LOGIIC – Linking the Oil and Gas Industry to Improve Cyber Security
LOGIIC – An Ongoing Partnership
The LOGIIC (Linking the Oil and Gas Industry to Improve Cybersecurity) program is an ongoing collaboration of oil and natural gas companies and the U.S. Department of Homeland Security, Science and Technology Directorate. LOGIIC was formed to facilitate cooperative research, development, testing, and evaluation procedures to improve cybersecurity in petroleum industry digital control systems. The program undertakes collaborative research and development projects to improve the level of cybersecurity in critical systems of interest to the oil and natural gas sector. The program objective is to promote the interests of the sector while maintaining impartiality, the independence of the participants, and vendor neutrality.
The LOGIIC 2005-2006 Correlation Project
The LOGIIC Correlation Project was a 12-month technology integration and demonstration project jointly supported by industry partners and the U.S. Department of Homeland Security Science and Technology Directorate (DHS S&T). The project demonstrated an opportunity to reduce vulnerabilities of oil and gas process control environments by sensing, correlating and analyzing abnormal events to identify and prevent cyber security threats.
Motivation
The Process Control Networks and SCADA systems used by the Oil & Gas Industry were facing new threats and vulnerabilities. New threats come from terrorists who want to destabilize energy industry supply capabilities and the national economy. New vulnerabilities have been introduced with the migration to standard IT components (e.g. general-purpose computing platforms and standard operating systems), introduction of standard networking technology such as TCP/IP and Ethernet in the SCADA environment, and integration of business and process control networks.
Approach
This project examined needs and solutions for correlating and analyzing abnormal events to provide indications and warnings of cyber-security threats. The end vision was to enable informed response to threats by taking corrective action. The goal of the project was to achieve the ability to correlate abnormal events from the process control network and its interfaces to the business network with alerts from sources on the business network (intrusion detection systems, firewalls, etc.). The project partners successfully achieved the following:
- Identifed and adapted new types of security sensors for process control networks
- Adapted a best-of-breed correlation engine to this environment
- Integrated and demonstrated the technology suite in test bed
A principal success factor was the intense collaboration of the Government and Industry partners in defining scope of an appropriate challenge problem. The problem was defined to address an important unmet need in control system cyber security, while retaining applicability to general architectures used in the sector. The problem was scoped to be complex enough to motivate interest, but achievable in the tight, self-imposed twelve month project time line.
The solution is presently advancing from test bed to pilot deployment. It is hoped that other stakeholders will adapt the solution to fit their particular needs.
The project was briefed in a one day VIP event in Houston, Texas, on September 11, 2006. Attendees included senior representatives from the oil and gas sector, vendor, government, and the research community. An informative video is available to qualified applicants.
Organization
LOGIIC represents a model example of a partnership between Government and Industry. In this project, the oil and gas companies contributed the operational environment and expertise, and project management, while the vendor companies provided security expertise and products. DHS S&T contributed testing facilities and independent research staff with technical security expertise.
The DHS Science and Technology Directorate is actively exploring further Government and Industry partnerships in this and other sectors.