© 2016 Cisco and/or its affiliates. All rights reserved.
Sergey Konovalov
Industrial Internet of Things: Experience and Business Opportunities in O&G
Industrial IoT Engineering Executive
Internet of Things GroupAmazing things Happen When You
Connect the Unconnected
Cisco Confidential 2©2016 Cisco and/or its affiliates. All rights reserved.
Industrial IoT: результаты внедренийDecrease Plant Turnaround time by 4 days
10% reduction in the maintenance costsDownstream
Midstream
Upstream
Detect under 1 minute and 1 meters resolution
Introduce Rapid Leak Detection and Leak Prevention Methodologies
4% Onshore Brownfield Production Increase
Increased recovery rate
Cisco Confidential 3©2016 Cisco and/or its affiliates. All rights reserved.
• Scale (Millions of smart sensors)• Proprietary Standards (Interop)• IT & OT separation• Multiple networks (Cntrl & Data)
Новые вызовы и задачи• Siloed Applications• Data Science
• Terabytes of data per day• BW constraint – Straw• Mission Critical Applications• Security, Security, Security
Experts are 1000s of miles away
100s of ProprietaryProtocols
Big Data: 2TB/Well/Day99% of Data Discarded
Safety and Security is top Concern
AnemicSatellite
Connections~256 Kbps
PLCSCADASystems
© 2016 Cisco and/or its affiliates. All rights reserved.
Industrial IoT: Ключевые архитектурные составляющие
DATA CENTER
Information Technology (IT) Operational Technology (OT)
CAMPUS BRANCH PLANT FIELD
Token RingEthernet
FDDIISDNATM
Converged Networks
IT / OT Convergence
Applications Centric ArchitectureThrough Automation
Apps → Configure the network (SDN)Apps → on the network (FOG) BYOA/I
Ethernet
WiFi Key Tenets of IoT
AppStore
AppMgmt
Application Enablement
Cyber
Physical
Security
IT/OT
Protocols
Convergence
© 2016 Cisco and/or its affiliates. All rights reserved.
Конвергенция и виртуализация
Information Technology (IT) Operational Technology (OT)
SCADA Equipment Health
Industrial WiFi
Operational Video
Pipelines MachinesPumps HMI Video
Cameras
ERP CRM VOIP Video
PCs Smart-phones Datacenter Facilities
© 2016 Cisco and/or its affiliates. All rights reserved.
Information Technology (IT) Operational Technology (OT)
SCADA Equipment Health
Industrial WiFi
Operational Video
Pipelines MachinesPumps HMI Video
Cameras
ERP CRM VOIP Video
PCs Smart-phones Datacenter Facilities
Конвергенция и виртуализация
© 2016 Cisco and/or its affiliates. All rights reserved.
EquipmtHealth
IndustrialWi-fiVideoERPCRMVOIPProject
Mgmt.Asset
TrackingSCADASensorNetworkEmailHRMS
SmartPhones
DataCenters Facilities Sensors Access
PointsVideo
CamerasPCs Pipelines MachinesPumps
IoT / Future StateInformation Technology (IT) Operational Technology (OT)
SCADA Equipment Health
Industrial WiFi Safety
Pipelines MachinePumps
Access Points
Video Cameras
ERP CRM VOIP Video
PCs Smart-phones Datacenter Facilities
Конвергенция и виртуализация
© 2016 Cisco and/or its affiliates. All rights reserved.
Безопасность Industrial IoT
Let’s do somemaintenance!
Enterprise Network
VPN
DMZ
Supervisory Network
Control System Network
Remote Facility
IEDs, PLCs,Sensors,
Actuators
Historian
SCADA/DCS Historian
Cloud Systems
App ServerWeb Server
Enterprise Network
DMZ
Supervisory Network
Control System Network
Web Server App Server
Historian
Database
Historian
IEDs, PLCs Sensors, Actuators
Remote Facility
VPN
Field Network Sensors
Cloud Systems
Internet
Actuators
SCADA/DCS
Remote Services
VPN
Enterprise Network
DMZ
Supervisory Network
Control System Network
Web Server App Server
Historian
Database
Historian
IEDs, PLCs Sensors, Actuators
Remote Facility
VPN
Field Network Sensors
Cloud Systems
Internet
Actuators
SCADA/DCS
Remote Services
VPN
Enterprise Network
DMZ
Supervisory Network
Control System Network
Web Server App Server
Historian
Database
Historian
IEDs, PLCs Sensors, Actuators
Remote Facility
VPN
Field Network Sensors
Cloud Systems
Internet
Actuators
SCADA/DCS
Remote Services
VPN
Remote Services
VPN
Field NetworkActuators Sensors
Internet
ZONE-BASEDPlantsZones
THREAT INFILTRATION
Inside and Outside
SIGNATURESIT: Voice/ Data/VideoOT: SCADA
NON-STOP OPERATIONSControl Apps Have Priority
LACK OF SECURITY EXPERTISE“Electricians”
PRIORITYSafety
AvailabilityIntegrity
Confidentiality
© 2016 Cisco and/or its affiliates. All rights reserved.
IIoT ставит задачи новой вычислительной платформе
ENDPOINT
DATACENTER/CLOUD
Traditional Computing Model(Terminal-mainframe, Client-server, Web)
9
© 2016 Cisco and/or its affiliates. All rights reserved.
Fog Computing
DEVICE
DATACENTER/CLOUD
IoT Computing Model(Data Volume, Security, Resiliency, Latency)
FOG on-prem computing
10
© 2016 Cisco and/or its affiliates. All rights reserved.
