Our Exciting Journey to Annihilation: Revealing the Third Certainty in Life

Acknowledging that life now has three certainties: death, taxes, and the cloud.

You probably think you could add numerous items in the third category, but you’d be wrong. Most important things in life will eventually fade, including the fuels we rely on so heavily today. You’ve got your gasoline, diesel, natural gas, and many others. Eventually, they will all be gone. The digital cloud, “The Cloud,” proper, is what my friend will live on. That is the true certainty, along with the fees and taxes we pay to exist in a world of our peers; the rest will perish. The only eventual demise for cloud services would be akin to mass population loss or a giant meteor taking out the whole shebang!

On that delightful note, read on and learn about integrating critical infrastructure with the Cloud, associated risks, and what we can do about it.

Which Critical Infrastructure Are We Talking About?

The world runs on natural gas. As I mentioned in my original article, The Boogey Man, Hide and Go Seek, and the Pursuit of World Domination, the United States alone has over 3 million miles of mainland gas pipelines, as represented in this depiction below from the American Petroleum Institute.

Each of these pipelines transports a gaseous product known as natural gas. Natural gas is a hydrocarbon fossil fuel, mainly composed of methane, that is recovered from deposits in rock formations. It’s common belief that these deposits formed from the decomposition of ancient aqua plant and animal life that once existed in ancient Earth's oceans. Hydrocarbons have formed over millions of years because of the vast scale of these conditions, and there is an ample supply, the size of which is entirely determined. And we’ve been using the stuff for well over a hundred years. In that timeframe, all developed countries have built infrastructure to support natural gas recovery, transportation, and distribution.

What makes natural gas so important?

The United States is the biggest consumer of natural gas, with a consumption of about 53.50 trillion cubic feet (Tcf) in 2023. In that year, 40% was used for power generation, 32% was used for industrial purposes, 14% was used in residential alone, 10% for commercial sale, and 4% contributed to transportation. Now that’s a lot of gas!

Interested readers can go directly to the U.S. Energy Information Administration to learn more.

We use this product in our homes for heating, water heating, cooking, clothes drying, and emergency power generation, but that is nowhere near the amount consumed by the power industry. Our electric power sector produces the electricity that powers our homes, schools, and businesses. In this sector, natural gas accounted for 43% of electricity production in the US.

On top of most of our population losing natural gas directly, 43% would indirectly lose electricity if the gas were completely shut off. That’s roughly 150 million people in the US alone without power!

Fortunately, the current gas infrastructure is highly segmented, leaving a complete, wide-scale natural gas outage off the table. To ease your mind, this segmentation includes separate physical recovery, pipelines, pressurization, distribution, and terminal facilities, many of which are owned or operated by separate, unique commercial organizations (in the US). However, digital infrastructure is not as isolated and is becoming more interconnected as time progresses.

To better understand how our critical natural gas is managed physically and digitally, we need to look at what makes up a pipeline control system.

Critical Infrastructure, The Pipeline Control and Commercial Systems

Natural gas is recovered, transported, and distributed as a product according to a simplified 3-stage process. These stages are known as Upstream, Midstream, and Downstream activities. Each stage and activity includes both physical and digital infrastructure. Here is a simplified image of end-to-end natural gas production and delivery from the Environmental Protection Agency (EPA).

As we step through this process from upstream, to midstream, then downstream, we must reiterate that natural gas is a hydrocarbon-based material under pressure that, if ignited, has a propensity to catch fire and explode!

…and it’s distributed to people's homes!

Upstream Processes

These comprise the reservoir well heads and the gas processing plants that recover and productize the natural gas. The wellheads are simple field components, typically made up of pumps, valves, and gauges; the processing includes separating materials and impurities, moving to storage, and pressurizing as the gas moves to the pipeline or midstream systems.

Each of these activities requires a level of control that allows for opening and closing valves, heating and separating, and starting and stopping pumps or compressors. Those are done using modern-day control systems called Industrial Automation and Control Systems (IACS). These technologies are primarily on-premises physical devices for the upstream recovery of materials like natural gas.

I’ve simplified this connectivity from the well control systems in the image below.

The wellheads and pumpjacks control the pressure and pump out raw materials from the Earth. Wellheads have valves that can be opened and closed, while the pumpjacks have motors that can be started and stopped. The flow of these materials is metered to ensure volume is within expected operational low and high limits. The programmable logic controller, PLC, is a computerized logic solver with a preset program that can open and close or start and stop based on the metered data. These PLCs, the valves, motor controllers, and the meters make up the heart of the control system. If designed correctly, this can operate without human intervention, both effectively and safely.

There are 100s of 1000s of these upstream control systems worldwide owned and operated by many different commercial and government organizations, dependent on the nation-state laws, customs, and regulations. In the US, most owner-operators are commercial organizations individually responsible for monitoring and maintaining field operations. To manage their many different upstream field operations, they connect their field PLCs back to centralized data centers, which can, in turn, be connected to operator control rooms. A single operator seat can now manage recovery operations for multiple fields.

