Secure AGI

Cyber crime is an unfortunate, expensive and seemingly inevitable part of modern business and home life.

However, starting in September 2018, we took steps to protect our customers, our business, and our critical national infrastructure by trialling our own early warning system as part of our Secure AGI project.

The threat of cyber attacks on IT and operational technology is a growing challenge for all network operators. Intruder detection systems (IDS) can provide an early warning of an attack and are often used to protect large centralised IT networks. They can be effective, but they can also be incredibly expensive.

The challenge we faced is how we protect the smaller operational technology systems we own, such as at our above ground installations (AGI’s). These are sites found along the routes of our pipelines which are managed remotely from our control centre using telemetry systems.

Working with Lagoni Engineering Ltd, we’ve worked to develop our own low-cost IDS solution, based on Open Source technology that can be retro fitted to existing operational technology systems. This will give us an early warning if our AGI control systems have been compromised.

Our IDS can identify how serious an attack is likely to be, rank it accordingly and take the appropriate action. This will help us focus on the most significant events and ensure our essential services continue to operate with minimal disruption.

Utilising our own IDS helps us to address any cyber security challenges across our business, increases the robustness of our cyber security strategy to ensure we comply with industry legislation, and puts us in control.

The final Secure AGI solution was installed at a Lagoni site on a 7barg air pressure pipeline mimicking an AGI in its functionality. This mock set up was used to successfully test the solution against the project requirements.

Now that the concept is proven, we’re currently exploring where we can embed this learning within the business for our AGI’s. We’re also looking at how we can build on this, through a potential follow-up project, to comprehensively exploit the learning generated.