Anil Kumar Kaushik is Executive Director IS Group Refineries with Bharat Petroleum Corporation Limited (BPCL). He joined BPCL in June 1981 and has been instrumental in creating a seamless enterprise-wide communication and security infrastructure. He was also responsible for development of B2B, B2C, and web-based applications for Bharat Petroleum. Currently he is looking after IT needs for BPCL Group Refineries.
BPCL Mumbai Refinery uses various Operation Technology (OT) systems such as Distributed Control System (DCS), Advanced Process Control (APC) and Blend Process Control (BPC) for monitoring and controlling the plant operations. These OT systems are connected to Corporate IT systems for data analysis, reporting and decision making. In order to protect Refinery DCS (OT) from any cyber security attack from internal or external IT network, OT systems should be protected by ICS (Industrial Control System) aware firewall.
Techno-commercial evaluation was carried out for Gartner’s Leader Quadrant vendors, a firewall solution was selected and deployed in BPCL Mumbai Refinery for OT security. In discussion with various DCS vendors, firewall rules have been configured. Single firewall is deployed in each plant for various systems like DCS, APC, fire alarm etc. and patch updates for consolidation and better management. Centralized management console is deployed in high availability mode to manage all firewalls remotely and push all required signatures. Automated reports and email alerts for warning / errors have been configured for preventive actions and immediate root cause analysis. Security logs are being forwarded to corporate SIEM (Security Information & Event Management) system for further analysis.
The firewall with IPS / IDS, anti-malware, anti bot, anti-spyware and application awareness features ensures high level of information security of plant DCS system. There is a common firewall for various systems installed in single plant control room which leads to easy manageability and reduces operational cost. Various automated reports and alerts have been configured for immediate problem notification, rectification and troubleshooting.