The LOGIIC (Linking to the Oil and Gas Industry to Improve Cybersecurity) Correlation Project was a 12-month technology integration and demonstration project jointly supported by industry partners and DHS S&T. The project demonstrated an opportunity to reduce vulnerabilities of oil and gas process control environments by sensing, correlating and analyzing abnormal events to identify and prevent cyber security threats.
View the LOGIIC Cyber Security System Brochure.
Motivation
The Process Control Networks and supervisory control and data acquisition (SCADA) systems used by the Oil & Gas Industry were facing new threats and vulnerabilities. New threats come from terrorists who want to destabilize energy industry supply capabilities and the national economy. New vulnerabilities have been introduced with the migration to standard IT components (e.g. general-purpose computing platforms and standard operating systems), introduction of standard networking technology such as TCP/IP and Ethernet in the SCADA environment, and integration of business and process control networks.
Approach
This project examined needs and solutions for correlating and analyzing abnormal events to provide indications and warnings of cyber-security threats. The end vision was to enable informed response to threats by taking corrective action. The goal of the project was to achieve the ability to correlate abnormal events from the process control network and its interfaces to the business network with alerts from sources on the business network (intrusion detection systems, firewalls, etc.). The project partners successfully achieved the following:
- Identified and adapted new types of security sensors for process control networks
- Adapted a best-of-breed correlation engine to this environment
- Integrated and demonstrated the technology suite in test bed
A principal success factor was the intense collaboration of the government and industry partners in defining scope of an appropriate challenge problem. The problem was defined to address an important unmet need in control system cyber security, while retaining applicability to general architectures used in the sector. The problem was scoped to be complex enough to motivate interest, but achievable in the tight, self-imposed twelve month project time line.
The solution is presently advancing from test bed to pilot deployment. It is hoped that other stakeholders will adapt the solution to fit their particular needs.
The project was briefed in a one day VIP event in Houston, Texas, on September 11, 2006. Attendees included senior representatives from the oil and gas sector, vendor, government, and the research community. An informative video is available to qualified parties – send email inquiries to SandT-Cyber-Liaison@hq.dhs.gov.
Contact
Program Manager: Greg Wigton