Emerson Connected Services

Roxar 2600 Multiphase Flow Meter Performance Monitoring Secure Connectivity

White PaperWP-MPFM-002342November 2019

www.Emerson.com/Roxar

Introduction

Network security is critical to the successful deployment of Emerson Connected Service solutions. A security assessment has been performed on Emerson’s Roxar 2600 Multiphase Flow Meter Performance Monitoring connectivity to determine the security risk to customers, resulting from on-premises data collection and off-premises data storage, analysis, and reporting. This paper demonstrates Emerson’s capabilities to deploy secure, reliable and robust data connectivity solutions for Connected Services with connectivity through a customer’s network architecture.

White PaperWP-MPFM-002342

November 2019Emerson Connected Services

Page 2

Figure 1 – Connectivity Solution

Page 3

Emerson Connected Services White Paper

WP-MPFM-002342November 2019

Case for Roxar 2600 Multiphase Flow Meter Performance Monitoring

Multiphase flow meters are critical process equipment that are used to accurately measure well production rates in oil and gas production. Multiphase flow meters can be effectively monitored for performance and reliability issues through ongoing analysis of diagnostics information that is available through digital communication protocols. Many operating organizations don’t have the expertise to effectively analyze the data and gain actionable insights from the information. Emerson has developed a Connected Service offering that leverages the deep subject matter expertise that exists in Emerson service centers around the world.

When multiphase flow meters are used for allocation of revenues, verification of the meter needs to be done regularly and auditable track record of all changes to settings and calibration needs to be recorded. Verification of meter performance is also important for other applications, such as well testing and reservoir and production optimization.

It is possible to verify Roxar 2600 Multiphase Flow Meters without the need for test separators. However, large amounts of data are required. This data often requires trend analysis (data gathered over a period) or the data needs to be gathered during single-phase period. This data is available from the Roxar 2600 Multiphase Flow Meter itself and when made available to Emerson experts, meter verification can be done efficiently and with good results.

Emerson Connected Services Architecture

Various data connectivity architectures have been developed as part of Emerson’s Secure First Mile™ to enable Emerson to deliver Connected Services for condition and performance monitoring on critical equipment. For multiphase flow meters, the primary source of data connectivity is through the flow computer.

Data is collected by an edge gateway and sent to Emerson Connected Services™ software that is running on the Microsoft Azure cloud services platform. The digital communication from the automation system networks to the Emerson Connected Services platform is based on a variety of Information Technology (IT) and Internet networking, and telecommunications technologies. The specific architecture deployed depends on the IT networking model that is preferred by the Connected Services customer.

For the scope of this white paper, the architecture for connectivity through the customer’s networks will be considered. Four security zones have been defined for this Connected Services architecture. These zones are defined according to the following reference architecture.

White PaperWP-MPFM-002342

November 2019Emerson Connected Services

Page 4

Zone 4

Zone 3

Zone 2

Zone 1

BusinessNetwork

Wellpad

Edge Gateway

P1

P2

AMQP Secure

Modbus TCP

SupervisoryControl Network

InstrumentNetwork

Firewall AMQP Port 443 HTTPS Port 443

Firewall AMQP Port 443 HTTPS Port 443

Firewall Modbus TCP Port 502

Figure 2 – Network Diagram with Security Zones

Zone 1 – Roxar 2600 Multiphase Flow Meters

Zone 1 is owned, operated, and maintained by the customer. The fl ow computers are connected to the inline sensors via various COM ports. The fl ow computers have embedded software for collecting sensor data and performing multiphase fl ow calculations as an integrated meter product.

Zone 2 – Instrument and Supervisory Control Networks

Zone 2 is owned, operated, and maintained by the customer, with the exception of the Edge Gateway. The fl ow computer has one Ethernet port (MODBUS TCP) for connection to the customer control system and the confi guration and calibration tool that runs on a Microsoft Windows machine. The confi guration and calibration tool supports all operations intended to be performed by the end user. This includes setup, inline calibration, software upgrade and general monitoring.

Emerson provides a Connected Services Edge Gateway that includes the following:• Dell Edge Gateway 3002• Linux Ubuntu OS• Microsoft IoT Edge• Connected Services Modbus Data Collector

Application Container

• Azure IoT Hub Application Container

The Edge Gateway connects to the fl ow computer via the instrument and control networks. The same fl ow computer Ethernet port and Modbus host is used for both the edge computer and control system clients, and the Instrument and Supervisory Control Networks are separated by a fi rewall that is confi gured to enable Modbus TCP communications through Port 502.

Page 5

Emerson Connected ServicesWhite Paper

WP-MPFM-002342November 2019

The Edge Gateway collects Modbus parameter data from the Roxar 2600 Multiphase Flow Meter through a parameter list that is confi gured in the Edge Gateway embedded software. Only data related to the multiphase fl ow meters being monitored are collected by the software. The collected data is published to the Emerson Cloud services in Microsoft Azure via AMQP/HTTPS protocols.

The gateway includes but is not limited to the following security features:• TPM chip-based hardware authentication• Cloud-based trusted device provisioning and management• Role-based access controls from the Cloud to the Edge• Encryption of data at rest and in transit• Hardened Linux operating system (CIS Benchmark Standards)• Linux software fi rewall• Event logging and monitoring• Microsoft IoT Edge software stack• Read-only mode of operation

Zone 3 – Business Network

Zone 3 is owned, operated, and maintained by the Customer. JSON messages from the Edge Gateway are passed through Zone 3 via AMQPS and HTTPS on Port 443 based on customer security context and appropriate access control list.

