These categories can be split into subcategories and mapped to corresponding digitization requirements, as shown in Table 10-1.

The challenges listed in Table 10-1 have forced the industry to adopt new technologies that have brought improvements in the areas of safety, downtime, efficiency, environmental protection, and asset integrity. Figure 10-6 illustrates these value propositions in the oil and gas industry.

IoT and digitization are bringing about significant improvements in the oil and gas industry, including the following:

Enabling feasible data acquisition: Cost-effective and pervasive communication technologies such as industrial Wi-Fi, LTE, and LoRa are enabling the industry to acquire data from certain assets either for the first time or in real time. This, in turn, enables entirely new decision-making capability.

Driving cost savings throughout the value chain—upstream, midstream, and downstream: Cost savings can be achieved by utilizing digital convergence of IT and OT to eliminate silos in the business and reengineering operations to deliver reduced costs, increased production efficiencies, and improved utilization of existing assets.

Increasing agility and risk mitigation: Analytics can be used to convert real-time data created by the IoT infrastructure into predictive and actionable insights that facilitate faster and better decisions, increased worker safety, and improved cybersecurity.

Improving productivity and bridging the oncoming talent gap: Productivity can be improved by leveraging both IoT and collaboration systems to extend scarce expertise to remote locations, deliver real-time information to the right teams at the right time, and provide an effective mechanism to attract and train the next generation of workers.

Enabling profitable growth: Growth can be achieved by transforming business processes through IoT. Thanks to the increased productivity through operational excellence and the ability to better leverage existing assets (hence extending their lives), oil and gas companies can improve their bottom line.

Well-defined business outcomes are critical because oil and gas margins are very thin. Therefore, operators require a compelling business case for technological investments. Technologies that help extend the life of current assets or improve their uptime and efficiency are getting the greatest prioritization. Forward-looking oil and gas companies believe that today’s turbulent market landscape provides an opportunity to gain a competitive advantage by harnessing new technologies.

The largest driver of IoT value for an oil and gas firm relies heavily on asset monitoring and data management capabilities to gather accurate and timely information from the field of operations. Value also comes from the ability to perform automatic analyses, diagnostics, and optimization in real time. This implies the need to integrate data from multiple sources, automate the collection of data, and analyze data quickly so that actionable insights can be identified.

The second area of IoT value generation comes from advanced sensors, machine-to-machine connections, and big data analytics that help the company anticipate equipment failures and maintenance requirements, thus minimizing downtime.

Digital transformation is not an easy journey for any oil or gas company, and some obstacles should be foreseen, such as the complexity of integrating old and new technologies. For example, most new technologies take advantage of IP, but many legacy technologies are not capable of this. Other challenges include the following:

The need to automate the extraction of insights and quickly determine—and execute—resulting actions

The increasing volume of data produced by devices on pipelines, refineries, oil wells, and so on

Expanded security vulnerabilities

Siloed networks and departments

Figure 10-7 provides a view of some capabilities that can help mitigate these obstacles and demonstrates the increased business value of each as time goes by. IoT is at the core of each of them.

Operational efficiency in the context of cost reduction

Security of operations in the context of increased industrial cyber attacks

Faster and better decision making

As discussed earlier, the value chain of the oil and gas industry has the three main sectors: upstream, midstream, and downstream. These three sectors share similar challenges in their operational flow. IoT can help address them in a variety of different use cases.

In a process control network (PCN), automation equipment is attached to a network (typically a combination of hardware and software) that has command and control responsibility for critical infrastructure, such as refineries, oil and gas pipelines, nuclear plants, and many others.

The PCN automation equipment (and its associated components) form a control system known as an industrial control network (ICN). ICNs monitor physical processes that perform a variety of functions in a production environment, including control, protection, safety, and situational awareness.

Examples of control systems are supervisory control and data acquisition (SCADA) and distributed control systems (DCSs). Some of the functions they perform include pipeline operations such as remotely controlling valves along a pipeline (closing or opening them as required) and monitoring the operations of pumps that are used to move the product along a pipeline.

