We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byCamila Wickwire
Modified about 1 year ago
© 2008 OSIsoft, Inc. | Company Confidential Gabriel Mazooz An Ultimate Security Solution for the PI Environment
3 © 2008 OSIsoft, Inc. | Company Confidential Presentation Agenda Israel Electric Corporation (IEC) –Some Facts and Figures Security Background –Cyber Security Threats Project Requirements –PI System Status –The Challenge Project Implementation –The Players –The Working Environment –The Process Project Summary
4 © 2008 OSIsoft, Inc. | Company Confidential Israel Electric Corporation (IEC)
5 © 2008 OSIsoft, Inc. | Company Confidential Nazareth, Church of the Annunciation
6 © 2008 OSIsoft, Inc. | Company Confidential The Israel Electric Corporation Ltd. The Israel Electric Corporation (IEC) - est % Government owned Generates, transmits and distributes practically all the electricity in the State of Israel IEC is the sole integrated electric utility in the State of Israel One of the largest industrial companies in Israel
7 © 2008 OSIsoft, Inc. | Company Confidential IEC – General Profile IEC – Main producer (99%) and distributor (100%) of electricity in Israel Generating capacity - ~11,000 MW Integrated Capabilities – IEC has full design and integration capabilities Largest company in Israel with 14,000 employees Current government policy calls for the privatization of IEC with competition introduction via Independent Power Producers (IPPs)
8 © 2008 OSIsoft, Inc. | Company Confidential The Israel Electric Corporation Ltd. Power plant Gas Turbines 1. On January 30, peak demand of 10,200 MW
9 © 2008 OSIsoft, Inc. | Company Confidential NATIONAL SYSTEM OVERVIEW Ovation Bailey MAX Control ABB Siemens
10 © 2008 OSIsoft, Inc. | Company Confidential Cyber Security – Main Points Critical National Infrastructures (CNIs) are prime targets for Cyber Terror Process control systems becoming more vulnerable: –Communication systems converge to IP based networks –Operating systems with known vulnerabilities are used –Systems are interlinked –Growing Worldwide threat environment (more tools, players) –Remote monitoring and maintenance becoming common –Interconnectivity with the administrative networks & Internet
11 © 2008 OSIsoft, Inc. | Company Confidential IEC Cyber Security – Main Points IEC is a major cyber-target IEC is an Electricity island Strict requirements on availability (essentially 100%) PI servers are widely in use –Most of IEC operational data is on PI
12 © 2008 OSIsoft, Inc. | Company Confidential IEC Cyber Security Policy 1.IEC has cyber security policies in effect: –Information Security Policy Q –Divisional Policy Q Cyber security policy is centrally managed by the head of the Generation Division and handled locally by the head of the Computers Dept. 3.The National Information Security Authority (NISA) regulates CNI’s networks architectures and cyber security practices & methodologies
13 © 2008 OSIsoft, Inc. | Company Confidential Production Division’s PI System The main information system supplying on-line and real-time data and information on elements and processes of the production division Used for making real-time operative decisions by units operators and PI systems users Integrated within a great many business process Over 500 users system wide All-time availability is strictly required
14 © 2008 OSIsoft, Inc. | Company Confidential Generation Division Headquarters 5,000 Haifa 20,000 Orot Rabin 30,000 Reading 5,000 Eshkol 10,000 Rutnberg 1-210,000 Rutnberg 3-420,000 Hadera Environment Association 1,000 Alon Tavor 2,000 Hagit 5,000 Ramat Hovav 2,000 Zafit 1,000 Gezer 2,000 National Dispatch 50,000 T & D 50,000 Test1, Sites PI Tags Distribution 214,000 Total Tags 214,000
15 © 2008 OSIsoft, Inc. | Company Confidential PI System Referent / Administrator Responsible for PI system- one at each IEC site Operates and maintains on-site PI system Develops local applications and displays Local Point of Contact for all PI related issues Generation Division convenes a PI Referent Forum
16 © 2008 OSIsoft, Inc. | Company Confidential Generation Overview - Units Status Working Derated Faulty Maint. Reserve Avail. Site Fault Reserv e Derate Avail. Maint. MW
17 © 2008 OSIsoft, Inc. | Company Confidential RT – PORTAL: Overview - Units Status
18 © 2008 OSIsoft, Inc. | Company Confidential Locally developed Application - Example
19 © 2008 OSIsoft, Inc. | Company Confidential PI System Expanding PI system being used for reporting on the move:
20 © 2008 OSIsoft, Inc. | Company Confidential The Challenge To arrive at a truly and absolutely protected PI system, while still enabling fully operational PI connectivity with the administrative network Quick and easy implementation – minimal downtime Minimal cost
21 © 2008 OSIsoft, Inc. | Company Confidential PI Security Project - Start to Finish : Less than a month !!!
