drilling information under cyber threats - iadc information under cyber threats data acquisition,...
TRANSCRIPT
Drilling Information under Cyber threatsData Acquisition, Management & Security
Victor Vela, R&D Software Manager
3/9/2016
© 2016 Weatherford. All rights reserved.
***The following presentation is provided for information and discussion purposes only. Any views or opinions provided are those of the author and do not necessarily represent the views or opinions of Weatherford. No one should rely on any information in this presentation. Weatherford makes no warranty or representation with respect to the information or suggestions in this presentation. You assume all responsibility for any decision made based on information or suggestions in this presentation, including any drilling, well treatment, production or other financial decision.***
Disclaimer
© 2016 Weatherford. All rights reserved.
Data Plan: Methods & ProvidersProviders
Drilling, Evaluation, Completion, Production, InterventionMethods:
CommunicationWITS0, WITSML 1.3.1, WITSML 1.4.1, WITSML2.0, ETP, Static Files
Unit of Measure
Plans vs. Actual
Time Sync
Frequency of Data
How does client want data structure?
Limits and Alarms
MWD/ LWD
Other Vendors
Mud Logging
Wireline
Fracture & Stimulation
Electronic Drilling Recorder (EDR)
CPDData Hub
© 2016 Weatherford. All rights reserved.
Data Quality Plan
Definition of Quality– Requirements must be defined, understood, and clarified– Products and services conforming to the requirements are
delivered
Data Quality Plan– Job Planning and preparation– Execution and conformance– Differences of execution and plan
© 2016 Weatherford. All rights reserved.
Established Standard
Include information about which of the main official versions a given mnemonic belongs to:
1. Real‐time2. Raw memory data3. Memory data (QC’ed)4. End of Well5. Final data (*)
Provide basic organizational metadata on most common data groups.MWD and ML, real‐time drilling data:
1. Wellbore2. Section3. Run
© 2016 Weatherford. All rights reserved.
Verify Before RigProviders
Drilling, Evaluation, Completion, Production, Intervention
MWD/ LWD
Other Vendors
Mud Logging
Wireline
Fracture & Stimulation
Electronic Drilling Recorder (EDR)
CPD
Weatherford
Baker Hughes
Halliburton
Schlumberger
VendorsApplications
The <dialect> Challenge
© 2016 Weatherford. All rights reserved.
Network Infrastructure
CompanyWAN
Service CompanyWAN
DB
WWW
© 2016 Weatherford. All rights reserved.
Data Flow within Network
CompanyWAN
DB
Service CompanyWAN
DB
WWW
ProvidersDrilling, Evaluation,
Completion, Production, Intervention
MWD/ LWD
Other Vendors
Mud Logging
Wireline
Fracture & Stimulation
Electronic Drilling Recorder (EDR)
CPD
© 2016 Weatherford. All rights reserved.
Quality Assurance & Monitoring
Data Quality Plan– Job Planning and preparation– Execution and conformance– Differences of execution and plan– Key Performance Indicators
Monitoring– Execution and conformance– Key Performance Indicators tools– Infrastructure Monitoring / Notifications
© 2016 Weatherford. All rights reserved.
Quality Assurance and Monitoring
Data Quality Plan Monitoring
Job Planning & Preparation
Execution & Conformance
Differences of Execution & Plan
Key Performance Indicators
Execution & Conformance
Key Performance Indicators Tools
Infrastructure Monitoring / Notifications
© 2016 Weatherford. All rights reserved.
Data Management
The Applications
Data Function
Data Manager
Security Access
& Controls
Real‐Time Data Big DataHistorical
Server layer
Data base layer
Data Access Layer
Data Access Layer
© 2016 Weatherford. All rights reserved.
Data Center Options
17
Client Network
WITSML Stream WITSML Access
Hosted Solution
Synchronized WITSML Data Base Store
WITSML Stream WITSML Access
Rig Data Center Office
© 2016 Weatherford. All rights reserved.
Groups and Access
Engineering Management
Subject Matter Expert
Operations Management
Client Management
Monitor Data Transmission & Communication
Systems
QA / QC of Data from Servers
Operations Monitoring
Client Operations
© 2016 Weatherford. All rights reserved.
Top Ten – Security Breach
1. Lack of cyber security awareness and training among employees2. Remote work during operations and maintenance3. Using standard IT products with known vulnerabilities in the
production environment4. A limited cyber security culture among vendors, suppliers and
contractors5. Insufficient separation of data networks6. The use of mobile devices and storage units including smartphones7. Data networks between on/offshore facilities8. Insufficient physical security of data rooms, cabinets, etc.9. Vulnerable software10. Outdated and ageing control systems in facilities
© 2016 Weatherford. All rights reserved.
Data Security
Elements of Security that must be covered– The Network– Data on the network– Servers and systems providing the hosting service– The client machines that access the service– Recovery from disaster with any aspect of the primary store of data
– Users perception about security and the value they assign to their data
© 2016 Weatherford. All rights reserved.
What does a Cyber Attack look like?
Increasing pipeline pressure Changing field device parameters Closing/opening motorized valves Causing a denial of service attack within an control system
Increasing/decreasing motor speed Displaying fake process diagrams and alarms to the operators’ human machine interfaces (HMI)
© 2016 Weatherford. All rights reserved.
Top Areas of Cyber Attacks
People• Sharing Accounts/Passwords/System Sharing• Innocent breach / Deliberate breach
System Usage• Web & Social Media subscriptions• Applications
Network• Other Network connections• Back door intrusion
© 2016 Weatherford. All rights reserved.
Users & Application Roles component
System Admino System Admin
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ OneSync Admin
o Client Admin (users and data)o Single Point of Authority
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ RTOC Users Power Users Service Company Data Providers
o LWD/MWDo Mud Loggero Wirelineo Secure Drilling
© 2016 Weatherford. All rights reserved.
Application on the Network
StrongerNetwork Measures
Not Operational
Significant Change
© 2016 Weatherford. All rights reserved.
Compromising the Network
These third‐parties typically use remote access tools to connect to the company’s network, but don’t always follow security best practices
Impact
Evil Twin Access Point
Duplicate router
Risk exposure from those devices on the corporate network other Trojan software that can access the device's network connection
Tethered smartphones used for network or Hotspot
Spying on an Unencrypted Network
Methods
1
2
3
4