Woodside

Leveraging Cloud to Build a scalable OT Cloud Platform with DMZ Capabilities and Remote Access Portal

Challenge

Woodside, a leading Australian oil and gas company, has embarked on an Operational Technology (OT) digital transformation to enhance the management and security of their critical assets. Their existing on-premise Process Control Access Domain (PCAD) system posed challenges in supporting remote access, accommodating future growth, and ensuring a robust cybersecurity posture. 

Woodside sought to leverage cloud technologies to address these issues in an agile, low-cost manner. They required a solution that could provide scalability, availability, and accessibility to process control networks (PCNs) across multiple regions while adhering to stringent security and compliance requirements. The transformation had a tight timeframe to minimize disruption to operations and to enable Woodside to quickly reap the benefits of a modern, cloud-based platform.

Key Issues

Inflexibility and Lack of Agility: Woodside’s existing on-premise Process Control Access Domain (PCAD) system had become increasingly inflexible. The legacy system was heavily customized and tightly coupled, making it difficult to implement changes or add new functionalities, and it was unable to keep pace with the dynamic demands of their operations. This lack of agility hindered Woodside’s ability to quickly respond to changing business requirements by adopting new technologies, limiting their operational efficiency and competitiveness. 

•  Maintenance Challenges and System Instability: The legacy PCAD system had accumulated significant technical debt over time, resulting in complex and fragile architectures. Just running the system demanded intense maintenance effort, which consumed valuable time and resources from Woodside’s IT teams. The aging infrastructure and lack of standardization added to the challenge of troubleshooting issues and ensuring system stability. Woodside faced the risk of costly production delays caused by system downtime and disruptions impacting critical OT operations. 
•  Legacy Technical Debt and Skill Set Limitations: The PCAD system relied on outdated technologies and proprietary solutions, making it difficult to find and retain skilled personnel to support and maintain the system. The legacy technical debt created knowledge silos and increasing dependencies on a limited pool of experts, posing risks to long-term sustainability. Woodside recognized the need to modernize their OT environment and adopt industry-standard technologies to attract and retain top talent, ensure business continuity, and enable future innovation. 

Solution

Versent collaborated closely with Woodside to design and implement a cutting-edge cloud transformation solution on Amazon Web Services (AWS). The custom-built platform leveraged AWS accounts to create a secure DMZ environment, enabling seamless management of Woodside’s OT assets and providing a robust foundation for future growth. 

 What began as a DMZ environment evolved into a comprehensive OT Cloud Platform capable of hosting not only traditional DMZ functions but also PCN level 3 services. The platform was designed to support DMZ capabilities including remote access, secure file transfer, and edge network security, while also enabling the consolidation of service duplication and sprawl where possible, and allowing the exposure of AWS services at a PCN trusted level. This evolution from a DMZ environment to a comprehensive OT Cloud Platform demonstrates Versent’s commitment to understanding Woodside’s changing needs and adapting our approach to deliver maximum value, showcasing our client-focused methodology and technical agility. 

Central to the solution was the development of a CICD pipeline and DevOps model, streamlining infrastructure deployment and application development. We built a file transfer system with core hygiene actions, ensuring the integrity and security of data flows. A React-based web portal was created to provide intuitive access to the platform’s functionality. 

To enhance remote access capabilities, we integrated AppStream components and established a Gateway solution for server-side and back-end integration. The platform was designed to be highly scalable, allowing for deployment to additional regions as Woodside’s operations expand. 

As Part of the process

We initiated the engagement by conducting a thorough assessment of Woodside’s current OT environment, identifying pain points, and understanding their future vision for asset management. Through close collaboration with key stakeholders, we developed a comprehensive roadmap that aligned with Woodside’s strategic objectives and laid the foundation for a successful cloud transformation. 

Our team designed a robust and secure OT Cloud Platform architecture tailored to Woodside’s specific requirements. We leveraged AWS best practices and incorporated cutting-edge security controls to ensure the solution met the highest standards of data protection and compliance. Rigorous testing and scenario-based validations were conducted to verify the platform’s performance, scalability, and resilience. 

With the architectural design finalized, we implemented the solution using an agile methodology. This involved provisioning the necessary AWS accounts, configuring security groups and network settings, and deploying the OT Cloud Platform components. Our DevOps experts set up a CICD pipeline to streamline infrastructure deployment and application updates, ensuring a smooth and efficient rollout process. 

Throughout the implementation phase, we worked alongside Woodside’s teams to develop and integrate critical platform components. This included the file transfer system with core hygiene actions, the React-based web portal for intuitive access, and the AppStream and Gateway solutions for enhanced remote access capabilities. Our team leveraged automation tools and scripts to accelerate the deployment process and minimize manual interventions. 