22 © 2008 OSIsoft, Inc. | Company Confidential IEC – Generation Division as the initiator and project leader Ludan Systems – Solution Developer and Integrator Waterfall Security Solutions – Solution Developer & Vendor The Main Players
23 © 2008 OSIsoft, Inc. | Company Confidential Ludan Software and Control Systems - Facts Ludan Software and Control Systems - subsidiary of Ludan – Tech Ltd. Company activities: Project design, integration, installation and execution of industrial IT and process control projects Vast experience in computerized systems and process control large scale projects Over 20 years experience integrating PI systems Visit
24 © 2008 OSIsoft, Inc. | Company Confidential Waterfall Security Solutions - Facts Privately owned security firm, based in Israel Spun-off in 2006, 25 employees, >110 installations worldwide Solutions based on unidirectional connectivity harnessed in patented technology integrating hardware and software modules Visit
25 © 2008 OSIsoft, Inc. | Company Confidential Overall Project Players Users Ludan Waterfall Management IEC PI Project Regulation Performers Customers
26 © 2008 OSIsoft, Inc. | Company Confidential Solution Concept – Main Points Segregate PI systems for maximum security Allow PI connectivity only via a strictly one- way communications solution (Waterfall One- Way™) Use the unidirectional connectivity to replicate PI server information on an external server Administrative PI users can only access the replicated PI server
27 © 2008 OSIsoft, Inc. | Company Confidential Waterfall Unidirectional Connectivity A novel approach to network and data security Deployment of physically based unidirectional gateways for external connections Leveraging the unidirectional logic of such connections for: Sending production information to the business network Sending status information to the remote monitoring network Receiving information from IP surveillance/remote devices Benefits of the approach - A Win-Win situation Enabling all business needs and requirements (“traditional approach”) Top security level – practical “physical segregation” (“strict approach“)
28 © 2008 OSIsoft, Inc. | Company Confidential Realizing absolute unidirectional connectivity in the optical domain: Making Truly Unidirectional Connections Hardware Based One-Way Data-Flow Gate Transmitter Receiver Laser Transmit Only Diode Receive Only
29 © 2008 OSIsoft, Inc. | Company Confidential PI System – Solution Components Innovative W.F. element
30 © 2008 OSIsoft, Inc. | Company Confidential WF-SME for PI I ndustrial Network Waterfall SME Business Network Replica PI Server Master PI Server PI Base Subsystem PI Snapshot Subsystem PI Archive Subsystem PI Base Subsystem PI Snapshot Subsystem PI Archive Subsystem Online - Points database replication (create/edit/delete tags) Online data replication (snapshot) Scheduled/On-demand history replication (archive) WF PI RX server Route for History WF-SME* PI System – Data Paths WF PI TX server * Scada Monitoring Enabler Route for On-Line
31 © 2008 OSIsoft, Inc. | Company Confidential PI System – Before (Insecure) Industrial Network Business Network Site ASite BSite CSite DSite N Master PI Server Internet Highly risky architecture Online bidirectional
32 © 2008 OSIsoft, Inc. | Company Confidential Industrial Network Site ASite BSite CSite DSite N Business Network Master PI Server Internet Online Unidirectional replication PI System – After (Secure) One way data flow
33 © 2008 OSIsoft, Inc. | Company Confidential Project Implementation Process I - Infrastructure Process II - Sand box installation Process III - Declaration Process IV - New server declared operational Process V – Monitoring
34 © 2008 OSIsoft, Inc. | Company Confidential Project Implementation - Process I Infrastructure: –Analysis –Design –Procurement
