The world's most capable, rugged and secure
industrial control system...

Introducing Bedrock OSA® Remote

  • Intrinsically-secure PLC and RTU control
  • 10 or 20 channels of universal I/O
  • Free IEC 61131-3 engineering software
  • -40ºC to +80ºC temperature range
  • Rugged, all-metal case 5.4 in x 8.9 in x 2.3 in
Learn More

Industry News

Cyber Security & Standards

Flow Computing Goes Digital

February 24, 2020
Shawn Bellamy

Small discrepancies in custody transfer calculation can make a big difference on the bottom line of an oil & gas producer.  The writers of a recent SAP report on oil & gas industry cyber security give the following example:


“… Pump Station 2 on the Alaska Pipeline is designed to pump 60,000 gallons per minute (227 cubic meters per minute) of oil. A small error of 0.1% equates to an error of 2,057 barrels of oil a day. At a spot price of $105 a barrel, that 0.1% error would cost $216,000 a day. Over a year, the 0.1% error would amount to a difference of $78.8 million. Note that the error could either be on the high side, benefiting the seller; or on the low side, to the buyer’s benefit.”


Digital transformation to the rescue, but …


Increased open connectivity, advanced data analytics, and higher capacity automation technology are available to help producers eliminate uncertainty in processing oil and gas custody transfer, but there is a potential catch.


“While the potential benefits of these emerging technologies are huge, companies should also be aware that the incorporation of these technologies comes with risks—most notably cyber risk,” write the authors in a recent National Law Review update on cyber security legislation.


Documented pipeline vulnerability


Cyber-attacks on pipelines have, in fact, been documented for at least 10 years. The operators of a multi-use pipeline that transported oil and gas through North America, for example, were having allocation issues related to the volume of production reaching a refinery.


“Staff at the refinery would say to producers ‘whatever you’re reporting was not what we metered, and we are not going to pay for that … Eventually, the cause of the problem was identified as planned manipulation of the real production values by a foreign entity. They were able to access the pipeline system because a vendor that installed flow computers did not change the default passwords, and the machines were accessible on the internet,” writes Paul Smith in Security Boulevard.


In a more recent instance, Bloomberg Business News reported that in 2018 at least seven pipeline operators transferring natural gas from Energy Transfer Partners LP to TransCanada Corp. said that their third-party electronic communications systems were shut down, with five confirming the service disruptions were caused by hacking. These were not production systems, but electronic systems that helped pipeline customers communicate their needs with operators via a computer-to-computer exchange of documents, such as contracts and invoices.


The need for a better flow computer


Critical to improving the custody transfer process is a flow computer, which processes flow calculations to control and monitor the exchange of oil & gas. But most flow computers are not up to the task, for at least the following reasons:

  • Legacy flow computers do not have the communications capability or processing power to leverage the increasing data volumes that are emerging
  • Legacy flow computers are not well-integrated with other oil & gas production operations, which are increasingly getting more complex and deploying multiple transfer stations
  • Legacy flow computers are highly vulnerable to cyber security attacks.


These factors limit the speed and accuracy of custody transfer and require investment in multiple devices and engineering tools to accomplish the job. And, achieving necessary cyber protection requires the purchase and maintenance of additional technology, such as firewalls and intrusion detection devices.


Additionally, most of the legacy flow computers are approaching the end of their physical lives and while legacy vendors have introduced new product versions, many are already out of date, especially in terms of their performance, integration and security capabilities.


Cyber Security & Standards

U.S. Security Agencies Warn of Cyber Attack Threats to Unauthenticated PLCs and other OT

August 27, 2020
Robert Bergman

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have urged critical infrastructure facilities to take […]

Cyber Security & Standards

Encrypt or Be Encrypted: Mysterious Ransomware Attacks OT

August 27, 2020
Robert Bergman

A second bit of ransomware code designed to target industrial control systems has emerged. Similar to the Megacortex malware that […]

Cyber Security & Standards

Signs of Hope in Cyber Security, But …

August 27, 2020
Robert Bergman

Accenture has published its 2020 Cybersecurity Resilience Report based on its survey of 4,644 executives in 24 industries. Although few […]