As ICNs have evolved over time, from standalone isolated entities into more connected networks, they have also brought with them elements of technology that have been adopted by IT networks. In addition, OT staff have recognized the need to access IT systems. This convergence of IT and OT is a common challenge being faced by most industries adopting IoT architectures, and it requires both OT and IT to have communication interfaces that allow mutual access and the exchange of information between systems.

The interaction of these components in such a complex system requires a framework to define the flow of communication between components, which are dependent on the functions they perform in the process. A well-known framework used by many industries today is the Purdue Model for Control Hierarchy. This model is briefly introduced in Chapter 2 and applied specifically to the manufacturing industry in Chapter 9. In this chapter we look at how the Purdue Model for Control Hierarchy can be adapted to IoT for the oil and gas industry.

The Purdue Model for Control Hierarchy has three main components: facilities, people, and control and information systems. Within the control and information systems component are levels that define and further separate the various areas in the OT (control systems) and IT (information systems) of an enterprise or organization (see Figure 10-8). These levels are specifically referenced throughout this chapter in relation to oil and gas use cases.

Levels 0–2 represent batch, continuous, and discrete control; Level 3 is where we find the manufacturing operations and control; and Levels 4 and above are where business planning and logistics reside.

The Purdue Model for Control Hierarchy is also used to define the hierarchy and the objects in the ISA99/IEC-62443 standards that define cybersecurity.

Looking at the levels in more detail, you can see that the functionality they provide to devices has been layered in a way that describes the information flow from bottom to top as far as process control is concerned. The levels of the model can be divided into three separate groups:

Operational levels (Levels 0–3): Level 0 is where you can find the “things” of IoT, such as sensors, motors, actuators, and instrumentation. Level 1 is where the programmable logic controllers (PLCs) in a refinery can be found, as well as remote terminal units (RTUs) used for SCADA management on a pipeline, and control processors. These devices are responsible for programming or extracting readings from the Level 0 devices, which are at the production/process level. Level 2 is where engineering workstations or data historians reside; they are responsible for logging, collecting, and populating the databases that keep a history of process data. Level 3 is where the human-machine interface (HMI) devices operate; servers run software that provides a graphical user interface to represent processes and their operations, readings of sensors, and specified thresholds that help monitor a process, display alerts, and so on.

Business levels (Levels 4 and 5): These are the levels where the traditional IT systems are located, including file and print servers, corporate email applications, HR systems, and so on, as well as the corporate Internet connection or VPN access to the enterprise network.

Demilitarized zone (DMZ): The DMZ, also referred to as Level 3.5, is the zone that separates the OT and IT domains. The systems and applications that typically reside in the DMZ are remote access solutions, antivirus and patch management servers, reporting dashboard applications, and so on.

In an effort to drive down costs and increase efficiency, IoT architectures need to be tailored to different use cases in key oil and gas sectors, including the connected refinery, the connected oil field, and the connected pipeline. These use cases illustrate how technology can be adopted within the operational workflow of the oil and gas industry in order to optimize productivity, reduce cost, and help make the operational decision process swifter and better informed.

An oil field is an area, either onshore or offshore, where a number of wells extract crude oil below ground or from the seabed. Typically, offshore oil fields are located in remote areas or in the middle of the sea, making them difficult to access and communicate with. As a result, the need for a robust but self-contained communications infrastructure is critical. The offshore oil rig’s infrastructure needs to support situational awareness for the operation of the drilling system, communications with head office locations, and health, safety, and environmental monitoring systems, just to name a few. Also, because the personnel working at the oil field are living on the premises for extended periods of time, communications for entertainment and social media purposes are also required.

Due to the remote and isolated nature of oil fields, much of their communications infrastructure is based on wireless technology.

Long distances and large geographic area of coverage: Pipelines can be very long. For example, the current world record holder for longest gas pipeline spans China east–west, and its longest segment is 9100 km.

