Resources

Denver digital assets library
Case Study

ATOM Strengthens OT Security Posture for Operational Performance Confidence

Jump to:

Established in 2015, Australian Terminal Operations Management (ATOM) runs fuel terminals on behalf of its customers. Across their 17 Australian terminals, ATOM operates two technology environments: a corporate information technology (IT) environment and an operational technology (OT) environment including process control networks.

Challenge

Rhys Long, IT Manager, ATOM has a portfolio that comprises wide-area networks, Cloud infrastructure that support both the Corporate and OT environments, end user devices and other technologies, while also looking after overarching IT & OT network cyber security governance and policy.

ATOM inherited an OT network, spread across 4 sites around Brisbane to manage the delivery of fuel and petroleum products – including a pipeline, pumping system, storage facilities, tank distribution and multiple control rooms. Of the 4 sites, 2 were un-manned facilities, operated remotely from control rooms.

The legacy OT network design of the 4 sites was complex and difficult to maintain – particularly for remote administration at the 2 un-manned facilities, where technicians had to physically visit to resolve problems if they occurred. In addition, the network needed to be refreshed and maintained to improve its backup network and WAN system which had reached end of vendor support.

ATOM knew the OT network was critical to its safe and efficient management and, with the help of Denver, identified a range of benefits of securely connecting its process control systems to its corporate network to enable remote access and minimising cyber-threat risks.

Back To Top

Solution

ATOM undertook an OT Network Refresh and Cyber Security Project on a Pipeline Telemetry System to:

  *   Build real-time interfaces with customer systems
  *   Improve the business’s security posture
  *   Enhance productivity and efficiency

Denver led the deployment of a new OT network and infrastructure to provide a more efficient, cost effective, secure and maintainable IT/OT environment for ATOM.

Denver provided OT Project Management, OT Cyber Security, OT network architecture along with OT network deployment expertise whilst managing other key stakeholders – primarily, the SCADA and Process Automation Systems (PAS) provider and the WAN link telecommunication provider.

In conjunction with these stakeholders, Denver developed and executed a design that simplified, secured, and enhanced the supportability of ATOM’s distributed OT infrastructure. This included:

  • Isolating the OT production systems in an air gapped network
  • Providing remote out-of-band management integrated into the client IT/OT remote management infrastructure
  • Extending the operation of systems at the unmanned sites across the OT network
  • Deployment fibre switching across private fibre links between plant locations and separation of different control system traffic across those links
  • Integrating into the HMI at control rooms
  • Secure firewalling and network separation of OT sub-systems.
  • Provisioning of network congestion control mechanisms to prevent spikes in network control data and reporting information from interrupting/limiting other control systems.

This allowed for:

  • better management and secure remote access to the OT infrastructure
  • better management of the systems at the unmanned sites for secure separation of the management layer from the product systems OT network connectivity
  • better monitoring and management of systems across the pipeline to allow for integrated management of each sites OT and pipelines systems from the same control rooms.

The existing OT network needed to remain operational during the project, so a new side-by-side OT network was deployed and full testing of the WAN, Firewall and OT Application connectivity was undertaken before attempting to migrate the live control systems. Migration of the production control systems to the new OT infrastructure was undertaken during a series of scheduled maintenance windows with one control system at a time being moved across at all sites and validated prior to the next being migrated – ensuring pipeline operation continuation was possible, post maintenance window.

Denver’s strong Operational Technology skills and in-depth industry knowledge helped ensure a smooth implementation.

“The Denver team got the balance right between our ‘fit for purpose’ philosophy and ‘gold plating’ the project. When we work with Denver, there is always an element of flexibility,” says Rhys Long. “Our methodologies vary between sites and they can accommodate our requirements in each case.”


Back To Top

Results

Denver is complying with ATOM’s customer’s security and risk policies, enabling ATOM to implement  real-time interfaces between the two business’s systems. It has also delivered remote access to process control networks, enabling team members to troubleshoot and provide support remotely, improving productivity and minimising disruption to personal lives.

“We’ve made huge inroads from a business perspective mitigating cyber security risk with policy and governance and from a technical perspective, the solutions we’ve implemented and the changes we’ve made, better strengthen our security posture,” Long says.


Today, ATOM is achieving as close to 24 hour day, seven day a week, 365 day a year availability as possible, minimising the risk of losing system access. With Denver’s assistance, ATOM continues to mature and strengthen its cyber-security approach. 


Back To Top

Recommended Reading
Category: IT/OT
Topic: Cybersecurity
Ready to learn more about digital transformation at speed?