In this standard connectivity model, upstream operations are not connected to the Internet or the Cloud. Due to the separation of this infrastructure from administrative and business networks, security mechanisms tend to focus more on physical security than more modern network and software-based security mechanisms.

The biggest cyber-related mistake an upstream organization can make is to connect these standard upstream field control systems to the Internet.

Midstream Processes

These comprise the transmission and storage of natural gas as a product in preparation for sale. In some instances, the pipeline organizations are dedicated to pipeline operations and might not have upstream or downstream capabilities at all. These dedicated midstream organizations receive products from an upstream organization and then move that product to a downstream organization for sale.

Where gas is involved, the midstream organization has to ensure that pressures are maintained while it moves through the pipeline, requiring input from the suppliers regarding the level of available supply and input from the distributors regarding the level of requests for the product. Midstream organizations manage their operations to pressure, managing the flow of products to ensure a stable pressure is maintained in the pipeline at all times while meeting the commitments to upstream and downstream customers. While a pressure control system is essential, as one can imagine, if the suppliers cannot sell as much as expected or the downstream cannot get the supply expected, the midstream organization can be held accountable, making the inventory management system just as important.

I’ve simplified the pipeline control system in the image below.

Like upstream field systems, standard pipeline control systems are designed to manage many distributed compressor stations over miles and miles of pipeline. These are core to the process as they ensure that pressure is maintained per the expected supply from upstream and demand from downstream customers. In this example, meters are connected directly to the control system to check pressures on both sides of the compressor station. These compressor stations are variable and can spin very large turbines to stabilize the pressure in the pipeline.

Note that natural gas transmission and storage is safe, as long as it is managed within safety limits. There are many control elements to consider when managing a pipeline, especially when there are 3 million miles of these in the US alone, many of which traverse very near residential areas. Examples include those that actively monitor for leaks and can shut down pipeline sections if necessary to prevent safety or environmental events. I have not described these systems in detail here; however, you should know that they also need connectivity back to the control room to function.

Notice that in the drawing, the upstream suppliers, public services regulators, and downstream customers have meters. The ultimate goal is to keep the flow in synch from meter to meter, start to finish. For this to occur, the product custody transfer systems are incredibly critical.

Here is a simplified version of natural gas custody transfer and product management technologies.

Data quality and integrity are so critical when managing the supply and demand of natural gas that if any trust is lost in these technologies, the entire process will fail and could cause an operational shutdown. Consider that in the process drawing above, the information flows in the green solid lines from the supplier to the supply and trading system, where quantities can be made available through the green dashed line to the pipeline control system (pipeline operator). The supply, trading, and energy broker systems constantly communicate through the green dashed lines. The energy broker also continuously reads demand and usage information from the downstream customers through the green solid lines. The pipeline control system may also see the usage and demand information from the energy system broker and supply information from the supplier and trading system. The black solid lines between the pipeline control system and the compressor stations indicate that this process is separate from custody transfer. All dashed green lines indicate there are no direct technology connections.

The biggest cyber-related mistake a midstream organization can make is to connect the custody management technologies to the pipeline control systems.

Downstream Processes

Due to natural gas and methane already being productized before the introduction into the transmission pipelines, the downstream technologies are much less complex than even midstream. Distribution and point-of-sale systems ensure that the product is available for use and quantities are measured for billing.

In this drawing, we only consider the distribution and sales of natural gas. In our natural gas example, we have not discussed other activities in the drawing such as crude oil, refining, or industrial customer control systems and processes. I’ve left these in the drawing to show touchpoints between industries. One could only imagine the larger scale potential impacts to the supply chain or even personnel health and safety that a creative threat actor might conceive.

The image below is a simplified version of the downstream technologies at play.

Distribution facilities do exist to control the storage and flow of products to different customers separately from pipeline control processes. These facilities contain control system elements like PLCs, flow meters, and valves. In many instances, the meters that exist for the customers that are furthest to the right in the drawing are manual gauges that must be read by a person who drives from customer to customer and reads the indicators manually. These distribution facility control systems and the meters are typically not integrated with the brokering systems, and there are separate processes to ensure all data is entered accurately to feedback into custody transfer systems.

The manual process of reading meters has been identified as wasteful. It could easily be replaced by adding digital flow meters to every distribution point, including customer connections. Due to this, technological advancements are occurring rapidly in this space and the devices are known as smart meters.

The biggest cyber-related mistake a downstream organization can make is to connect customer meters to customer-provided business and home wireless, or wired networks.

Critical Infrastructure, The Cloud Conundrum

The Cloud offers immediate access to any kind of digital infrastructure, platform, or application imaginable, with ample redundancies to maintain availability, all while allowing customers to erase their existing server and data center costs virtually. And with any public service, the availability and reliability of that service ensures customer satisfaction and overall commercial success.

Bearing this in mind, using and integrating with the Cloud would appear to be a logical next step. Additionally, many organizations have adopted a “cloud-first” approach to all information technologies and applications in their businesses, leaving individual data centers mostly vacant or wholly decommissioned. These considerations have left critical infrastructure where there are pressures to migrate technologies to the Cloud, wherever possible.

