|Selecting high-quality cable that meets the environmental requirements will ensure high reliability and safety. In particular, low-smoke, zero-halogen jackets for marine-certified cable are a safety "game-changer" for offshore operations.|
Belden's Tim Wallaert explains how the proper networking solitions can reduce time to first oil and can increase uptime.
In an industry where a single day, hour or minute of downtime in production puts millions of revenue dollars at risk, operating at anything less than capacity is not an option. It is critical for oil and gas companies – especially the offshore vessels keeping the world’s petroleum supply flowing – to ensure they have a highly reliable, safe communications infrastructure in place.
There are many concerns and challenges around the need for absolute uptime while working in one of the harshest environments imaginable. These seemingly unproblematic elements can present risks or threats to the system. Essentially, there are no unimportant parts of a vessel’s control or automation system.
Some key areas of communications infrastructure that are often overlooked include:
- The overall design of the vessel’s communications network.
- The quality and safety of the components used to build out the communications infrastructure, particularly the physical media.
- The management of network traffic to protect the performance of automation systems from advanced malware threats or unintentional incidents.
As new offshore vessels are built or existing facilities are overhauled, incorporating these features from the onset provides several benefits. First, companies can shorten the time it takes to commission a new ship or complete a retrofit and ultimately reduce the time to first oil. It also enables a smoother transition of equipment from subcontractors to the ship or rig builder, and helps avoid common integration issues.
Fewer surprises will arise later on if the right questions are asked from the start. For example: “How is the network segmented?” “How can the right physical media reduce downtime and ensure safety?” and “What is the best way to secure systems and safeguard network performance?”
|High-attention to designing a robust industrial network infrastructure pays dividends in reducing time to first oil and increasing reliability.|
Design with industrial ethernet infrastructure in mind
First and foremost, an offshore vessel’s communications network should follow today’s best practices in network design.
Older SCADA (supervisory control and data acquisition) and ICS (industrial control system) systems were not designed with security needs in mind. Due to harsh environmental conditions, floating facilities have shorter lifecycles when compared to other industrial systems; therefore, new vessels or retrofit projects can more easily shift to the improved technologies available.
The main trend is the increasing adoption of Ethernet networking technologies for communications. Not only is industrial ethernet easy to implement, it offers instant access to data and scalable solutions. The ARC Advisory Group estimates ethernet networks are growing at more than 12% compound annual growth rate.
For engineers, IT professionals, or third-party ship and rig builders unsure of the best way to design an ethernet network, the most important principle is segmentation.
Offshore vessels and platforms generally involve a large number of systems and devices. Between programmable logic controllers, automated equipment and subsea systems, the network is usually large and dense. If the network is also flat, then performance and uptime will be reduced. A segmented network, on the other hand, is more manageable and makes isolating network issues easier.
To create an ideal network infrastructure, divide your network into zones.
- Subnets – Dividing up devices into physical groupings based on function or location makes it easier to maintain and secure them. Subnets prevent broadcast messages, reducing the chances of network traffic storms that can impact production.
- Virtual Local Area Networks – VLANs create logical groups of ethernet devices that cannot be physically connected. Once tagged by a switch, other switches can read this tag and decide whether a message should be forwarded. VLANs provide traffic management, allowing devices to only see the data they need.
- Transparent firewalls – Some processes cannot be maintained across a subnetted system. When a system cannot be segmented, transparent firewalls are an option.
Having a properly-designed communications network with regard to segmentation will greatly reduce problems during the installation and improve reliability once in operation.
|Floating production, storage and offloading (FPSO) vessels can be commissioned and retrofitted faster when a network design with proper segmentation is implemented.|
Ruggedize the system to withstand elements
The extreme conditions faced by offshore facilities require the use of quality, ruggedized equipment that will withstand the harshest environments. Extreme temperatures, corrosive hydrocarbons, direct sunlight and UV exposure are just a few of the challenges for the network.
Reliable signal transmission solutions that enable your offshore network to operate continuously while also connecting back to the control system on the beach are not optional. Products designed for and tested in this extreme setting will keep a network up and running.
Since most offshore projects involve a team of partners, subcontractors or shipbuilders, it’s important to specify products so everything on the network works seamlessly together. This includes industrially-hardened ethernet switches, routers and security devices, ruggedized control and information cables, and sealed, oil resistant, non-toxic cable and connectors.
Choose the right cable
Studies show the majority of network failures originate from cables or connectors. Intermittent connector and cable issues are notoriously difficult to diagnose and correct. Avoid expensive downtime by selecting and specifying the proper cable qualities, like:
- Hydrocarbon resistant.