Cisco & Schneider Electric - IIoT Validation Lab Интеллектуальный трубопровод
Joint Validated Architecture
© 2016 Cisco and/or its affiliates. All rights reserved.
SIEM
Process'Control' Power'Management' Safety'Systems'
Compressor'/'Pump'Sta7on'
Mul7service'Domain'Sta7on'WAN'&'Security'
Process'Domain'
Metering'/'PIG'Sta7on'Metering'
PIG'System
s'
Gas'Q
uality'
Mul7service'Domain'Sta7on'WAN'&'Security'
Process'Domain'
SCADA'&'Opera7onal'Business'Systems!SIEM
Engineer'Worksta7ons'
Applica7on''Servers'
Domain''Controller'
Instrumenta7on' Instrumenta7on' Instrumenta7on' Instrumenta7on'
Quantum' Quantum' MiCom'c264'
SIL3!Controller! SIL3!Controller!
GTW' RI/O' GTW' RI/O!
Historian' Operator'Sta7on'
Historian' PACIS'Operator''
Historian' Operator'Sta7on'
HMI'
Ethernet'Network' Ethernet'Network' Safe'Ethernet'Network'
Ethernet'Network''Safe'Ethernet'Network'
Wireless'AP'
Mobile!Worker!
IP!Voice!
Access'Control'
CCTV'
RFID!
Ethernet'Network'
Wireless'AP'
Mobile!Worker!
IP!Voice!
Access'Control'
CCTV'
RFID!
Ethernet!Network!
Wireless!AP!
Controller' Controller' Controller'
Ethernet'Network'
Historian' Historian' Historian'
HMI' HMI'
Router' Firewall' Switch' Router' Firewall' Switch'
Converged'OT'&'IT'Opera7onal'Field'Telecoms'
SCADA''Primary'
RAS''
Leak''Detec7on'
Physical'Security'
Operator'Worksta7ons'
SCADA''Backup'
Training'Server'
Historian'
Repor7ng'
Metering''Systems'
Main'Control'Center'
Video''Opera7ons'
Access''Opera7ons'
Video''Storage'
Incident''Response'
IP/Ethernet'
DWDM'
IP/MPLS'
(virtua
lized
/non
/virtua
lized
)1
(virtua
lized
/non
/virtua
lized
)1
Backup'Control'Center'
MCC
'WAN
'&'Security
'
BCC'WAN
'&'Security
'
Mul7service'Domain'
Mobile!Worker!
IP!Voice!
Access'Control'
CCTV'
RFID!
Ethernet'Network'
Wireless'AP'
Process'Domain'
Router'Firewall'
Switch'
Sta7on'WAN'&'Security'
Block'Valve'Sta7on'
Quantum'
Instrumenta7on'
Centralized'Opera7ons' Office'/'Business'Domain' Internet'Edge'Internet' 3rd'Party'
Support'
Voice'
Wireless'
WLAN'Controller'
Call'Manager'
Voicemail'
Engineer'Worksta7ons'
Applica7on''Servers'
Domain''Controller'
SCADA''Primary'
Leak''Detec7on'
Operator'Worksta7ons'
SCADA''Backup'
Historian'
Repor7ng'
Metering''Systems'
Incident''Response'
(virtua
lized
/non
/virtua
lized
)1
(virtua
lized
/non
/virtua
lized
)1
Wireless'
WLAN'Controller'
Call'Manager'
Voicemail'
SCADA'&'Opera7onal'Business'Systems! Physical'Security' Voice'
Magelis'
ION'Metering'
SEPAM'Protec7on'
TeSys'T'Motor'Mgt'
Al7var'Drive'
MiCOM'Feeder''
Protec7on'
Magelis'
Video''Opera7ons'
Access''Opera7ons'
Video''Storage'
(Red
unda
nt1
Op5
ons)1
(Red
unda
nt1
Op5
ons)1
(Red
unda
nt1
Op5
ons)1
SIEM SIEM
SIEM SIEM SIEM
Switch'
SIEM SIEM SIEM SIEM
SIEM SIEM SIEM SIEM SIEM
SIEM SIEM
SIEM SIEM
SIEM SIEM SIEM SIEM SIEM SIEM SIEM
SIEM SIEM SIEM SIEM SIEM SIEM
RI/O!
ScadaPack'
SIL3'Op7on'No'SIL'Op7on'
Wireless!opAon!
3G/LTE,'WiMax'900Mhz'RF'Mesh'
Satellite,'Microwave'
ROADM' ROADM' ROADM'
Crew!Welfare!/!Infotainment!
SIEM
IDMZ'
TIming'Server'
SIEM
AAA'
TIming'Server'RAS''
SIEM
SIEM
AAA'
WAN'Networks'
IDMZ'
Schneider Cisco Pipeline Functional Reference ModelForward-looking functional architecture for end-to-end pipeline infrastructure:• A flexible, modular approach
that supports a phased Oil and Gas Pipeline operational excellence
• End to End Integrated Solution for Process , Safety , Power & Security
• Control Room Virtualization• Converged Wide Area
Operational Telecoms• Pipeline Station Wired and
Wireless Networks• Integrated Multi-Service use
cases• IEC 62443 / ISA99 Security
model
© 2016 Cisco and/or its affiliates. All rights reserved.
IT
Квалификация персонала
© 2016 Cisco and/or its affiliates. All rights reserved.