Pan-industry JIP assesses cyber security risks

Sept. 29, 2016
Platform operators need confidence that countermeasures can deal with bigger and more sophisticated cyber-attacks, claims DNV GL.

Offshore staff

HOVIK, Norway – Platform operators need confidence that countermeasures can deal with bigger and more sophisticated cyber-attacks, claims DNV GL.

It says that cyber security is a growing issue in the oil and gas industry as critical network segments in production sites, which used to be kept isolated, are now connected to networks.

The general trend is toward remote operations, remote maintenance, and tighter inter-operability with centralized process data and plant information. Old and outdated installations are therefore at particular risk and require risk mitigation actions.

Rune Wærstad, control and automation engineer at Shell, said: “We see that cyber-security incidents are increasing with attempted attacks on a daily basis. By collaborating with others in the industry, we can ensure that we end up with one globally applicable regulation that is suitable for the oil and gas sector.”

DNV GL has established a joint industry project (JIP) with Shell, Statoil, Lundin, Siemens, Honeywell, ABB,Emerson, and Kongsberg Maritime. In addition, the Norwegian Petroleum Safety Authority will take part as an observer.

The JIP will produce a guideline for protecting oil and gas installations against cyber-security threats, using the IEC 62443 standard but tailored to oil and gas industry needs.

Goals of the JIP are:

  • Reduced risk of cyber-security incidents
  • Cost-savings for operators by reducing the resources needed to define requirements and follow up
  • Cost-savings for contractors and vendors based on identical requirements from operators
  • Simplified audits for authorities and auditors due to common requirements and common conformance claims.

Pål Børre Kristoffersen, principal consultant, DNV GL – Oil & Gas, said: “Attacks are becoming increasingly costly and harder for companies to recover from. This JIP will lower the risk of cyber-security incidents and trim costs for operators, contractors, and vendors by reducing the resources needed to define requirements and by driving a standardized approach.”

The JIP should deliver a recommended practice forindustrial automation and control systems within 12 months. Currently DNV GL is assisting Total E&P Norge with cyber-security risk management for the Martin Linge field development and associated operations offshore Norway.

DNV GL’s scope of work includes day-to-day management and coordination of cyber security during the project phase, with a specific focus on integrated control and safety systems.

09/29/2016

Share your news withOffshoreat [email protected]