Цифровой НПЗ - cisco...© 2013-2014 cisco and/or its affiliates. all rights reserved....
TRANSCRIPT
Андрей Гречин
Цифровой НПЗ
Системный архитектор 17.11.2015
2 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Connected Refinery
Wireless
Connected Refinery
Automation
Connected Refinery
Security
Ethernet
IoT-Readiness in Today’s Typical Refinery
Managed Switches
Connected IT/OT Network
Management in OT Tools
SDN for Plug & Play Factory
Factory Wi-Fi (ad Hoc)
Unified Refinery-Wide Wi-Fi
Wi-Fi Management Tools
LBS-Ready WiFi
Hyper Location
Industrial DMZ
Network Access Control
Central Identity and Policy
Secure Remote Access
Industrial Protocol DPI
1.
2.
3.
4.
5.
1.
2.
3.
4.
5.
1.
2.
3.
4.
5.
3 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Off-Line
Connected Refinery
Connected Enterprise
Supply Chain Orchestration
Refinery Automation
Refinery Security
Refinery Wireless
Analytics & Big Data
Virtualization & Compute
Connected Machines
Refinery Collaboration
Location Services
Supply Chain Collaboration (SXP)
Design Collaboration
Digital Enterprise Journey + 16% OEE + 23% NPI
- 35% Inventory
- 49% Defects
- 48% Downtime
Cisco Confidential 4 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Validated Converged Plantwide Ethernet Architecture
EtherNet/IP (Industrial Protocols)
Real–Time Control
Fast Convergence
Traffic Segmentation and Management
Ease of Use
Site Operations and Control Multi-Service Networks Network and Security Management
Routing
Application and Data share
Access Control
Threat Protection
Enterprise/IT Integration Collaboration Wireless Application Optimization
Cell/Area Zone Levels 0–2 Layer 2 Access
Manufacturing Zone Level 3 Distribution and Core
Demilitarized Zone (DMZ) Firewalls
Enterprise Network Levels 4–5
Gbps Link for Failover Detection
Firewall (Active)
Firewall (Standby)
FactoryTalk Application
Servers
Cisco ASA 5500
Cisco Catalyst Switch
Network Services
Cisco Catalyst 6500/4500
Cisco Cat. 3750 Switch Stack
Patch Management Terminal Services Application Mirror
AV Server
Cell/Area #1 (Redundant Star Topology)
Drive
Controller HMI
Distributed I/O
Controller
Drive Drive
HMI
Distributed I/O
HMI
Cell/Area #2 (Ring Topology)
Cell/Area #3 (Linear Topology)
Layer 2 Access Switch
Controller
Web Apps DNS FTP
Internet
5 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Analy&cs
Fog/DistributedCompute
Ver&calSolu&onsforOil&GasOpera&onalTechnologies
HorizontalSolu&onsforOil&GasOpera&onalTechnologies
Opera&onalField
Telecoms
Analy&cs
ConnectedOilfield ConnectedPipeline ConnectedRefinery ConnectedProcessing ConnectedShipping ConnectedRetail
NOC Headquarters DataCentre
SecureOpera&onsRemoteOpera&ons Collabora&veOpera&ons
\\\
\\\
\\\
3rdPartyRemoteAccess
MobileWorkforce
CloudServices
Internet
WANNetworks
ControlCentre
Process
Supervisory
Mul&service
ControlCentre
Process
Supervisory
Mul&service
ControlCentre
Process
SupervisoryMul&service Process
Supervisory
Mul&service Process