Knowledge transfer and training were integral parts of our engagement with Woodside. We conducted comprehensive training sessions to familiarize Woodside’s teams with the OT Cloud Platform, its functionalities, and best practices for effective utilization. Through hands-on workshops and documentation, we empowered Woodside’s staff to confidently operate and maintain the platform, ensuring long-term success and self-sufficiency. 

By following a structured and collaborative approach, we successfully delivered a robust and scalable OT Cloud Platform that transformed Woodside’s OT asset management capabilities. Our process focused on recognising and aligning with Woodside’s goals, leveraging industry best practice, and ensuring a smooth transition to the new cloud-based solution while prioritizing security and compliance at every step.

Outcome

The successful implementation of the OT Cloud Platform and remote access solution for Woodside resulted in several significant outcomes: 

• Enhanced Flexibility and Agility: The cloud-based platform provided Woodside with the flexibility and agility needed to adapt to changing business requirements. By leveraging AWS services, Woodside could quickly deploy and scale their OT environments, enabling them to respond swiftly to new demands and opportunities. The platform’s modular architecture allowed for easy integration of new functionalities and technologies, reducing the time and effort required to implement changes. This increased agility empowered Woodside to stay competitive and drive innovation in their OT operations. 
• Simplified Maintenance and Improved Stability: The OT Cloud Platform significantly simplified the maintenance of Woodside’s OT environment. By migrating to a cloud-based solution, Woodside could offload the burden of managing and maintaining physical infrastructure, reducing operational complexities. The platform’s standardized components and automated processes streamlined maintenance tasks, allowing Woodside’s IT teams to focus on higher-value activities. The use of AWS services, with their built-in redundancy and fault-tolerance, improved system stability and minimized the risk of downtime, ensuring the continuity of critical OT operations. 
• Modernization and Future-Proofing: The implementation of the OT Cloud Platform enabled Woodside to modernize their OT environment and break free from the constraints of legacy technical debt. By adopting industry-standard technologies and best practices, Woodside could attract and retain skilled personnel, ensuring the long-term sustainability of their OT operations. The platform’s scalability and flexibility provided a strong foundation for future growth and innovation, allowing Woodside to easily integrate new technologies and adapt to evolving industry trends. This future-proofing approach positioned Woodside to stay ahead of the curve and maintain their competitive edge in the market. 
• Service Consolidation and Optimization: The expanded scope of the platform allowed Woodside to consolidate service duplication and sprawl where possible, optimizing their IT resources and reducing operational costs. By hosting PCN level 3 services alongside traditional DMZ functions, Woodside achieved greater efficiency and simplified their OT architecture. 

These outcomes demonstrate the transformative impact of the OT Cloud Platform on Woodside’s OT asset management. The solution addressed the key challenges of inflexibility, maintenance complexity, and legacy technical debt, enabling Woodside to achieve increased agility, simplified operations, and a future-ready OT environment. With the power of the cloud, Woodside is now well-equipped to drive operational excellence, foster innovation, and meet the evolving demands of their business. 

Key Takeaways

The key takeaways from this case study include: 

• Comprehensive OT Cloud Platform with Versatile Site Support: Our solution evolved beyond the initial DMZ requirements to become a versatile OT Cloud Platform capable of hosting both traditional DMZ functions and PCN level 3 services. Rather than replacing existing L3 PCN workloads at established assets, the platform provides supporting services to those sites while offering broader service provision for new OT sites with smaller on-premise footprints. This enables consolidation of service duplication and more efficient OT management across Woodside’s diverse operational landscape. 
•  Enhanced Remote Access and Collaboration: By leveraging the AWS cloud and our custom-built components, Woodside’s workforce can now securely access OT systems from anywhere, fostering improved collaboration and productivity. The intuitive web portal and streamlined workflows empower teams to efficiently manage and maintain their critical assets, reducing operational complexities. 
•  Robust Security and Compliance: Our solution equips Woodside with comprehensive security controls and data governance capabilities. By utilizing AWS best practices and implementing features like the file transfer system with hygiene actions, Woodside can effectively protect sensitive OT data, maintain data integrity, and ensure compliance with stringent industry regulations. The platform enables them to confidently manage and safeguard their OT environment. 

What’s Next?

With the successful implementation of the OT Cloud Platform, Woodside is poised to continue their digital transformation journey and leverage the power of the cloud for their OT asset management. As Woodside’s operations expand, the scalable architecture of the platform will enable seamless extension to additional geographic regions. This will ensure consistent and reliable access to OT assets across Woodside’s global operations, facilitating efficient monitoring, management, and collaboration. 

Key Stakeholders

Chad Moskwiak – Project Sponsor