In our natural gas supply and distribution example, many existing technologies are totally integrated with the physical production, transmission, and distribution components, so a complete migration to the Cloud would be impossible. However, as components and control system technologies are upgraded and replaced, opportunities do exist to use cloud-connected technologies. Here are some examples.

Industrial Internet of Things

With the Internet came a new class of technologies known as Internet of Things (IoT) devices. These are devices like door locks, security cameras, kitchen appliances, speakers, etc., which, through an internet connection, are accessed directly from a cloud-based application. That cloud application provides the configuration, management, feature control, and user interface. Usually, with IoT, there is no way to configure these devices without that vital internet connection. Today, the Industrial Internet of Things (IIoT) is a new subclass of these technologies. IIoT devices can sense pressure, heat, humidity, vibration, and location and have the capability to switch power on or off or vary the speed of an electric motor. IIoT; however, is not meant to replace the logic solvers in the field. That task can be accomplished using cloud-managed computers.

Cloud-managed Computers

One of the primary drawbacks of cloud computing is the possibility of a communications delay due to the computing resources being far from the sensors and actuators. IACS and logic solvers read sensors and make instant process changes in real-time. In most cases, this happens in microseconds.

Think about this: if a pipeline control system is reading pressures and adjusting the compressors to maintain the optimal pressure, you would want those readings and adjustments to be 100% accurate and on time, every time. Therefore, the control system elements shall always remain within tolerable limits.

However, it's not an applicable drawback because we would not replace the control system with a cloud-based alternative. There is a different system in mind. Control room operators do not directly interface with the logic solvers or need real-time connections. Humans cannot process and react as quickly as control systems anyway. They rely on Supervisory Control and Data Acquisition (SCADA) systems. These SCADA systems are connected to many control systems and provide a graphical user interface as well as alarm, trending, and point-and-click operations. These SCADA technologies are nearly identical to normal IT in that they have servers, workstations, ethernet connectivity, and even monitors, keyboards, and mice at the operator’s desk.

No technical limitation would prevent technologists from installing SCADA services in the Cloud. To enable cloud SCADA services, their connectivity would rely on some on-premises interface with the physical logic solvers; those on-premises interfaces are smaller form-factor industrial computers with PLC connectors and software brokers. In this scenario, there would be no need for a data center as the PLC could now be connected directly to the Cloud through these interfaces. Essentially, the operators connect to the Cloud SCADA service for their control room applications, without impacting operations or functionality.

Cloud Tenant Networking and Peering

Once the IIoT devices are connected to the Cloud and the SCADA services are hosted there, it’s only logical that multiple connections to other cloud-based services could be established. This is the introduction to the inevitability of our Cloud-based future. Once services are in the Cloud, there is no physical limitation to their ability to network or share data between other cloud resources. It’s a compelling proposition that every Chief Technology Officer and every bean counter in every organization cannot ignore.

Summary and Considerations

One apparent truth cannot be ignored while reflecting on our natural gas example and what we’ve learned through this article. That is, upstream, midstream and downstream processes must ultimately be in sync to safely and accurately manage the product flow from supply to distribution. From what we’ve learned about the Cloud, networking, and software peering become much easier once IIoT and cloud-based SCADA services have been established.

Therefore, if done correctly, managing natural gas production, transmission, and sales would be much easier, efficient, and effective if the technologies were all cloud-enabled.

But there is a catch, and it was mentioned in bold, italicized text from beginning to end. Let’s continue to use our natural gas example and follow these considerations.

1. Define the Impact

   
   

Remember that in the US, we use 53.50 trillion cubic feet of gas annually, and 43% of us would lose electricity if the gas were completely shut off. That’s roughly 150 million people in the US alone without power!

2. Understand the mission

   
   

Natural gas is a three-stage process comprising upstream, midstream, and downstream activities that all work together to move a hydrocarbon-based material under pressure and ensure it reaches its destination safely.

3. Identify the technology risks

   
   

   1. Organizations should not connect standard upstream field control systems to the Internet because they are relatively insecure from a cybersecurity perspective and can easily expose control system components to the risk of compromise.

      
      

   2. Midstream organizations should not connect custody management technologies to pipeline control systems as this creates a threat vector from customer-based systems to a control system that manages pipeline pressures and safety.

      
      

   3. Downstream organizations should not rely on customer-provided business and home wireless or wired networks for smart meter connectivity, as these networks are not designed to protect critical infrastructure.

4. Develop and plan

   
   

   1. Look for opportunities to install IIoT or Cloud-managed computers during upgrades while maintaining separation from existing, standard control system networks and technologies.

      
      

   2. Engineer a cloud-peering model that includes resource grouping, network security, policies, and role-based access controls, allowing for segmentation between critical upstream, midstream, and downstream services.

      
      

   3. Design an infrastructure to support smart meters that don’t rely on insecure customer networks.

      
      

Thank you for reading this article, which provides an example of how critical infrastructure can safely adapt technology enhancements with careful planning. Please watch for the next one in this series, which will examine what’s actually going on in THE CLOUD.