Supervisory
Mul&service
Opera&onalFieldTelecoms Mul&service
ControlCentre
Opera&onalFieldTelecoms
ControlCentre
Opera&onalFieldTelecoms
ControlCentre
Opera&onalFieldTelecoms
Onshore Onship
Opera&onalFieldTelecoms
HighLevelSolu@
onBlocks
Analy&cs
ConnectedGraphics
6 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Secure Operations
Collaborative Operations
Remote Operations
Connected Refinery
Connected Processing
Connected Shipping
Connected Oilfield
Connected Pipeline
Solution X
Solution Y
Solution Z
IoT/IoE Solutions & Offerings
Business & Technical Reference Architectures
Solution & Use Case Architectures
Actors / Components / Benefits Communications / Security
Use Cases / Business Scenarios
Actors / Components / Benefits Communications / Security
Actors / Components / Benefits Communications / Security
Solution Architecture Development
3rd$Party$(Process)$
Mobile$Worker$
3rd$Party$(Business)$
Cloud$Services$
Connected(Oilfield( Connected(Pipeline( Connected(Refinery( Connected(Processing( Connected(Shipping(Opera7ons(&(Control(
Supervisory(
Process(
Mul7service(
Field(Networks(Fiber,$Ethernet,$Wireless$
Mesh,$802.11x$Wifi,$$MANET,$Radio,$WiMax,$RF$Mesh,$802.15.4,$Microwave$
Internet$
Field(Infrastructure(
WAN(Networks(
WAN$$AggregaOon$
Supervisory(
Process(
Fog(/(Distributed(Compute(
Opera7onal(Technologies:(Plant,(Machines(&((
Devices(
Centralized(Opera7ons(
Enterprise$WAN$(IP/MPLS,$MPLSSTP,$$DWDM,$Satellite)$
Service$Provider$WAN$
Network$&$Security$Mgt.$PRIME$NMS$
SIEM$
Access$Control$
Directory$Services$
CerOficate$Authority$
Intrusion$PrevenOon$
CSM$
IdenOty$Services$Engine$
AnOS$Virus$
Network$Access$Control$
WSUS$
Industrial$ZTD$
Remote(Opera7ons( Secure(Opera7ons( Collabora7ve(Opera7ons(
Office/Business(Domain(
WAN$Network$$ConnecOon$
Secure$SeparaOon$
Secure$OperaOons$$ConnecOon$
Remote$OperaOons$$ConnecOon$
CollaboraOve$$OperaOons$ConnecOon$
WAAS$ WLC$
Cisco(IoT/IoE(Oil((&(Gas(High(Level(Architecture(
ConnecOvity$
ConnecOvity$
SIEM
SCADA$System$HeadSend$Engineer/Operator$WorkstaOons$
Subsea$Systems$
SIEM
SIEM
Historian$
Asset$Management$
Drilling$Systems$
SIEM
SIEM
SIEM
SIEM
Physical$Security$Services$
Process$AutomaOon$Systems$
SIEM
Domain$Controller$
SIEM
Industrial$Wireless$
Industrial$RouOng$
Industrial$Switching$
Mobility$
Physical$Security$
Fleet$
Tracking$
Incident$$Response$
Industrial$Security$
ProducOon$Management$&$Analysis$
Planning$and$Scheduling$
Compliance$
Energy$Resource$Planning$
SimulaOon$&Training$
Process$OpOmizaOon$
Enterprise$Historian$
CRM$
Security$
Historian$HMI$
SIEM
Safety$
Print$
Physical$Security$
RouOng$
Switching$ Security$
Bandwidth$OpOmizaOon$
Incident$Response$
Compute$&$Storage$
Voice$
Compute$&$Storage$
3rd$Party$FW$Mgt.$
AnOSVirus$
Patch$Mgt.$
RouOng$
Switching$
Security$
SIEM
Web$
Video$
Voice$
Radio$
Email$
Telepresence$
Message$
GPRS/3G/LTE,$WiMax,$Radio,$$Microwave$
Regional$AggregaOon$
Power$$
Internet$Edge$
RouOng$
