LOGIIC Helps Keep Oil, Gas Control Systems Safe
For the past 12 months, Sandia National Laboratories has served as the lead national lab in Project LOGIIC (Linking the Oil and Gas Industry to Improve Cyber
Security). The project was created to keep U.S. oil and gas control systems safe and secure, and to help minimize the chance that a cyber attack could severely damage or cripple America’s oil and gas infrastructure. Such an attack by viruses, worms or other forms of cyber-terrorism on oil and gas industry process control networks and related systems could destabilize energy industry supply capabilities and negatively impact the national economy. LOGIIC, funded by the Department of Homeland Security’s Science and Technology Directorate, brought together 14 organizations to identify ways to reduce cyber vulnerabilities in process control and SCADA (Supervisory Control and Data Acquisition) systems. The goal of the project was to identify new types of security sensors for process control networks. Sandia worked with project partners to create a simulation test bed and apply this environment to counter potential threats to the oil and gas industry using hypothetical attack scenarios. Sandia researchers created two real-time models of control systems used for refinery and pipeline operations. Sandia is a National Nuclear Security Administration laboratory. Ben Cook project lead for Sandia, says the objective of LOGIIC was to bring together government, asset owners, vendors, and the research community to protect the critical infrastructure. He says a key element of LOGIIC’s public-private partnership model was the leadership role it gave to industry partners — in this case the oil and gas asset owners — to define the technical problem to be tackled and manage the project towards a successful outcome. “Current control system operators have limited situational awareness,” he said. “In LOGIIC, industry leaders chose to focus the partnership team’s initial work on addressing their concern that control networks aren’t monitored for cyber intrusions as is routinely done on business networks. As a result, it’s difficult to detect cyber adversaries who might be attempting to compromise critical system components.” The monitoring system developed in LOGIIC is based on the very latest commercial enterprise detection and correlation technologies adapted to monitor control networks, providing asset owners with dramatically improved situational awareness,” Cook said. To test LOGIIC’s monitoring capabilities, Sandia researchers came up with five vulnerability scenarios based on cyber compromises commonly used in the hacker community. Two scenarios were extensively tested to illustrate the effectiveness of the LOGIIC monitoring solution. Ray Parks, who led the development of the scenarios, used his background as a member of Sandia’s cyber red team, which has performed numerous vulnerability assessments of oil and gas and other critical infrastructure facilities. LOGIIC brought together experts in homeland security, oil and gas, security research, security technology, and process control technology. • Government: DHS, Science and Technology Directorate • Oil and gas industry: Chevron, CITGO, BP and Ergon Refining • Research: Sandia, SRI International, and Adventium Labs • Security vendors: ArcSight, 3Com, and Symantec • Process control technology vendors: Honeywell, OMNI Flow Computers, and Telvent.