Refinery Improves Cybersecurity

The Port Arthur, Texas, refinery of Total Petrochemicals & Refining USA wanted to address today’s rising security threats while allowing its staff to keep focusing on production. The facility, which has a capacity of 169,000 bbl/d of transportation fuels, processes crudes with conversion capabilities centering on coking, fluid catalytic cracking and reforming technologies. The site is part of the Refining-Petrochemicals Americas Segment of Total S.A., La Défense, France.

The refinery worked with Honeywell to achieve an enhanced cybersecurity posture; this is the first effort of its kind within Total Petrochemicals & Refining USA.

Total’s approach — teaming up with a recognized cybersecurity specialist — made good business sense. The company realized that refinery personnel are very knowledgeable in plant processes but often don’t have the resources and skills to maintain the ongoing security posture of the process control network (PCN).

Yet, cybersecurity now is a pressing concern. Bad actors increasingly have targeted industrial control systems (ICSs) since the discovery of Stuxnet in 2010. As recently as March 2019, a ransomware attack forced a large aluminum producer to move to manual operations. The discovery of more and more industrial exploits has pointed up that even common practices like using USB drives to maintain an ICS can enable bad actors not only to propagate malware but also to take over machine commands.

For industrial sites, specific cybersecurity vulnerabilities can include:

• Lack of security policy and procedures;
• Undocumented or undiscovered ways to gain access to the industrial process network from the public Internet;
• Access points that span the business local area network to the PCN;
• Out-of-date anti-virus software;
• Obsolete firmware and operating systems that can’t be maintained with security updates and patches;
• PCN architectures implemented without network segmentation and other security design considerations; and
• Incomplete or infrequent backup processes.

Media Monitoring

Figure 1. Site has installed special system that checks USB devices.

As part of the lifecycle management of the control system, Total’s engineering staff consulted with Honeywell’s cybersecurity experts to perform a complete site audit to identify security vulnerabilities and develop a strategy to mitigate threats. Total corporate representatives met with Honeywell specialists to define and implement an approach to updates, patching and other cybersecurity activities that allowed the plant to improve site security while still focusing on its core refining processes.

Key to implementing an effective cybersecurity program was supporting the small in-house automation department at Port Arthur responsible for overseeing a relatively large PCN consisting of approximately 120 servers and workstations.

A Range Of Services

In approximately 2011, Honeywell’s Managed Industrial Cybersecurity Services began supporting the Total team. The services have helped to reduce the risk of security breaches and manage the security posture of the process control infrastructure. Honeywell provided skilled industrial security engineers to support the ongoing maintenance and monitoring of the site’s industrial cybersecurity.

Honeywell’s cybersecurity services for the Port Arthur Refinery include:

• Honeywell Secure Connection, featuring encrypted communication to protect data even through the site’s corporate network;
• Automated patching and anti-malware services to ensure ongoing updating of all computers with the latest security protections;
• Continuous monitoring and alerting services to check the performance and health condition of the PCN, including controllers, servers and workstations; and
• Intelligence reporting services to transform system statistics into actionable trends.

When a facility like the Port Arthur refinery launches Honeywell’s Secure Connection, an authenticated, encrypted virtual private network is established. Various Honeywell and Total entities can connect to this network to help the refinery address security or general maintenance issues. Having a secure means of remote connection and maintenance also can help reduce downtime and troubleshooting related to any issues.

Honeywell provides a dedicated site support specialist as part of Total’s services agreement. This person assists with patch and anti-virus automation, security and performance monitoring, activity and trend reporting, advanced monitoring and co-management, and secure access.

With the support from Honeywell, the Port Arthur refinery has greater visibility into the cybersecurity and system conditions of its PCN architecture.

Total now has added Secure Media Exchange (Figure 1). This checks USB devices entering and exiting the facility. It automatically updates threat intelligence and includes human response capabilities to help detect and stop malicious USB actions.

Future plans include expanding the scope of Honeywell’s services to cover additional assets such as analyzer networks and safety systems. Total also wants to provide global users on its business network with safe and secure access to cybersecurity information when needed.

Honeywell’s suite of technology infrastructure services has helped Total secure the various aspects of its distributed control system. It includes an array of security defenses integrated to protect the network, workstations, applications and process equipment.

This approach results in enhanced operating system security, stability and reliability, ultimately contributing to improved production and safety for complex industrial facilities.

MARK LITTLEJOHN is Houston-based director, managed security services, for Honeywell Industrial Cybersecurity. Email him at [email protected].