Harsh environments: Pipelines can span great distances underwater, through deserts, over mountains, and in other inhospitable environments.

Isolation from general infrastructure: Pipelines are often far away from major roads or highways, which makes communicating with sensors and instrumentation on the pipeline a challenge.

Leaks: Oil and gas pipelines carry highly flammable content. It is important to have the ability to detect leaks along the pipeline length so that fires, explosions, and contamination of the surrounding area can be avoided.

Earthquakes and landslides: Landslides and earthquakes can affect the integrity of a pipeline, so a pipeline must be monitored for seismic activity.

Theft and vandalism: Theft and vandalism are becoming commonplace along pipelines, with thieves tapping into pipelines and extracting product. Other than the obvious financial implications, there are also risks associated with theft and vandalism that can cause significant damage to the environment and infrastructure.

Figure 10-10 illustrates some common IoT use cases for the connected pipeline.

The guiding principle in implementing any of these use cases is to ensure that a connected pipeline communication network supports the following characteristics:

High availability and redundancy

Multilevel security (both cyber and physical)

Adherence to open standards

Multiservice support (for both the control room and the operational network using the connected pipeline communications network)

Figure 10-11 highlights some of the common IoT use cases in a modern oil or gas refinery.

Refineries are workplaces for permanent staff as well as external companies and contractors that work on a variety of tasks around a plant. Process control operators ensure that refinery processes are working as expected; they monitor and optimize the processes where appropriate. Refineries also include maintenance staff who keep the refinery equipment in good working order and perform repairs when needed. All these systems and people are kept working in an effective, efficient, and safe manner through the implementation of control, safety, and management systems. These systems require communications systems that are fast and reliable.

The architecture is built using the different systems of the refinery infrastructure, following the ISA99/IEC-62443 standard, which is based on the Purdue Model for Control Hierarchy. These systems could be divided into three main categories: control room networks, wired networks, and wireless networks.

Distributed control systems: Distributed control systems are deployed throughout a plant using autonomous controllers, and their operational control is performed centrally.

Physical security: This includes video surveillance/CCTV systems, access control systems, and so on.

Centralized wireless management: This category describes software applications used for managing wireless networks deployed in the plant, such as network management applications, asset and people location-based services, and so on.

Security and access services: Because the control room is the point of connection between the refinery and the outside world, networks and services here typically require intrusion detection and prevention systems and firewalls.

Wired process control: Wired process control networks support the process control equipment, including the sensors, controllers, and instrumentation used to monitor and optimize production processes.

Wired safety critical: Safety-critical systems, as the name implies, are systems that are responsible for normal or emergency shutdown or are operating specific critical functions of the production process.

Wired energy management: These systems are responsible for energy integration at the production facility.

Wired multiservice: This category includes systems that are providing collaboration or physical security, and the technologies that are typically used are voice and video.

Wireless multiservice: These networks, including IEEE 802.11/Wi-Fi, LTE, and so on, provide the platform for wireless connectivity to a number of multiprotocol devices.

Wireless process control: These networks typically feature deterministic IEEE 802.15.4 devices (such as ISA100.11a or WirelessHART).

These two types of industrial wireless networks can be combined into a unified architecture, as discussed later in this chapter.

However, with mesh networks, an AP only needs to be powered, and it forms a wireless backhaul connection with other APs. With 802.11 mesh, once the initial infrastructure has been deployed, it is relatively simple to extend its coverage by adding extra access points. For further details on 802.11 wireless mesh, see Chapter 14, “Mining.”

Figure 10-13 shows an example of a WFN mesh architecture. At the field level, a mesh of sensors have been deployed to measure and provide readings to the PCN applications at the control network. The sensors are communicating with the sensor gateways, which are responsible for performing protocol translation from 802.15.4 (WirelessHART, ISA100.11, and so on) to IP.

