JSC TANECO (part of the PJSC TATNEFT Group) is a modern enterprise in the Russian oil refining industry, and is of strategic importance for the development of the country’s economy
The strategic goal of TANECO is the production of high-quality products in a continuous technological process.
In February 2018, the company launched a pilot operation of Kaspersky MLAD in the technological process of CDU-VDU-7.
- Industry: oil refining
- Client: JSC TANECO, Nizhnekamsk, Republic of Tatarstan, Russia
- Deployment facility: CDU-VDU-7 (CDU – Crude Distillation Unit, VDU – Vacuum Distillation Unit).
The number of processes at the enterprise is enormous, which creates multiple risks. The most complex and important unit at the plant is CDU-VDU-7 (7 million tons of oil a year), which includes the electric desalting system (where crude oil arrives), the furnaces, and the atmospheric and vacuum columns where oil products are distilled into different fractions. The processes here are sensitive to input feedstock, the correct functioning of the cooling system, and the operating temperature ranges. It is critically important that information about deviations in the technological processes be supplied automatically.
For this reason, TANECO selected this unit to pilot the Kaspersky MLAD early anomaly detection system, which uses machine learning on telemetry data received from the plant’s technological processes.
Kaspersky MLAD is deployed at CDU-VDU-7 in combination with Kaspersky Industrial CyberSecurity for Networks. Kaspersky Industrial CyberSecurity for Networks analyzes mirrored traffic from the automated production management system, and transmits tags to Kaspersky MLAD using the gRPC protocol in online mode. Kaspersky MLAD returns information about detected anomalies.
The ML model is built on historical data from the technological processes of CDU-VDU-7 for 2017. It is able to detect anomalies in the technological processes of this installation. The ML model can be retrained using new data.
In the period April 2017–May 2018, various types of anomalies were discovered:
- Deviations in the technological process related to changes in the plant’s operating modes
- Change-over of facility control loops to manual mode
- Situations related to incorrect sensor readings
This case study covers an anomaly detected in the temperature of the vacuum distillation column packing. In this case, analysis showed that the anomaly was caused by an incorrect flowmeter measurement due to impulse tubes being blocked by coke deposits.
The information security experts now have a tool for automatic early warnings about dangerous situations.
The specialists overseeing the technological process now have a tool for the automatic early detection and interpretation of anomalies, with an intuitive interface for monitoring process parameter trends and performing deviation analysis.
“For many years, we have been successfully cooperating with Kaspersky to protect the company’s office network. We are also jointly implementing a pilot project for the maintenance of the industrial information security system for the railway gasoil unloading terminal. Therefore, in addition to information security systems to ensure the safety of technological processes, we plan to use the Kaspersky MLAD solution.
“The solution we chose allowed us to significantly increase the transparency of the processes on the most important CDU-VDU-7 unit and to detect any deviations in automatic mode, without resorting to a huge number of written rules and constraints. Early detection enables operators to avert dangerous situations regardless of the cause – be it a configuration error, hardware failure, or hacker attack.”