Firewall$IPS$/$VPN$
Guest$WLC$
Web$$Security$
Email$Security$
Data$Center$&$MulOservice$ApplicaOons$
ASA$Security$ ASA$VPN$Services$
Security(Services(
Industrial$Security$
InstrumentaOon$&$Sensors$
Enterprise$
SIEM
Email$
SIEM
Common$Databases$
SIEM
Corporate$Systems$
Enterprise$$Asset$Mgt$
SIEM
SIEM
Health,$Safety$&$Environment$$
SIEM
Materials$&$$Supply$Chain$
Safety$
Opera7ons(&(Control(SIEM
SCADA$System$HeadSend$Engineer/Operator$WorkstaOons$
Domain$Controller$
SIEM
SIEM
Physical$Security$Services$
SIEM
Opera7ons(&(Control(SIEM
Distributed$Control$$System$Engineer/Operator$WorkstaOons$
Historian$
SIEM
SIEM
Manufacturing$$ExecuOon$System$Process$AutomaOon$System$
SIEM
SIEM
SIEM
SIEM Physical$Security$Services$Domain$Controller$
SIEM
Opera7ons(&(Control(SIEM
SCADA$System$HeadSend$Engineer/Operator$WorkstaOons$Process$AutomaOon$$System$Server$
SIEM
SIEM
Process$AutomaOon$Systems$
Asset$Management$
SIEM
SIEM
SIEM
SIEM
Domain$Controller$Historian$
Physical$Security$Services$
SIEM
Opera7ons(&(Control(SIEM Energy$Management$$
System$Engineer/Operator$WorkstaOons$ Drilling$Systems$
SIEM
SIEM
Ballast$$Systems$
Asset$Management$
Fire$&$Safety$Systems$
SIEM
SIEM
SIEM
SIEM
Domain$Controller$
Propulsion$Systems$SIEM
Opera7onal(Field(Telecoms(
IoT(
IoT(
Industrial$Switching$&$Security$
IoT(
Industrial$Switching,$$Wireless$&$Security$
Supervisory(
Process(
Mul7service(Industrial$Wireless$
Industrial$RouOng$
Industrial$Switching$
Mobility$
Physical$Security$
Fleet$
Tracking$
Incident$$Response$
Industrial$Security$
Historian$HMI$
SIEM
Safety$
Print$
Power$$InstrumentaOon$&$Sensors$
Safety$
Opera7onal(Field(Telecoms(
IoT(
IoT(
Industrial$Switching$&$Security$
IoT(
Industrial$Switching,$$Wireless$&$Security$
Supervisory(
Process(
Mul7service(Industrial$Wireless$
Industrial$RouOng$
Industrial$Switching$
Mobility$
Physical$Security$
Fleet$
Tracking$
Incident$$Response$
Industrial$Security$
Historian$HMI$
SIEM
Safety$
Print$
Power$$InstrumentaOon$&$Sensors$
Safety$
Opera7onal(Field(Telecoms(
IoT(
IoT(
Industrial$Switching$&$Security$
IoT(
Industrial$Switching,$$Wireless$&$Security$
Supervisory(
Process(
Mul7service(Industrial$Wireless$
Industrial$RouOng$
Industrial$Switching$
Mobility$
Physical$Security$
Fleet$
Tracking$
Incident$$Response$
Industrial$Security$
Historian$HMI$
SIEM
Safety$
Print$
Power$$InstrumentaOon$&$Sensors$
Safety$
Opera7onal(Field(Telecoms(
IoT(
IoT(
Industrial$Switching$&$Security$
IoT(
Industrial$Switching,$$Wireless$&$Security$
Supervisory(
Process(
Mul7service(Industrial$Wireless$
Industrial$RouOng$
Industrial$Switching$
Mobility$
Physical$Security$
Tracking$
Incident$$Response$
Industrial$Security$
Historian$HMI$
SIEM
Safety$
Print$
Power$$InstrumentaOon$&$Sensors$
Safety$
Opera7onal(Field(Telecoms(
IoT(
IoT(
Industrial$Switching$&$Security$
IoT(
Industrial$Switching,$$Wireless$&$Security$
IoT( SIEM
Remote$$Access$
IoT(
SIEM
IoT(
Connected(Retail(
IoT(
Switching,$$RouOng,$$Wireless$&$Security$