The sensor gateway then communicates with the wireless network infrastructure, which is responsible for forwarding traffic upstream, where the applications that are consuming and reporting on the sensor data reside. The same wireless LAN infrastructure can be used in parallel to provide a variety of other use cases, such as voice and location services.

WFN mesh networks are often based on (but can vary from) industry-standard IEEE 802.15.4 wireless network technology, which in turn forms the foundation for several other wireless standards, including WirelessHART (IEC-62591) and ISA100.11a.

IEEE 802.15.4–based sensors can supply important process control information, such as gas flow through a pipeline, temperature of a flare in a refinery, level of a kerosene tank, or vibration of a compressor. These types of deterministic networks are also used to control pumps and motors in a very predictable way—something that contention-based Wi-Fi is not able to accomplish.

To deploy a deterministic wireless network built on 802.15.4, several components are required, including the following:

A wireless sensor gateway, which provides the interconnection between the wireless field network and control systems

Network controllers to provide orchestration of the wireless field network(s)

Protocol gateways to translate between protocol stacks implemented within the wireless field network and PLCs

WirelessHART and ISA100.11a wireless field instruments operate at ISA95 Level 0 in an industrial network. Both WirelessHART and ISA100.11a implement the IEEE 802.15.4 radio protocols, operating at 2.4 gigahertz (GHz). The radios employ direct sequence spread spectrum (DSSS) technology and channel hopping for communication security and reliability, as well as time division multiple access (TDMA) to ensure latency-controlled communications between devices on the network.

802.15.4-based networks are favorable in process control networks because they are deterministic. This means that all devices are time-synchronized and communicate in predefined, prescheduled, fixed time slots. These time slots are grouped together in superframes, which are repeated according to a specified rate. The advantage is that a latency-sensitive control system does not have to deal with congestion on the air and wait to transmit its frame. When the controller says it’s time to transmit, the system does so without any delay.

Deterministic control of wireless access has a major impact on reliability. For example, WirelessHART is capable of providing end-to-end reliability of 99.9% in industrial process environments.² This is achieved through the use of channel hopping and self-healing capabilities of the mesh network. When paths deteriorate or become obstructed, the network takes action to conduct auto-repair and finds alternative paths around the obstacle(s) blocking the path.

WFN technologies operate in the 2.4 GHz ISM “unlicensed” public-use spectrum. These systems must share the same RF spectrum with other wireless systems, such as Wi-Fi, DECT, Bluetooth, and Ultra Wideband (UWB), and they are subject to interference from other devices that emit in the 2.4 GHz spectrum (for example, microwave ovens, USB 3.0 devices and cables, car alarms). However, the deterministic mechanisms used by WirelessHART and ISA100.11 greatly help in minimizing the impact of interference, frequency hopping, multipath mesh routing, channel whitelisting/blacklisting, and other factors that can impact wireless field network performance and reliability.

Because the applications that use these types of networks require only minimal bandwidth but at the same time demand predictable low-latency communications, WirelessHART- and ISA100.11-based systems are more appropriate for control systems than Wi-Fi or equivalent systems. The typical maximum bandwidth that 802.15.4 networks deliver is about 250 Kbps, which is very slow compared to the newest Wi-Fi standards. However, the trade-off with lower bandwidth is greater range, which is one of the benefits of these types of systems.

WirelessHART and ISA100.11a gateways operate at Level 1 in an industrial network (refer to Figure 10-8). Wireless field networks must be connected to the LAN to provide communications between wireless sensor/control devices, ISA95 control systems (such as PLCs), and wireless sensor network control systems.

WFN-to-wired infrastructure communications occur via wireless field network gateways. Wireless field network gateways translate wireless sensor protocols (such as ISA100.11 and WirelessHART) into LAN-routable protocol suites that are suitable for communicating with PLCs.

Wireless field networks can also be dual-homed (that is, two wireless sensor gateways for each wireless field network) to LAN access switches via Ethernet, providing alternate-path homing for all wireless field network devices. When dual-homing wireless field networks, each wireless sensor gateway must connect to separate LAN access switches that are in turn connected to separate LAN distribution switches, ensuring dual network paths for wireless field network devices.

