Secure Virtual Solution for Offshore & Onshore ICS Network

Leviathan production facility is located offshore Israel and is primarily a gas producing facility. Facility exports Gas and Condensate to onshore pipeline station. Condensate pipeline leads to Hagit Terminal for processing, storage & further transfer.

Geographical location of the facility demanded the highest level of Cyber Security for facility control system. W-Industries was tasked with providing a secure virtual solution for ICS Network Offshore and Onshore. Collaboration with W-Industries and Noble Infosec proved to be challenging yet successful for hardening the Servers, Workstations, Switches/Routers and involved many tests to achieve top notch cyber security.

W Industries provided complete ICSS, Networking and Cyber Security solutions to all three facilities.

Leviathan Production Facility (LPP) ICSS comprises PLC based Process Control System, Emergency Shutdown System, Fire & Gas System, Gateway System and Wonderware ArchestrA based Supervisory Control and Data Acquisition (SCADA) System. All components of ICSS system are designed to be redundant to avoid single point of failure. Redundant processors communicate to redundant IO modules through redundant Ethernet adapters. Ethernet DLR is used for IO communication. Hardwired IO count for the complete system is in excess of 7000 and are wired to 15 remote IO panels strategically located throughout the facility. On the HMI front redundant HMI servers run multiple virtual servers communicating to ICSS PLCs and provide data 20+ HMI Clients.

On the HMI front, we provided two identical domain controlled Virtual Environments giving the client the option upon site or hardware failure to utilize either environment (LSM/DSM) to run the platform independently. Virtual environment was built with VMWare 6.5 and VMWare Horizon 7 for reliable and efficient thin client environment.

Redundant layer 3 Cisco backbone switches were used for main PCN network with redundant Cisco Layer 2 switches used for PLC, Maintenance and PECS network. Control system network was designed with clear separation between layers using Eagle 30 and Tofino firewalls.