Asset$Management$ Physical$Security$Services$
SIEM
SIEM
SIEM
SIEM
SIEM
SIEM
SIEM
SIEM
SIEM
SIEM
SIEM
SIEM
SIEM
SIEM
SIEM
Video$Surveillance$$Manager$(VSM)$
Physical$Security$$OperaOons$Manager$
SIEM
Physical$Security$Access$Manager$
IPICS$Incident$Management$
SIEM
Safety(&(Security(
Data(Centre((Services(
SAN$$Switching$
SAN$$Storage$
UCS$Unified$Compute$
Data$Centre$Switching$
Server$Load$Balancing$
Unified((Communica7ons(
WCS$(Wireless$$Control$System)$
Mobility$&$Tracking$ApplicaOons$
Mobility$Services$Engine$
SIEM SIEM
Wireless(&((Mobility(
Call$$Manager$
Unity$$Voicemail$
Ancillary((Services(
SIEM
Terminal$Server$
Telepresence$ Video$$Gateway$
InteracOve$$Experience$Pla_orm$
SIEM
Timing$
SIEM SIEM
GPS$
Sta7on(Mgt(
&(Control(
Wellhead(
Services(
Metering(&((Custody(
Water(&((
Gas(Mgt.(
Seismic(
Services(
Subsea(Services(
Robo7cs(/(ROV(
Crude(Dis7lla7on(
Upgrading(
Trea7ng(
Separa7on(
Blending(
Cracking(
Oil(&(Condensate(Rem
oval(
Separa7on(
Water((
Removal(
Sulfur(&(CO2(Rem
oval(
Analy7cs/Sensing(Remote(Ship(
Maintenance(
Bandwidth(Op7m
iza7on(
RealVTime(
Comms(
Crew(Infotainm
ent(
Physical(Security(
CCTV,(Access(Control(
Adver7sing(((&(Loyalty(
Wifi(Hotspot(
Inverntory((&(Logis7cs(
Card(Process(
Mobility$
Tracking$
Fleet$
Batch,(Flow(&(M
etering(
Leak((Detec7on(
Energy(Mgt(
Safety(&(Security(
Residen7al(
Pipeline$Monitoring$
Leak$DetecOon$
OperaOonal$Business$Systems$
SIEM
SIEM
SIEM
SIEM
Historian$
Batch$Management$SIEM
SIEM
Process'Control' Power'Management' Safety'Systems'
Compressor'/'Pump'Sta7on'
Mul7service'Domain'Sta7on'WAN'&'Security'
Process'Domain'
Metering'/'PIG'Sta7on'
Metering'
PIG'System
s'
Gas'Q
uality'
Mul7service'Domain'Sta7on'WAN'&'Security'
Process'Domain'
SCADA'&'Opera7onal'Business'Systems!SIEM
Engineer'Worksta7ons'
Applica7on''Servers'
Domain''Controller'
Instrumenta7on' Instrumenta7on' Instrumenta7on' Instrumenta7on'
Controller' Controller' MV/LV'Control'
Controller! Controller!
PLC' PLC' PLC' PLC! PLC!
Historian' Operator'Sta7on'
Historian' Operator'' Historian' Operator'Sta7on'
HMI'
Ethernet'Network' Ethernet'Network' Ethernet'Network'
Ethernet'Network' Ethernet'Network'Wireless'AP'
Mobile!Worker!
IP!Voice!
Access'Control'
CCTV'
RFID!
Ethernet'Network'
Wireless'AP'
Mobile!Worker!
IP!Voice!
Access'Control'
CCTV'
RFID!
Ethernet!Network!
Wireless!AP!
Controller' Controller' Controller'
Ethernet'Network'
Historian' Historian' Historian'
HMI' HMI'
Router' Firewall' Switch' Router' Firewall' Switch'
SCADA''Primary'
Remote''Access'
Leak''Detec7on'
Physical'Security'
Operator'Worksta7ons'
SCADA''Backup'
DAS'Master'Control'
Historian'
Repor7ng'
Metering''Systems'
Main'Control'Center'
Video''Opera7ons'
Access''Opera7ons'
Video''Storage'
Incident''Response'
(virtua
lized
/non
/virtua
lized
)1
(virtua
lized
/non
/virtua
lized
)1
Backup'Control'Center'
MCC
'WAN
'&'Se
curity'
BCC'WAN
'&'Se
curity'
Mul7service'Domain'
Mobile!Worker!
IP!Voice!
Access'Control'
CCTV'
RFID!
