I. Project Description-General:
GASCO Distribution Company (GDC) is specialised in gas distribution both industrial complexes and residential customers. It has a complete pipelines network that is fed by three (3) different Gast Processing and Distribution Plants. The three different plants are 500 KM apart from each other. The Plants are now operating autonomously (standalone) utilizing different unique automation systems.
The company requires connecting its operation to its Corporate Enterprise Resource Planning (ERP) systems and external entities. A decision was made to establish a secure interconnection to meet the following business objectives:
1. Real-time Bi-directional data flow between the Plants (Plant 02, Plant 04, and Plant 06 and the Corporate systems network.
2. Real-time Bi-directional data flow between the Corporates systems network and external ERP ‘s
3. The Corporate systems and the different plant systems.
II. Current Enterprise Systems & Network
The current enterprise is supported by highspeed data network and supporting the following systems:
1. ERP System.
2. Web Server for email and E-Commerce.
3. File Server for data archiving
The Enterprise systems and network has access to the Internet through a gateway router.
III. Current Plants Overview
• Plant #02 (Southern Area) is equipped by the latest Industrial Control Systems (ICS) providing real-time monitoring and control. The ICS is based on the latest windows operating system.
• Plant #04 (Western Area): Industrial Control Systems is based on Windows 2007 and provides real-time monitoring and control.
• Plant # 06 (Northern Area): Industrial Control Systems is based on latest Windows operating system and provides real-time monitoring and control.
IV. Project Requirements
Develop complete engineering proposal for connecting the operation as per the Company decision to establish an end-to-end secure connection with respect to Cybersecurity and Industrial Control System (ICS). The proposed project should be using three different VPCs in (GDC) Cloud in three different locations. All three networks would be part of CEN network to reflect the GDC requirements and also to show that the solution delivers the intended results. The final report should have the following table of contents:
V. Table of Contents
1. Abstract
2. Introduction
• Enterprise Resource Planning ERP
• Why do organisations implement an enterprise resource planning system?
• E-commerce advantages and disadvantages?
- File Server for data archiving
3. Project Objective
• The Problem
• Challenges
• Surface Attack
• Global Attacks
4. Current System Vulnerabilities
5. Assets Inventory
6. Proposed design
• Cloud Networking
• Cloud Enterprise Network (CEN)
• Virtual Private Network (VPN)
• Virtual Private Cloud (VPC)
A. Connecting VPCs in the same Region but different zones.
B. Connecting VPCs in different Regions.
7. Current Plants Overview
• Plant #02 (Southern Area)
o Proposed GDC design Key threats and vulnerabilities?
• Plant #04 (Western Area)
o Proposed GDC design Key threats and vulnerabilities?
• Plant # 06 (Northern Area):
o Proposed GDC design Key threats and vulnerabilities?
8. Risk Assessment
• EBIOS method:
o Workshop 1: Framing and security base
o Workshop 2: Source of Risk
o Workshop 3: Study of strategic scenarios
o Workshop 4: Study of operational scenarios
• Attack Tree
• Likelihood assessment
o Workshop 5: Risk Treatment
9. Conclusion
10. References
