Smart Protection for the Oil Sands

According to recent news reports, Canada’s industrial infrastructure, especially oil and natural gas facilities, are undoubtedly on a list of potential targets for terrorism. The key reason: Canada is a primary supplier of oil to the United States, and a strike against facilities here could “choke the U.S. economy.”

Following a February 2007 internet posting by the Al-Qaeda organization in the Arabian Peninsula that declared interests supplying the United States could be targeted, Alberta Premier Ed Stelmach responded. He said that his province is working closely with the federal government and the American government, “to have the most modern tracking system in terms of threat and, of course, monitoring and also surveillance of all the critical infrastructure in Alberta when it comes to oil and gas.”

Oil and gas facility operators are working closely with the government to address this risk, while at the same time making sure their own security and safety systems are up to the challenge.

For example, the oil and gas industry is moving from proprietary systems in favour of open architecture platforms that allow them to use intelligent, off-the-shelf technology. By using public domain protocols, companies can future-proof their facilities and minimize the risk of becoming locked into expensive sole source suppliers. Using an open architecture approach, they can integrate data from multiple systems into a true enterprise solution.

Changing network landscape

Gone are the days of segregating corporate local area network/wide area network (LAN/WAN) infrastructures from vendors’ proprietary security management systems.

Today’s focus is on distributed networks, the convergence of physical (i.e. fences, doors) and logical (i.e. information) security, and the functional integration of systems using open architecture design standards. These allow devices purchased from multiple vendors to communicate with each other over existing LAN/WAN infrastructure, WiFi or the internet.

Information technology goals have a major influence on how owners and their consultants plan security projects. Decisions over what systems should be specified are based on three factors. First, is scalability, which means being able to add or remove devices as required. Second is manageability; for example, being able to manage and control the system from a remote location. Third is the system’s “availability,” that is, it has to be reliable with minimal downtime. The above approach allows technology upgrades to occur in a managed manner throughout the life cycle of the facility.

Security on open architecture networks

The old school of thought, based perhaps on then-available technologies, was that security access control and alarm detection systems must reside on proprietary, stand alone networks that are physically separated from all other operational applications. Today’s network typologies and protection tools, however, allow for security systems communication to be transmitted over corporate networks. The efficiencies that come from integrating applications can therefore be achieved in a secure and reliable manner.

With open architecture networks, installation and operations costs are reduced. Also, operational information may be shared and presented as needed in the most appropriate formats. For large oil sands players such as Petro Canada, Esso, Shell, or Syncrude the availability of operational information anytime and anywhere means they can make more informed decisions. It means the companies can integrate the local knowledge of their operators, for example, with the specialized expertise they have globally throughout their organizations.

Distributed networks and ring topology

In contrast to the once traditional centralized hub network architecture, a distributed network implies that each component of the overall system is intelligent and designed as a network plug-compatible module with its own inherent processing and decision making.

Today, in order to achieve a higher degree of performance and reliability, especially in the harsh environment of an oilsands mine, security system designers use a concentric ring topology. This approach allows each component sub-system to be independently managed and tested, but at the same time it is readily integrated with another system as it is based on an open architecture platform. This, in turn, allows for both performance robustness and scalability to be maximized.

By placing applications into a shared network topology, multiple data routing alternatives will exist for communications. More reliable solutions result. If the use of intelligent processor-based controllers and possibly end-devices are added into the mix, access management can continue to operate, managed at the controller level, even if the network connection is temporarily interrupted due to an attack, equipment failure, cut cable, or scheduled maintenance. A new ring may be introduced and commissioned at any time in order to introduce new technologies or functions to the network.

As we move rapidly toward full integration through a single user management interface, it is now possible to include some or all of the following integral elements of a successful security system into a concentric ring topology approach:

* access control — smart cards and biometrics (staff management)

* asset tracking via radio frequency identification (RFID) and global positioning systems (GPS)

* CCTV and digital video surveillance

* visitor management

* large scale wireless broadband network

* fire detection

* future systems (as required)

Evolution of the smart card

The industry that produces electronic physical security equipment such as doorlocks, sensors, and cameras applies decision-making sequences to allow or deny access into a space or building. The IT industry uses similar sequences to grant or restrict user access into a computer system. In recent years, therefore, the two industries have experienced significant convergence, since they have common processes and objectives and both are able to operate on a common platform.

Physical security uses locks, doors and fences to provide selective entry and egress controls. “Logical” security uses similar decision-based criteria to manage access to information, data and software for purposes of privacy, due diligence and to protect business assets. At the heart of this convergence is the smart card. The size of a credit card, the smart card is capable of storing a large amount of data, ranging from meal tickets to biometric information, which ensures that the user of the card is indeed the rightful owner before he or she accesses secured spaces, computer terminals or personal or sensitive data. The smart card allows people to become an integral part of the security systems within the enterprise. This has traditionally been the missing link to any intelligent system.

Logical security emerged dramatically as an offshoot of the Homeland Security Presidential Directive 12. It required that a secure intergovernmental credential be developed that could not be replicated in industry. From this directive, a protocol named FIPS 201 (Federal Information Processing Standard for Personal Identity Verification of Federal Employees and Contractors) was created to ensure, by virtue of the process, that a credential could not be replicated. These developments have been a prime motivator in the evolution of the smart card.

Putting it all together: an oilsands fire scenario

To illustrate the benefits of this open architecture, integrated approach, to security, consider the following scenario commonly experienced in an oil sands facility.

A welder accidentally sparks a fire in a remote area of the plant. The fire alarm will initiate the alarm
sequence in accordance with its predefined protocol. Once activated, this event data is now available to the entire system, which allows facility operators to leverage other systems to assess the situation. Video images from nearby cameras will show fire crews the extent of the fire and smoke even as they drive towards the area. However, with the smart system integrating data, operators can use the video cameras to view the actual area where the alarm event occurred, providing valuable information to first responders. At the same time, the affected zone is locked, preventing access to anyone who is not a first responder. Workers who entered the affected zone using their smart card will be accounted for at the smart muster station, giving officials real time data about the location and condition of staff, visitors and contractors. Should the event grow to a point where local operators need extra resources or specialized knowledge, the video feed and other critical data can be shared over the internet with nearby plants, emergency specialists around the globe and head office, allowing those involved to make informed and timely decisions.

Effective plant security and safety requires a balance of physical and logical security capable of continually evolving in response to changing needs and technologies. By using the ring topology for implementing the various systems required in the harsh environment of a Northern Alberta mine site, individual systems can be designed, constructed and commissioned in accordance with all applicable codes and standards. Systems can then be integrated through a secure data bridge, thus leveraging valuable data available from the other rings. New functions can be integrated into the system quickly and without disruption by adding new rings. Ultimately these rings will form an enterprise-wide system that can be securely accessed anywhere within the organization, and indeed the world, using the opportunities made available through the emerging smart card technologies.

Kris R. Pucci, P.Eng, is an electrical project engineer with Stantec’s Engineered Security and Safety Solutions team in Edmonton.