35 © 2008 OSIsoft, Inc. | Company Confidential Project Implementation - Process II Sand box installation: –Original system runs in parallel –Running 2 or 3 test clients in this period –Evaluation of performance –Database and application testing
36 © 2008 OSIsoft, Inc. | Company Confidential Project Implementation - Process III Move Date To New Topology: Declaration Alert all users & managers
37 © 2008 OSIsoft, Inc. | Company Confidential Project Implementation - Process IV New server declared operational Referent is coached regarding the new system Connection between networks is cut off Users are moved to the new system Applications and database are rigorously inspected
38 © 2008 OSIsoft, Inc. | Company Confidential Project Implementation - Process V Monitoring Servers Interfaces Data Users Displays Applications
39 © 2008 OSIsoft, Inc. | Company Confidential Performance - 50k tags – ~ 1 sec. latency end to end. Uptime 2 years and counting –0 downtime on all systems installed User experience –Seamless passage to the new system –100s of concurrent users nation wide –Support *POC is unchanged –*Point of contact Project Completion
40 © 2008 OSIsoft, Inc. | Company Confidential Project Management Timeline
41 © 2008 OSIsoft, Inc. | Company Confidential Future Prospects Future phases and improvements will include: –Install base increased to include more turbines: 1.Alon Tavor 2.Hagit 3.Gezer 4.Tzafit 5.Ramat Hovav –Allow for remote monitoring over unidirectional links: 1.Gezer 2.Hagit –And in the near future : 3.Alon Tavor 4.Eshkol
42 © 2008 OSIsoft, Inc. | Company Confidential State of the art security solution for the PI environment “Sleep well at night” Project timeline less than 1 month PI user experience is unchanged Performance is practically unaffected Negligible maintenance PI Availability is: –Stable –Reliable –Fully Secured Summary
43 © 2008 OSIsoft, Inc. | Company Confidential Question Time
44 © 2008 OSIsoft, Inc. | Company Confidential
Enterprise PI - How do I manage all of this? Robert Raesemann J Jacksonville, FL.
Evolution of PI in an Expanding Utility’s Strategy John L. Ragone KeySpan.
11 CLUSTERING AND AVAILABILITY Chapter 11. Chapter 11: CLUSTERING AND AVAILABILITY2 OVERVIEW Describe the clustering capabilities of Microsoft Windows.
1 Value now. Value over time. © Copyright 2009, OSIsoft Inc. All rights Reserved. Using OSIsoft to Become Compliant James Cosgrove, Northeast Utilities.
8. 2 Object-Oriented Analysis and Design with the Unified Process Objectives Describe the differences between requirements activities and design activities.
Improving Customer Satisfaction Through Advances in Remote Management Technology Greg Michel Product Manager Quintum Technologies Inc.
Cloud computing is the use of computing resources (hardware and software) that are delivered as a service over the Internet. Cloud is the metaphor for.
IBM SMB Software Group ® ibm.com/software/smb Maintain Hardware Platform Health An IT Services Management Infrastructure Solution.
FirstEnergy / Jersey Central Power & Light Integrated Distributed Energy Resources (IDER) Joseph Waligorski FirstEnergy Grid-InterOp 2009 Denver, CO November.
Agenda Current Network Limitations New Network Requirements About Enterasys Security Branch Office Routers Overall Enterprise Requirements Proposed Solution.
Motorola Mobility Services Platform Management Software: Stage Edition.
Cyber Security and the Smart Grid George W. Arnold, Eng.Sc.D. National Institute of Standards and Technology (NIST) U.S. Department of Commerce
Empowering Business in Real Time. © Copyright 2009, OSIsoft Inc. All rights Reserved. Virtualization and HA PI Systems: Three strategies to keep your PI.
Using PI as a Transitioning Tool to RTPM A presentation by Calpine Geothermal for the 2004 OSI Users Conference A presentation by Calpine Geothermal for.