- Oil resistant.
- Able to withstand very high and very low temperatures.
- Crush and impact resistant.
- Wet and dry rated.
- Abrasion resistant.
Determining the right cable at the design stage for the conditions your vessel will encounter, and then specifying it for procurement, will pay dividends in terms of faster project completion and higher reliability. Improvements to prevent downtime and unreliable communications also increase overall safety onboard the vessel – protecting both employees and the equipment on board.
Adhere to global requirements
All offshore signal transmission systems require certification by relevant regulatory bodies, both domestically and internationally.
Historically, this has been a cumbersome process, requiring substantial engineering, procurement and installation resources. Thus, using products onboard the facility that have already been proven in offshore applications and meet the necessary certifications can greatly reduce the time to market and first oil.
The key global standards and certifications that companies, as well as thirdparty builders and integrators, should look for when considering products and solutions, include:
- The United States Occupational Safety & Health Administration’s Class 1, Div 2 hazardous location conditions.
- The American Bureau of Shipping, or ABS certification, for marine and offshore operations within the coastal US.
- Europe’s DNV GL Maritime rules, standards and regulations for every type of ship, vessel or offshore installation.
|Transparent industrial firewalls (devices shown with a "T") are an important part of Defense in Depth. In this simplified network diagram, they are shown protecting the process control network, as well as switchgear and various packaged process units. Only the necessary operating protocols are allowed through firewalls.|
Industrial cyber security defense
Cyber security-related events have become an increasing problem for the oil and gas industry over the past decade. The importance of the industry to the economy is one of the biggest reasons, and in the last few years, the number and sophistication of cyber-attacks targeting energy facilities has grown greatly.
In addition, the complicated nature of offshore networks means that unintended attacks from internal errors or viruses add another layer of challenges in protecting the mission-critical system.
Take advantage of the cyber security best practices
There are a number of security solutions available that are not only cost effective, but are also easy to implement without disrupting production.
With oil and gas production, maintaining the integrity and availability of the system is paramount. A network’s outside defenses are extremely effective, but what’s concerning is the number of internal accidents caused by user error or malware introduced from contractor USB keys or laptops.
With the majority of incidents originating from secondary points of entry to the network, problems can spread rapidly through the network. A perimeter-style defense with a firewall at the edge of the network, while necessary, isn’t enough.
To protect a system from within, a multi-layered defense, such as Defense in Depth (DiD), is needed. DiD is built on three core concepts: multiple layers of defense, differentiated layers of defense and threat-specific layers of defense.
A network protected using a DiD strategy responds to threats, such as traffic storms or viruses, by limiting the impact to the zone where the problem started. Alarm messages from the firewalls will pinpoint the zone, and even the source of the problem, making the situation faster and easier to correct.
|Using high-quality ruggedized components, including the cable and connectors, greatly reduces network failures on offshore platforms, such as this fixed, gas and oil processing structure.|
Use transparent industrial firewalls to protect core processes
Transparent firewalls1 are security devices with special features for industrial use. At first glance, they appear like a traditional Ethernet switch, but they actually inspect network messages in great detail.
The transparent feature allows them to be dropped into existing systems without requiring readdressing of the station devices. This means that organizations can retrofit security zones into live environments without a shutdown. They also allow the installation of security controls within a single sub-network.
The firewall feature provides detailed “stateful”2 inspection of all network protocols so inappropriate traffic can be blocked. For example, rate limits can be set to prevent “traffic storms,” while deep packet inspection rules can be set to prevent inappropriate commands from being sent to IEDs or controllers.
Overall, there is a huge opportunity for offshore facilities to benefit from and stay ahead of the competition by laying out the proper network infrastructure. Decreased downtime and reduced security risks help keep the time and money spent on troubleshooting and fixing issues low. Ultimately, using the latest networking and communications technologies can reduce operations costs and engineering time and improve the return on investment.
1 Transparent (layer 2) firewalls are devices that connect the same network on its inside and outside ports. They are not a routed hop and thus can be safely installed in live networks. Layer 3 traffic, such as IP traffic, cannot pass through the security appliance unless it is explicitly permitted.
2 A stateful firewall keeps track of the state of network connections and allows only packets with a known connection to pass through it.
Tim Wallaert, Director – Vertical Markets, Energy, leads Belden’s expansion into the power utility and oil and gas markets. He has spent more than 20 years in industrial automation, helping improve production operation across a range of industries. Tim’s current focus is on energy communication and automation as one of the key enablers of the digital oilfield. He holds a BSEE from Michigan State University and an MBA from Case Western Reserve University.