Ethernet'Network'
Wireless'AP'
Process'Domain'
Router'Firewall'
Switch'
Sta7on'WAN'&'Security'
Block'Valve'Sta7on'
Controller'
Instrumenta7on'
Centralized'Opera7ons' Office'/'Business'Domain' Internet'Edge'
WAN'Networks'
Internet' 3rd'Party'Support'
Voice'
Wireless'
WLAN'Controller'
Call'Manager'
Voicemail'
Engineer'Worksta7ons'
Applica7on''Servers'
Domain''Controller'
SCADA''Primary'
Remote''Access'
Leak''Detec7on'
Operator'Worksta7ons'
SCADA''Backup'
DAS'Master'Control'
Historian'
Repor7ng'
Metering''Systems'
Incident''Response'
(virtua
lized
/non
/virtua
lized
)1
(virtua
lized
/non
/virtua
lized
)1
Wireless'
WLAN'Controller'
Call'Manager'
Voicemail'
SCADA'&'Opera7onal'Business'Systems! Physical'Security' Voice'
Connected''Pipeline'Reference'Architecture'
Display'
Metering' Protec7on'Feeder''Protec7on'
Magelis'
Video''Opera7ons'
Access''Opera7ons'
Video''Storage'
(Red
unda
nt1
Op5o
ns)1
(Red
unda
nt1
Op5o
ns)1
(Red
unda
nt1
Op5o
ns)1
SIEM SIEM
SIEM SIEM SIEM
Switch'
SIEM SIEM SIEM SIEM
SIEM SIEM SIEM SIEM SIEM
SIEM SIEM
SIEM SIEM
SIEM SIEM SIEM SIEM SIEM SIEM SIEM
SIEM SIEM SIEM SIEM SIEM SIEM SIEM
IP/Ethernet'
DWDM'
IP/MPLS'
Converged'OT'&'IT'Opera7onal'Field'Telecoms'Wired' Converged'OT'&'IT'Opera7onal'Field'Telecoms'Wireless'
3G/LTE'WiMax'
900Mhz'RF'Mesh'Satellite'
Microwave'
DAS!=!Op@
cal!A
cous@c!Se
nsing!
DAS!=!Op@
cal!A
cous@c!Se
nsing!
IDMZ' IDMZ'
RAS''
SIEM
SIEM
AAA' AAA'
RAS''
SIEM
SIEM
7 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Use cases
8 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Wireless Bridging
Mobile Workforce
Wireless Instrumentation
Personnel Health & Safety
Physical Security
Physical Security
Location Tracking
Remote Expert
Remote Expert
Vehicle Mobility
Perimeter Monitoring
Asset Management
Asset Management
Physical Security
Connected Refinery/Processing Use Cases
9 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Connected Refinery/Processing Use Cases Overview No. Name Description
CRP1 Wireless Bridging, non-wired deployment
Control network extension or new are deployment which is hard to access due to terrain conditions Wireless bridge to interconnect two site areas based on industrial grade hardware which complies with security and performance requirements, or wireless deployed where cabling options are expensive or impractical • Reduced cost • Eliminate islands of control • Safer deployment • Secure and reliable communications
CRP2 Mobile Workforce Provide plant based workers tools to enable them to do their job effectively first time. Multiple workers to perform simple tasks associated with the lack of available information in the field Mobile devices that are wirelessly connected to the control systems enabling field operation and access to maintenance tools that enhances worker experience • Increased worker productivity and accuracy • Mobile operations management • Scalable, secure and reliable communications
CRP3 Wireless Instrumentation Connectivity to sensors and instruments via industrial wireless (typically ISA100 or WirelessHART). Multiple plant locations with hard to access measurement points which are not considered in projects due to implementation cost
10 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Connected Refinery/Processing Use Cases Overview No. Name Description
CRP4 Personnel Health & Safety Detecting and monitoring fixed locations and mobile workers for leaks, falls etc. Detecting and monitoring hydrocarbon leaks around the tanks, valves, and pipe flanges. Level fluctuates a lot due to process demand. Non-intrusive solution to detect liquids used around the tanks, sump wells, and curbs of pump skids • Tanks spills monitored to improve employees safety and avoid environmental incidents • Demonstrates regulation compliance Portable Health & Safety H2S Detector Man-Down Scenario / Accelerometer integrated into portable device
CRP5 Turnaround Plants will get maintenance and upgrade windows to replace equipment, changes processes, recalibrate etc. Whenever plants are offline they are not producing and this therefore costs money. Providing workers with tools and processes to reduce overall turnaround will save time and money. In an example in a US refinery turnaround was reduced from 4 to 2 weeks, and the workforce to complete the turnaround was halved. Mobility technologies for the workforce, combined with applications and processes on their devices back to central workflow and completion tools.