Zone 4 – Microsoft Azure Environment

Emerson Security Approach and Controls

Emerson’s approach to security for Connected Services and Secure First Mile is consistent with industry standards like ISO/IEC 27001 and ISO/IEC 62443. Additionally, Connected Services and Secure First Mile include but are not limited to the below security features.

• Data Isolation – Customer data storage is isolated and not shared by other customers.

• Network Security – Each environment has independent private logical networks. This enables isolation within the subscription if needed as well as control of any traffi c traversing the subscription boundary. Partnering with Microsoft allows us to leverage the capabilities of their world class datacenter and hosting security services.

Emerson Connected Services White Paper

WP-MPFM-002342November 2019

• Active Directory – We will use a combination of Active Directory accounts and Resource Groups to control access to the solution with least privileged principles and controls. Only authorized Emerson personnel have access to meter data in the Microsoft cloud environment.

• Patch Management – we employ industry standard patch management processes consistent with ISO/IEC 27001 and ISO/IEC 62443.

• Anti-Malware – we employ commercial grade anti-malware software and update processes to keep the most current definitions and versions available.

• Security Logging and Alerting – we employ state of the art security tools to log and alert on our environments. We have a 24/7 Computer Incident and Response Team (CIRT) that will receive alerts and take appropriate action based on any threat.

• Network Traffic – all network traffic is encrypted in transit with either the use of VPN, PPTP, SSL or other network encryption technology.

Microsoft Security

The adoption of cloud services worldwide continues to accelerate, yet many organizations are wary of trusting a third party with their data, applications, and infrastructure. Microsoft Azure helps customers achieve the economic benefits of cloud services while furthering security and compliance through:

• Experience and innovation providing trustworthy software and services, resulting in a foundation on which customers can easily build their own secure and compliant solutions.

• Shared responsibility that shifts some of the burden for implementing technical safeguards and operational processes to Microsoft while still providing the tools and flexibility organizations need to manage the service in accordance with their security standards.

• Transparency and third-party verifications to provide insight into Azure security controls and confidence that compliance standards are being met.

Microsoft has developed industry-leading best practices in the design and management of online services, including:

• Security Centers of Excellence – The Microsoft Digital Crimes Unit, Microsoft Cybercrime Center, and Microsoft Malware Protection Center provide insight into evolving global security threats.

• Security Development Lifecycle (SDL) – Since 2004, all Microsoft products and services have been designed and built from the ground up using its Security Development Lifecycle - a comprehensive approach for writing more secure, reliable and privacy-enhanced code.

• Operational Security Assurance (OSA) – The Microsoft OSA program provides an operational security baseline across all major cloud services, helping ensure key risks are consistently mitigated.

• Assume Breach – Specialized teams of Microsoft security engineers use pioneering security practices and operate with an 'assume breach' mindset to identify potential vulnerabilities and proactively eliminate threats before they become risks to customers.

• Incident Response – Microsoft operates a global 24x7 event and incident response team to help mitigate threats from attacks and malicious activity.

Multiphase Flow Meter Data

Emerson collaborates with the end-user to ensure the information being processed by the service is acceptable to be processed and stored in the Microsoft Azure cloud environment and extended ecosystem.

Detailed information regarding data ownership is supplied in a Roxar 2600 Multiphase Flow Meter Performance Monitoring Statement of Work (SOW) and contract.

Page 6

©2019 Roxar. All rights reserved.

Emerson Automation Solutions Gamle Forusveien 17, 4031 Stavanger, Norway

T + 47 51 81 88 00info.roxar@emerson.comwww.Emerson.com/Roxar

Emerson Connected Services White Paper

WP-MPFM-002342November 2019

© 2019. Emerson. All rights reserved. The contents of this publication are presented for informational purposes only, and while effort has been made to ensure their accuracy, they are not to be construed as warranties or guarantees, express or implied, regarding the products or services described herein or their use or applicability. All sales are governed by our terms and conditions, which are available on request. We reserve the right to modify or improve the designs or specifications of our products at any time without notice.

Summary

Below is a bulleted summary of the information covered in this paper and risk mitigation measures Emerson is taking against security threats.

• Emerson hardware and networks are separate from the customer’s control system, control network or plant network. No physical or wireless connections are made between Emerson’s infrastructure and customer owned networks except.

• Emerson’s Connected Services networks are deployed based on a Defense in Depth strategy that includes safeguards against known security threats and hardens against unknown threats.

• The only physical connection to monitoring network deployed by Emerson is to a cellular network.

– An encrypted Transport Layer Security (TLS) connection is established between an on-premise cellular router and the Emerson server running in the Microsoft data center.

• Emerson has evaluated Microsoft’s Defense-in-Depth cyber security controls and has found the controls and protections sufficient to meet our requirements. We will continue to monitor Microsoft's cyber security posture and look for continuous inprovement opportunities.

– Microsoft Azure Services are SSAE 16 Type II certified as well as IEC/ISO 27001 certified.

• Only authorized Emerson monitoring personnel have access to the customer control valve diagnostic information.

– Emerson provides security controls over the environment where the customer data is being analyzed.

• Emerson will collaborate with the customer to verify that the the data being collected is neither proprietary nor critical to the customer’s operations.