The project client is a large gas transportation company. The company manages a distributed gas transportation infrastructure and operates both a corporate IT network and an automated process control system (APCS) network responsible for managing production processes.
The client's IT infrastructure included two key network environments:
— a corporate data transmission network (CDTN) used for office and IT systems,
— an automated process control system (APCS) network managing industrial equipment and production processes.
As a result of a cyber incident, the company's corporate network was compromised through an email phishing attack. Once the attackers had penetrated, there was a risk of further spread of the attack within the infrastructure, including critical systems.
For this reason, ICL Services joined the project to prevent recurring incidents and improve infrastructure resilience.Key Challenges
- Separate the corporate network and the ICS process network
- Change the data network topology
- Implement infrastructure segmentation
- Implement firewalling between network segments, network infrastructure monitoring tools
- Implement an endpoint protection system on critical nodes
- Upgrade the cryptographic gateway infrastructure
The project was completed in several stages.
Design Documentation Analysis
The design documentation was developed by a third-party organization. During the first stage, the ICL Services team conducted a detailed analysis.
During implementation, it became apparent that some of the design solutions contained inaccuracies and errors, so engineers had to adjust the technical solutions directly during the project.
Specification Adjustments and Equipment Delivery
The next step was preparing the infrastructure and delivering the equipment. However, some of the equipment included in the original specifications was already out of production or unavailable.
The project team reviewed the specifications and identified alternative solutions that would not disrupt the system architecture.
Infrastructure Preparation and Work Planning
The work was carried out at sensitive facilities with enhanced security requirements. The project required the following:
— Selecting specialists with the necessary clearances,
— Organizing access to the facilities,
— Conducting training on working with industrial infrastructure.In parallel, the team developed detailed work plans, including rollback scenarios and operation timings. This was especially important due to the assumption that the network is a critical system and any changes must be performed within strictly defined time windows.
Network Architecture Changes
The main technological component of the project was modernizing the data transmission network architecture. This work included:
— Segmenting the infrastructure and separating the data center and automated process control system networks,
— Changing the data network topology,
—Implementing firewalls between network segments,
— Upgrading cryptographic gateways,
— Configuring the network infrastructure,
— Implementing monitoring tools.Some equipment was pre-configured at the integrator's site to expedite subsequent installation at the sites.
Implementation of Endpoint Protection Solutions
Solutions for protecting critical industrial network nodes were implemented in the infrastructure—endpoint protection systems designed to monitor activity on workstations and servers in the process segment.
During implementation, engineers encountered a number of challenges. For example, the protection system conflicted with the access control system (ACS) software. To resolve the issue, the team collaborated with the vendor and conducted additional diagnostics.
Diagnosing and Troubleshooting Network Problems
During operation, additional operational issues with the network equipment were identified, including incorrect load balancing between channels.
Thanks to the implemented monitoring system, engineers were able to detect the problem, record it, and initiate a response to the equipment vendor.
Results
- As a result of the upgrade, the infrastructure became more secure from external and internal threats, and the likelihood of a repeat network compromise was significantly reduced.