CRP6 Physical Security Wired or wireless capability for video, CCTV, access control and analytics. Improve Asset and People Surveillance in large and remote industrial facilities. Improved monitoring, faster response to incidents and quicker to key decisions
11 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Connected Refinery/Processing Use Cases Overview No. Name Description
CRP7 Asset Location Tracking
Improve inventory visibility, supply chain operations, and materials management during site construction, upgrades and throughout the asset lifecycle. Leverage Unified Wireless Infrastructure to track assets Reduce Non-Productive Time (NPT), replacement parts and materials can be more easily tracked and located
CRP8 Remote Expert Video and collaboration technologies to connect plant workers to remote experts with specific expertise to help with tasks, training, completion, faults etc.
CRP9 Vehicle Mobility Onboard vehicle communications providing in vehicle wireless hotspot for mobile working, connectivity to PTZ cameras for incident verification, data backhaul across the wireless MESH infrastructure, vehicle location tracking across the infrastructure.
12 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Connected Refinery/Processing Use Cases Overview No. Name Description
CRP10 Safety Shower Monitoring
Alarming and alerting via wireless infrastructure when safety showers are used due to safety incident. Tie back to video feeds and leak and levels sensors for incident verification.
CRP13 Preventative Asset Monitoring and Management
Providing ongoing data updates on plant machinery and asset performance (such as motors, valves, pumps) to optimise performance, and to proactively detect issues before they occur. Information can easily be gathered via wireless sensors.
13 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Unified Industrial Wireless & Mobility
Secure Ops
Wireless Mobile Workforce Productivity
Wireless Asset & People Tracking
Secure Ops, Compliance & Cyber Security
Industrial Wired Infrastructure
Connected Refinery/Processing Technology Use Cases
14 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Refinery/Processing Use Cases Overview No. Name Description
CRP20 Unified Industrial Wireless and Mobility
Delivering a secure wireless infrastructure to enable wireless instrumentation, personnel safety, inventory and asset management, and increased automation efficiency. The Cisco 1552 Access Points are hazardous location-certified and designed specifically for hazardous environments like oil and gas refineries, chemical plants, and process control applications. The 1552S and 1552WU provide a seamless, single-box solution for wireless sensor networks and wireless mobility use cases.
CRP21 Wireless Mobile Workforce Productivity
• SAP Mobility Platform • Cisco Jabber for field collaboration and remote expert, including presence, instant messaging,
voice, video, and conferencing from a single interface • Video providing access to remote expertise and on the Job training • BCOM Class 1 Div/Zone 1 certified smartphones and tablets
CRP22 Wireless Asset & People Tracking
Cisco, together with partners like AeroScout and Extronics, delivers Class and Zone certified integrated wireless mobility and tracking over a secure wireless infrastructure enabling: • Worker location tracking for personal safety monitoring • Portable H2S gas detector monitoring and tracking • Man-down alarming and alerting • Wearable technologies such as Emergency Alert, head/body video camera • Mobile maintenance and turnaround including high definition video for remote support
CRP23 Multiservice Wired Infrastructure
The multiservice communication network enables use cases such as video surveillance, access control, and data access, leading to increased worker safety, productivity applications, and enhanced experience.
15 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Refinery/Processing Use Cases Overview No. Name Description
CRP24 Secure Ops, Compliance & Cyber Security
Helping businesses manage cyber security risk and compliance requirements in industrial automation environments. Combining on-premises technology, processes, and managed services, Cisco Secure Ops implements and maintains layered (ISA99/IEC 62443) security controls within operational networks and delivers a number of benefits: • A consistent, integrated solution for addressing security and other risks found in the ICS domain • Increased site productivity and lower cost of operations, security, and compliance • Improved, and in some cases automated, compliance • Lower risk to the ICS environment.