Introduction to Networks. When Personal Computers first appeared in business, software programs were designed for a single user. However as computers.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Introduction to Scaling Networks Scaling Networks.
1 Critical Mission Support Through Energy Security Susan Van Scoyoc Concurrent Technologies Corporation 16 August 2012 Energy Huntsville Meeting Huntsville,
Avtec Inc Virtualization - Securely Moving to the Cloud.
Chapter © 2006 The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/ Irwin Chapter 7 IT INFRASTRUCTURES Business-Driven Technologies 7.
ISecurity Complete Product Series For System i. About Raz-Lee Internationally renowned System i solutions provider Founded in 1983; 100% focused on System.
AMI project for Israel Electricity Corporation Beeper-Larotech Ilan Friedland - CEO.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch February 4, 2010.
Operational Excellence at Roche: PI Delivers Robert Fretz F. Hoffmann-La Roche Ltd. Basel, Switzerland.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
Chapter 21 Successfully Implementing The Information System Systems Analysis and Design Kendall and Kendall Fifth Edition.
STORAGE ARCHITECTURE/ MASTER): Where IP and FC Storage Fit in Your Enterprise Randy Kerns Senior Partner The Evaluator Group.
Anytime, Anywhere Access Benefits Functionality Work Order Administration Dispatch Work Order Work Order Details New Work Order Additional Functionality.
Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. PowerPoint to accompany Krar Gill Smid Technology of Machine.
Iron Mountain’s Continuity Service ©2006 Iron Mountain Incorporated. All rights reserved. Iron Mountain and the design of the mountain are registered.
Manasa Guduru Sai Prasanth Sridhar Malini srinivasan Sinduja Narasimhan Reference: Aymerich, F. M., Fenu, G., & Surcis, S. (2008). An approach to a cloud.
BMC Software confidential. BMC Performance Manager Will Brown.
Cloud Computing (101). Cloud Computing – Outline Definition of Cloud Computing Early days of “Cloud” Computing – 1960s – 1970s Developments that.
Citrix Partner Update The Citrix Delivery Centre.
Backup and Disaster Recovery (BDR) A LOGICAL Alternative to costly Hosted BDR ELLEGENT SYSTEMS, Inc.
The European Gateway to TANKSAT The Ultimate Service for LPG Tank Telemetry MCS Europe Group Solutions.
1 Transitioning TAC I/A Series ™ to SmartStruxure ™ solution 11 June 2016.
Confidential and Proprietary May 7, 2015 Real-Time Data Where You Can Use It.
1 © 2004 Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID The spoken words remain IP and Video Telephony Recording from TC & C Anthony.
Next Generation Security Solutions Next Generation Controllers January 2013.
Business Data Communications, Stallings 1 Chapter 1: Introduction William Stallings Business Data Communications 6 th Edition.
S P O N S O R E D B Y S M A R T S I G N A L Less is More! Pitching New Ideas to Not so New Operators and Managers. Less is More! Pitching New Ideas to.
The ProactiveWatch Monitoring Service. Are These Problems For You? Your business gets disrupted when your IT environment has issues Your employee and.
9 Systems Analysis and Design in a Changing World, Fourth Edition.
DreamWatts Product Presentation for Energy Trust of Oregon PowerMand, Inc. Summary: Introduction to technology Potential ETO use – Audit & Analysis Online.
How AEP is Approaching the Information Management Crisis by Leveraging OSIsoft’s Suite of Tools Bill Sigmon Sr. Vice President Fossil and Hydro Generation.
DR Software: Essential Foundational Elements and Platform Components UCLA Smart Grid Energy Research Center (SMERC) Industry Partners Program (IPP) Meeting.
Sensitive Metric Collection and Reporting System Michael Aiello Hanning Gao Martin Goldberg Michael Sosonkin Jason Woloz.
6/23/2005 R. GARDNER OSG Baseline Services 1 OSG Baseline Services In my talk I’d like to discuss two questions: What capabilities are we aiming for.
Chapter 5 Distributed Systems: The Overall Architecture Presented by: Matt Carver Amber Martin Jon Tucker.
© 2017 SlidePlayer.com Inc. All rights reserved.