Depending on the vendor product implementation, WFN device-to-PLC communications may occur in one of three ways:

Wireless field network gateways may connect directly with PLC Ethernet ports for control traffic. In this deployment mode, wireless field network gateways are connected directly to PLC Ethernet ports.

Wireless field network gateways may be integrated with dual wireless radio access systems (for example, WirelessHART and IEEE 802.11) combined in a single wireless access point. In this deployment configuration, the dual-technology wireless access point must present an IEEE 802.1Q VLAN tagged Ethernet port to a LAN access switch. Traffic destined for IEEE 802.11 wireless LAN controllers (CAPWAP tunnels; see RFC 5415) flows over one VLAN to the central wireless LAN controller, and wireless sensor communications flow over a separate VLAN in the terminating port LAN access switch to a directly connected PLC control Ethernet port. An alternative variation would be for the dual-technology wireless access point to present two physical Ethernet ports—one for connection to a port LAN access switch for traffic destined for IEEE 802.11 wireless LAN controllers and a separate Ethernet port for connection to a controlling PLC. Figure 10-14 illustrates a combined Wi-Fi with ISA100.11 network in a refinery. In this example, ISA100.11 is used to establish a control loop between sensors and actuators, and the same APs also offer Wi-Fi mesh services at the facility.

Some wireless field network vendors require wireless field network devices controlling PLC traffic to pass through protocol converters (such as an ISA100.11a IPv6-to-IPv4 protocol conversion). The resulting protocol-converted communications flows are then forwarded through intrusion detection and firewall functions before being forwarded across IEEE 802.1Q trunks to a VLAN on access switches and then finally to the controlling PLC via a PLC control Ethernet port.

The combination of portable operator technology (such as tablets, laptops, smart phones, or wearables) that can be used in hazardous areas together with ubiquitous Wi-Fi coverage significantly helps optimize the productivity of the PCN operator. For example, with seamless Wi-Fi coverage, the PCN operator has access to work orders, schematics, and operational manuals from anywhere in the facility.

During the turnaround, plant employees, equipment vendors, and external contractors work on high-risk and complex activities around the clock to try to get the plant in operation as quickly as possible and without any HSE (health, safety, and environment) incidents. Depending on the size of the turnaround, there could be thousands of workers present at the height of activities.

Traditionally, turnarounds have been a two-way a process, with engineers working on tasks around the plant communicating back to a central engineer via radio, and the engineer providing support and signoff for tasks. Deploying a wireless infrastructure and providing workers with tools and processes for independent and remote work saves time and money. Wireless mobility technologies allow engineering tools and applications for job tasks to be linked directly to central workflow and completion tools.

In addition, the majority of workers who are brought in for a turnaround are often unfamiliar with the site, permitting processes, and so on; as a result, productivity suffers, and HSE risk factors increase dramatically. Using industrial pervasive wireless, combined with enterprise data sources such as project work scopes, HR data, gate access control data, and worker information, productivity can be tracked and optimized in real time rather than after project completion. Location tracking of people and equipment can be monitored, managed, and adjusted in real time. Electronic permitting and equipment tracking can also be enabled, and human performance factors such as fatigue monitoring can be analyzed and acted upon.

Plant turnaround use cases help to greatly speed up completion, workflow, activity records, safety, and compliance.

Leveraging video, voice, and collaboration technologies to connect onsite plant workers with remote experts across an optimized communications infrastructure makes expertise available on demand. Experienced operators and staff members with specific skills are able to instantly help with support tasks, training, and emergencies, regardless of their location, and they can be instantly connected to control room or onsite workers.

This creates a centralized pool of specialists available when they are needed to consult, guide, and advise. To comply with risk management and regulations, all aspects of the interaction can be captured on a timeline via digital voice, video, and messaging recordings. These recordings can then also be used as training tools.