CRP25 Industrial Wired Infrastructure
Cisco ruggedized infrastructure provide a secure, highly available, easily manageable communications infrastructure for platform control systems, extending onshore as part of integrated operations. Cisco industrial Devices are an integral part of the control system, allowing process engineers to monitor and control the communications infrastructure through a common management interface Devices support industrial protocols and include specific enhancements for CIP, Modbus, PROFINET and GOOSE, leverage Cisco IOS for industry leading security and communication features, and are hardened to ensure high reliability in extreme environments. The multiservice communication network enables use cases such as video surveillance, access control, and data access, leading to increased worker safety, productivity applications, and enhanced experience.
16 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Use Case 4 : SCADA Software Version Update No. Name Description
CPL4 SCADA Software Version Update
SPAN Port Forwarding of Live Field Data • To ensure a smooth transition for SCADA system upgrades, a standalone server running
new software will interact with live field data which is forwarded via a span port • This will allow operators to ensure monitoring and control commands are operational from
the new system, prior to upgrading.
17 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Use Cases : Safety & Security No. Name Description
SS1 Physical Intrusion Detection Detecting the intrusion activities on both onshore and offshore perimeters • Video Surveillance
- Intrusion Detection at the perimeter. - Can be based on Motion Detection and Video Analytics (Tripwire)
• Access Control - Intrusion Detection at the gates/barriers - Multifactor Authentication (Badge, keypad, biometric scan – MorphoTrak). - Anti-Passback rules and prevention of tailgating with turnstiles.
• IPICS - First responder notification based VS and/or AC alarms - Can be on IP Phones, smart phones (Android/iOS), analog (UHF/VHF) or digital radios
(TETRA, P25)
SS2 Incident Management Focused on managing an incident on the IPICS Incident Framework • IPICS
- IPICS Dispatcher can create an Incident based on an event (e.g. emergency) - Dispatcher can add the necessary users, radio channels and video cameras to the incident. - All the users on the incident can collaborate on voice (PTT), video (live video from Video
Surveillance Manager, video clips taken from smart phones) or data (journal text messages).
- Dispatcher can call out and dial-in remote people, and add on the PTT talk group. - Incidents can be created manually or automatically (based on a schedule, or triggered with
an event).
18 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
SS1 Use Case : Intrusion Detection
IP Camera Media Server Access Control Manager
Door / Barrier
IPICS Server Radios (Analog / Digital)
IP Phones
Motion Detection
Video Analytics
Starts Video Recording
HTTP Trigger
Open/Lock Door
HTTP Trigger
Policy Activated
Push Recorded Message on Radio Channels
Dial-out to External Phones
Access Control Gateway
Door Command
19 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
SS2 Use Case : Incident Management
IP Camera Media Server IPICS Server Radios
(Analog / Digital) IP Phones
Motion Detection
Video Analytics
HTTP Trigger
Policy Automatically Creates a New Incident
IPICS Dispatcher IPICS Mobile
Client
Manual Command
Dispatcher Manually Creates a New Incident
Any-to-any Push-to-talk communication between Radios, Dispatcher, Mobile and IP Phone Clients over the Incident
Camera Streams from VSM can be added to an Incident. Video streams can be viewed on the IPICS Mobile Clients and Dispatch Consoles
Camera Stream
20 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
SS4 Use Case : Remote Expert
IP Camera Media Server
Video Stream
IPICS Dispatcher Dials an external number in
IPICS Dispatcher
Remote Expert
On-site Technician
On-site Technician
SIP
Dispatcher patches the external call to a radio channel
Dispatcher, Remote Phone User and On-site technician communicate via Push-to-Talk using the Dispatch Console, Radio and IPICS Mobile Client
Dispatcher and IPICS Mobile Client users view streams from Video Surveillance Manager
Mobile Client user sends video clips and photos taken with the smartphone
21 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Спасибо!