Multi-layer secure change management for custody transfer parameters with role-based access and closed-loop verification.
Industry: Oil & Gas (Upstream/Midstream)
Quick Facts
| Attribute | Value |
|---|---|
| Sites | 6 LACT facilities (Midway ST31, Cymric 31X, others) |
| Parameters | Meter Factor, Water Cut, API Gravity |
| Architecture | Layer 4 UI → Gateway → Edge Command & Control → PLCs |
| Security | Role-based (Guest/Operator/Engineer/Admin) with 2FA |
| Data Systems | PI (Site & Corporate), OPC via Kepware |
| Testing | FAT (~60%), SAT (~90%) with full role matrix |
The Challenge
Challenge: Provide a secure way for approved users to view and adjust LACT process parameters across multiple sites without exposing PLCs directly to business network users.
Specific pain points:
- Existing methods lacked role-based access control
- No audit trails for parameter changes
- No automated verification of changes
- PLCs exposed to L4 users creating security risk
- Need for deterministic gatekeeping with business rules enforcement
- Required closed-loop verification back to users
Impact: Without secure change management, custody transfer parameters could be misconfigured, creating compliance and accuracy risks across IT/OT boundaries.
The Solution
Architecture
| Layer | Component | Capabilities |
|---|---|---|
| L4 Business | User Interface | Role-based login (2FA), view/request changes |
| L3.5 SCADA DMZ | Application Gateway | Secure relay between business and field networks |
| L3.5 Field DMZ | Edge Command & Control | Business rules, queue, OPC writes, PI verification |
| Field | PLCs via Kepware OPC | Primary/backup read/write |
Architecture Diagram:
Parameter Management
| Parameter | Type | Range | Max Delta |
|---|---|---|---|
| Meter Factor | Changeable | 0.70–1.25 | ≤1.00 |
| Water Cut | Changeable | 0–5% | ≤6 |
| API Gravity | Changeable | -10.0–100.0 | ≤111.0 |
| Temperature | View only | — | — |
| Pressure | View only | — | — |
| Tank Level | View only | — | — |
Role-Based Access
| Role | Capabilities |
|---|---|
| Guest | View only |
| Operator | View + limited changes |
| Engineer | View + parameter changes |
| Admin | Full access + configuration |
Embedded Business Rules
Context Rules:
- Correct Area/Site verification
- Time window enforcement (07:00–17:00, weekdays only)
- Not on first/last 2 days of month
- Frequency limit (≤2 successful changes per user/asset/parameter/day)
Value Rules:
- Min/Max range checking
- Delta (change magnitude) limits
- Automatic rejection with explicit reasons
Closed-Loop Verification Flow
User Request (L4 UI)
↓
Gateway (L3.5 SCADA DMZ)
↓
Edge Command & Control (L3.5 Field DMZ)
↓
(Business rules check)
OPC Write to PLC (via Kepware)
↓
Site PI Read-back
↓
PI-to-PI Replication → Business PI
↓
User Confirmation (with status codes)
Communications- Routed per-site (port family 5101–5106)
- Heartbeat tags for connection monitoring
- FIFO queueing at Edge Command & Control
Key Enablers
FrameworX capabilities that made this solution possible:
| Capability | Application |
|---|---|
| Layered Architecture | Clean separation of L4 UI, L3.5 Gateway, Edge rules engine |
| Role-Based Security & Audit | AD/2FA integration, per-request logging, full status lifecycle |
| Rules-Driven C&C at Edge | Deterministic gatekeeping close to process, FIFO queueing |
| Closed-Loop Verification | OPC write → Site PI read-back → PI-to-PI → Business PI confirmation |
| Operational Transparency | Rich status codes returned to user for every request |
The Results
- Secure IT/OT Change Management — Parameter adjustments across network boundaries without exposing PLCs to L4 users
- Governed, Auditable Adjustments — Explicit pass/fail reasons improve compliance and trust
- Reduced Misconfigurations — Rule enforcement and automatic verification prevent errors
- Scalable Multi-Site Pattern — 6 sites in pilot, ready for broader rollout
- Complete Audit Trail — Every request logged with full status lifecycle
- Operational Confidence — Users receive verification that changes were applied correctly
This case demonstrates secure LACT parameter management with multi-layer architecture, role-based access, and closed-loop verification across IT/OT boundaries.
In this section...