Hydrogen sulfide (H₂S), sulfur dioxide (SO₂), and volatile organic compound (VOC) leaks may happen due to pipe failures, tank leaks, faulty equipment, and spills during transportation. Such events can have catastrophic effects, both in terms of the environment and loss of life. For example, during the Deepwater Horizon oil spill in May 2010, 11 people lost their lives, and 4.9 million barrels of crude oil were spilled into the Gulf of Mexico. As another example, in the Bhophal disaster at the UCIL plant in India in December 1984, an accident that caused a gas leak at the plant led to more than half a million people being exposed to toxic gas; the death toll exceeded 2000 people, and many thousands more suffered severe injuries.

In addition, trips, falls, and injuries due to falling or moving objects are common risks to employee safety. Being able to monitor fixed locations for gas leaks and liquid spills and also monitor mobile workers for potential exposure to leaks is an essential safety function. Being able to quickly detect and isolate hazardous areas saves lives and helps meet regulatory compliance. In addition, having a precise understanding of the physical locations of employees around the plant helps ensure that those impacted in the leak zone are identified and evacuated and others outside the zone are prevented from entering.

Fixed wireless gas sensors can be installed in key locations where leaks are potential hazards, and workers can be provided with portable gas detectors that communicate across the wireless infrastructure. Location tracking of employees can be achieved via RFID tags either integrated into a device like the gas detector or a mobile handset or via a separate locator tag. Both fixed and wireless sensors can be overlaid on a map of the plant for real-time visibility, and information can be backhauled across the wireless infrastructure to a centralized control room.

For worker-down scenarios, it is possible to leverage an accelerometer in a mobile device or tag to quickly detect personnel who are downed due to trips or falls. Information can be sent back to a central monitoring location and can even be tied into live video feeds from the mobile device to show whether it is a real incident or perhaps just a dropped device. Again, information is sent across the wireless infrastructure.

Quickly and efficiently locating valuable assets and key personnel

Improving productivity via effective asset and personnel allocation

Increasing personnel safety via portable gas detectors and sensors, as well as worker-down indicators

Reducing theft loss due to unauthorized removal of assets from company premises

Coordinating Wi-Fi device location with security policy enforcement and determining the locations of rogue devices

Monitoring the health and status of key assets in their environment and receiving prompt notification of changes

Managing the locations of key assets and personnel throughout a plant is key to improving operational efficiency. By tagging equipment, vehicles, and containers with active RFID tags and deploying portable gas detectors and sensors across the infrastructure, a plant can greatly enhance its operational efficiency, employee safety, and regulatory compliance.

It was believed that this air-gap separation protected against cyber attacks, which presumably originated outside the network. (This was obviously not applicable to legacy serial SCADA systems which are totally isolated.) In addition, little was done to defeat cyber attacks that may have already breached the separation, as the deployed systems were not systematically updated with the latest antivirus signatures and did not have their operating systems patched against known vulnerabilities.

Thanks to the rapid growth of Ethernet and IP technologies in recent years, this air-gap model is clearly no longer viable. As oil and gas companies continue to adopt new technologies and new use cases, new and diverse devices are being connected to converged networks. This brings with it the potential challenge of a wider set of security attack challenges (intentional, unintentional, external, and internal), and companies need to broaden their response beyond mere physical segmentation, often called “security by obscurity.”

Physical separation did not help prevent Stuxnet, and similar attacks have proven that even the most segregated networks can be vulnerable through local access by malware introduced on USB flash drives. Furthermore, the need for better information flow and decision making requires the interconnection of industrial networks with systems and data applications. Reporting, compliance monitoring, and controlling the status of the systems deployed in the PCN environment can provide necessary insights into the level of risk and exposure of the OT environment at any given time.

Cost savings are an equally important driver, along with improved monitoring and the ability to facilitate business agility via secure, flexible, and standardized platforms. The ability to safely update operating systems and AV signatures instead of employing an army of field technicians moving between locations and using fixed media can significantly lower operational expenses. All these developments have raised the importance of cybersecurity, making it one of the top priorities for many CIOs in the oil and gas industry.

