Oil and gas projects are looking for ways to decrease costs while production and efficiencies increase. This ongoing challenge necessitates innovative solutions beyond traditional thinking. One such innovation is the remote monitoring and control of facilities from an integrated remote center. The driving factors behind implementing new technologies in automation and digital systems have included the need for higher productivity, reducing operating cost, addressing labor shortages and replacing unhealthy, dangerous and repetitive tasks.
Today's emerging technologies have the capability and capacity to enable these solutions. Digital solutions facilitate integrated, intelligent operations, enabling the integration of people and technology to execute remote operations in a knowledgeable environment. Although remote operations are not new for offshore fields, many existing facilities are designed as "normally unmanned." However, fully remote monitoring and control of these facilities remain uncommon in the oil and gas industry. There is a growing global trend toward adopting remote operations to reduce costs and enhance operational safety.
The transition to remote autonomous operation (RAO) represents a paradigm shift from fully manned facilities to a model progressing through various stages of manning — partially, periodically and ultimately aiming for normally unmanned operations. This evolution leverages advanced technologies like digital twins and big data analytics, enhancing operational predictability and safety while reducing logistical and insurance costs.
Horizontal vs. Vertical: Key Decisions for Remote Operations
As industries advance, the shift toward remote operations for brownfield sites presents a critical decision: Should the industrial automation and control system (IACS) be extended vertically or horizontally? Each approach offers unique benefits and challenges, shaping the security, efficiency and resilience of remote operations. This decision impacts the technical architecture, security and operational aspects of the site.
Horizontal Connectivity
The first is "horizontal" connectivity via the extension of control system "zones" whereby the local control network is extended to a remote location. This setup provides identical level 2 control system network access and functionality at the remote location as at the local or operational site. The remote location retains the same security requirements as the IACS on the main site since they are fundamentally in the same security zone. Encryption and access to the process control network are managed through strong authentication and network traffic controls (typically a firewall or intrusion detection and prevention system [IDPS]) before entering the communication link. Security control is maintained by the PCN itself to ensure no third party has authority and access to change the security system.
Figure 1: Overview of horizontal connectivity
Vertical Connectivity
Vertical connectivity connects the control systems to enterprise or external networks through a segregated and controlled zone and conduit architecture. The benefit of vertical connectivity is using shared resources in a more cost-effective solution. However, this opens potential for third parties to gain access to the local system from anywhere. Key security controls include providing encryption, tunneling and access control. Like horizontal connectivity, security control (encryption, access control, etc.) is managed by the process control network (PCN) itself to ensure no third party can change it. Additionally, a demilitarized zone (DMZ) or Level 3.5 is introduced between the PCN and enterprise network to ensure complete segregation. As such, the connection is vertically transmitted but logically horizontal, maintaining the same level at local and remote sites.
Figure 2: Overview of vertical connectivity
Table of Comparison Between Horizontal and Vertical Connectivity
|
Feature |
Horizontal Connectivity |
Vertical Connectivity |
|
Reliability and availability |
Influenced by telecom infrastructure and redundancy |
Lower as it uses shared corporate infrastructure |
|
Cost |
Higher due to dedicated infrastructure |
Lower as it uses shared resources/infrastructure |
|
Application |
Suitable for real-time control systems requiring high availability and low latency |
Suitable for applications that integrate with enterprise networks and allow for controlled access |
|
Cybersecurity threats |
Amplifies threats inherent in a local facility and increases the potential for network-based attacks. The number of access points is increased, making control and visibility of those points more distributed and less visible. |
Introduces external access threats due to integration with enterprise networks. Requires strong authentication and network traffic controls to manage these threats. |
Deciding between horizontal and vertical connectivity for remote operations requires a nuanced understanding of the specific operational and security needs of the facility. Horizontal connectivity reduces external access threats but requires robust infrastructure and management. Vertical connectivity facilitates integration with enterprise systems but necessitates stringent security measures to mitigate external threats.
Ultimately, a hybrid approach, tailored to the facility's unique requirements, often provides the most balanced solution, leveraging the strengths of both horizontal and vertical connectivity while addressing their respective challenges. By carefully planning and implementing these strategies, industries can achieve secure, efficient and resilient remote operations, paving the way for advanced, integrated and remotely managed industrial environments.
*Reference: IOGP Report 627: Selection of system and security architectures for remote control, engineering, maintenance and monitoring.
Interested in reading more articles like this? Subscribe to ISA Interchange and receive occasional emails with links to our latest interviews, news, thought leadership, tips and more from the automation industry.
