Connect@Plant enables the customer to control threats and manage risks connected to remote access, through one dashboard.
The solution gives external vendors secure access to onshore and offshore installations to perform maintenance and changes on ICS/PCSS systems – designed for the oil and gas industry and compliant with the recommendations in the NORSOK standards and OLF/NOG104 guidelines.
The Connect@Plant Application page gives you an overview of all applications/systems that you have been granted access to. With a simple click you can start the application or request a work permit to be granted access.
Our development team has created an intuitive graphical interface (GUI) to support easy administration for the operational team. All menus and functions will change related to the logged-in user privilege.
The dashbord will show information about work permit history, active sessions, active work permits and more.
The Operation Engineers often need to create overview and reports. In Connect@Plant reporting page, they will have access to different reports in the system. E.g. quick access to a list of System Owners for all their applications.
System administration can be delegated to a User Role in Connect@Plant. E.g. a Plant Manager can manage access role membership via simple steps in the Role Management.
Connect@Plant provides optimal security through its segregation of networks and services, advanced tools for preventing unwanted access or malware, and tools for monitoring all access and network traffic (SIEM).
Through a comprehensive dashboard, the customer is in full control of all access granted, and real-time connections to Industrial Control Systems (ICS).
The Connect@Plant Security hub consists of several key technologies to secure the operation:
An integrated work permit database triggers automated procedures that grant access as requested by the Customer’s Connect@Plant operator. The work permit database can be integrated with the Customer’s existing maintenance system, or used stand-alone.
The Connect@Plant Portal offers an integrated endpoint analysis tool. The endpoint analysis will verify the connecting computers system updates and Antivirus software, ensuring that the client connecting is free from malware. The portal uses two-factor login, with a separate passcode sent to the user's mobile or e-mail.
After a successful login, the user will be taken to a security hub and presented with a dashboard with the qualified systems. The customer will send mouse and keyboard input and receive a visual presentation of remote plant systems.
With no valid work permit, access to applications through the firewall will be disabled. Enabling a work permit will open access for a given time slot.
Traditionally, firewalls use IP addresses to monitor traffic and are often unaware of the user and computer identities behind the IP addresses. Identity Awareness removes this notion of anonymity by mapping users and computer identities, enforcing you to access and audit data based on users’ identity.
ThreatCloud Emulation Service prevents infections from undiscovered exploits, zero-day and targeted attacks. This innovative solution quickly inspects files and runs them in a virtual sandbox to discover malicious behavior. Discovered malware is prevented from entering the protected network. Connect@Plant uses Threat Emulation on files uploaded through the File Transfer service.
SIEM – Security Information and Event Management
IBM Security QRadar SIEM is a network and security management platform that provides situational awareness and compliance support. IBM QRadar is used as SIEM solution for integrating security information and event management, log collection, correlation and anomaly detection. Access for third parties is possible to provide external analysis.
The Connect@Plant solution can integrate with customers’ existing maintenance system, training portal and infrastructure.
Implemented during the commissioning project of the Martin Linge field, Connect@Plant ensures secure access management to the Industrial Control Systems (ICS) from first oil.