A risk control framework is used for PCNs to better secure critical OT systems. This framework maps a set of practices and controls to combat the most significant attack vectors in the PCN. These controls and practices are illustrated in Figure 10-15.

Using the risk control framework, a more robust layered security paradigm is possible. This paradigm seeks to enable systems connectivity while also ensuring that connectivity is handled securely and limits an attacker’s ability to exploit systems.

The main areas that the risk control framework addresses are categorized as five main pillars:

Organize: As part of the planning phase, policies and processes need to be established and followed throughout the lifecycle of a network or system, with necessary levels of dashboards and reports complementing them. The inventory of components comprising various systems needs to be accurate and detailed.

Harden: This pillar involves the implementation of network segmentation, which separates IT and OT environments and controls the communication flow between them. System patching, AV protection, and portable media security ensure protection against known threats, while physical security prevents access to equipment from unauthorized individuals.

Detect: This is part of the monitor phase, during which you look for any anomalous behavior within the PCN and identify controls for the detection of malware or other security threats.

Defend: The areas included in this pillar ensure that there is sufficient collection of forensic data, which can be analyzed to determine threats and the responses to them.

Respond: The last pillar is responsible for ensuring that the necessary hygiene is in place, with the right backup and restore policies and disaster recovery implemented.

The risk control framework for PCNs is a new paradigm that provides defense-in-depth measures to organize, block, collect, defend, detect, and respond to cybersecurity threats. Because process control network equipment stays in the field for years, this paradigm must address existing equipment as well as new systems.

In order to support this objective, a number of detailed requirements needs to be met. These specific requirements are designed to do the following:

Maintain a centralized solution for the monitoring, management, and reporting of the compliance status of equipment in the field

Provide a simplified, standardized solution across businesses

Introduce a superior level of flexibility and agility into the environment

Maintain a level of operational security deemed acceptable by the businesses

By meeting these requirements, a number of stakeholders in the business can reap the benefits of the security architecture. The emphasis given to confidentiality, integrity, and high availability highlight the fact that these stakeholders operate critical infrastructure that should not be compromised under any circumstance. Major accidents and disasters that can cause loss of life or severe environmental damage need to be avoided at all costs. Therefore, even though these control systems (even those deployed years ago that have limited security capabilities) now need to be connected, at the same time the interfaces need to be kept to a minimum and remain carefully controlled at all times. Figure 10-16 shows an example of a PCN security reference architecture for the oil and gas industry.

This reference architecture includes two main components: the secure center and the secure site (which are hosting the main uses cases that help secure the oil and gas PCN). The guiding principle here is to use the secure center not only as the central point for visibility into the security posture of the PCN environment but also as the single entry point into the environment. A centralized point for compliance and reporting can give visibility to the entire site estate—sometimes across the globe—enabling a view of oil rigs, pipelines, and refineries from a single location. The key advantage of this approach is that it greatly reduces the risk involved in controlling multiple entry points.

Asset information should be consolidated at the central OT asset database and should enable visibility of the software installed at each component, and support proactive and corrective management of incidents and/or problems. Additional information may be collected in order to support other business practices or requirements. The asset inventory is typically stored in a relational database that allows querying and integration with external reporting tools.

By enforcing a central entry point into the PCN environment, and by ensuring that connectivity between the operations center and the sites is established by using virtual private networking (using layered technologies such as IPSec, RDP, VNC, or SSH), access can be carefully controlled and is easier to manage. Figure 10-17 shows an example of a flow between a third party or a remote worker to a PCN asset at a secure site.

In order to most effectively interface with Microsoft Windows–based components (which are predominately used in the PCN), Windows Server Update Services (WSUS) should be implemented with additional logic to ensure simplified management and the ability to produce meaningful reports. These reports can aid in the identification of potential weaknesses in the PCN.

Such a solution can assist in the delivery of accurate qualified PCN vendor patches, which tend to come out on a regular basis. The solution can link qualified patch lists (QPLs) to groups within the patching solution, assuring improved patching process response times as well as reducing the possibility of error by removing manual QPL creation. Figure 10-18 illustrates a Microsoft WSUS patch management solution deployed in a refinery and supporting a variety of third-party industrial systems.

The information collected using asset inventory capabilities makes it possible to determine which patches have been installed on any component in a PCN. Knowing what patches are recommended for implementation (via the QPLs) and what patches are currently installed on a given OT asset within the PCN allows for mapping of required and missing patches to individual assets.

A robust AV patch management system is extremely important in ensuring that the OT assets in a PCN are protected against known threats and vulnerabilities, especially since many of these systems run on well-known OSs, such as Microsoft Windows. In many cases breaches have been achieved through known vulnerabilities where the asset was not correctly patched.

Important challenges need to be addressed because of the nature of PCN environments. For example, a large variety of different PCN solutions and systems are used in most oil and gas facilities, and a variety of industrial protocols and access methods have been implemented on different networking technologies. An effective system needs to be able to move around this variability and present all the information in a clear and concise manner so it can be managed and actioned in a timely fashion. If a centralized security operations center (SOC) is also monitoring the devices, OS and network logs also have to be collected and uploaded to a SIEM (security information and event management) system for further analysis.

Traditionally, equipment is assessed on a preventive time-based schedule, or, in the worst-case scenario, equipment is fixed or replaced after issues occur. In many cases, equipment or parts may be replaced even if they do not need to be based on an estimated lifetime use. For example, a pressure sensor might be in perfect working order and could potentially last another 10 years, but due to a rigid replacement schedule, it gets replaced years before it needs to be, introducing unnecessary costs and lost efficiency. In addition, physical inspection can be expensive—especially inside pipelines and other hard-to-reach areas. The lack of real-time information about the status of equipment can easily lead to equipment failure, costly unplanned maintenance, and lost processing time, not to mention the danger of accidents or emergencies resulting from failed equipment.

Analytics can be leveraged to make equipment monitoring, management, and maintenance more effective. Models can be created for each equipment type to help predict component failures and also to optimize performance characteristics. Wireless sensors and plant monitoring equipment can be used to measure characteristics such as temperature, vibration, alignment, pressure, viscosity, and lubricant condition in real time and compare these measurements with historical models to assess how equipment is performing and the likelihood of failure.

From a predictive maintenance perspective, equipment can be fixed or replaced based on its actual condition rather than a preset timeline or agenda. This can potentially provide savings on replacement costs and also allows for equipment that may fail before the scheduled maintenance window to be fixed, and prevent accidents or downtime. In addition, optimized equipment performance based on real-time feedback of equipment parameters may be realized, with even small efficiency improvements returning savings. (For more details on analytics in IoT, refer to Chapter 7, “Data and Analytics for IoT.”)

It is essential to understand that a single technology cannot enable the oil and gas industry to meet these requirements. Only a properly architected, secure integration of technologies and applications will help reduce costs, improve efficiencies, keep workers safe, and continue to drive innovation.

The oil and gas industry is building new IoT solutions for the connected refinery, control center, pipeline, and oil rig. These solutions follow the Purdue Model for Control Hierarchy, which helps identify the architectural levels and security zones.

Because of the nature of oil and gas facilities and work environments, wireless technology is widely used to connect sensors, workers, and industrial control systems. Wi-Fi and deterministic wireless systems such as ISA100.11 and WirelessHART are popular in this industry, and they solve very specific challenges.

Security is also paramount in the oil and gas industry, and adhering to a risk management framework enhances security. Security should be managed through a comprehensive defense-in-depth strategy that incorporates authentication, encryption, remote access controls, AV, and OS patch management.

2. http://robotics.eecs.berkeley.edu/~pister/publications/dissertations/ZatsSamuel_MSReport2010.pdf.