New cybersecurity lab examines 'computational FPSO'
Today, investing in cybersafety is an accepted requirement for FPSOs and other offshore assets, and the amount being invested is growing rapidly.
Innovative approach assesses both physical and digital sides
Rick Scott, Cris DeWitt
Until a few years ago, many offshore assets were able to operate their entire working lives using only the safety features that were installed during construction. But times are changing. The historically slow pace of technology adoption has accelerated as the widespread use of automation becomes more practical and cost-effective. With the industry’s move toward deployment of highly instrumented, automated, and connected assets, there has been a realization that new operational challenges facefloating production, storage, and offloading (FPSO) units.
Today, investing in cybersafety is an accepted requirement for FPSOs and other offshore assets, and the amount being invested is growing rapidly. Cybersecurity Ventures predicts global spend in this area will top $1 trillion over the next five years. With such high levels of financial commitment and attention, cybersecurity is a hot topic. As a result of its surrounding publicity, it is easy to get caught up in buzz words and to be overwhelmed by the flood of information in the public domain. Arguably, if the industry is to find a way to contend long term with cyber threats, a more focused, precise, and measurable way – a rigorous engineering approach – is needed to deal with such challenges.
Beyond the physical asset
Classification societies have worked with the offshore industry since its inception to improve the safety and security of assets, but the face of safety is changing. A new approach that extends beyond the physical vessel is being conceptualized by the cybersafety team atABS. Like the steel exterior, which is designed based on mathematical descriptions, FPSOs and other vessels have a cyberstructure operating on interconnected networks that, until now, has been mostly unseen. Yet, that structure has as much impact on the FPSO’s functionality and safety as the steel vessel does.
In recognition of this idea, an FPSO is viewed by the team as two real but distinctly different vessels – one with a very visible steel face and another face that is mostly unseen. Both are engineered and constructed based on mathematical descriptions, but one has a dominant physical presence and the other does not. While the physical version clearly depends on heavy steel to function, the other “cyber FPSO” relies on relatively unseen computational information that it provides. The safety of this second vessel is critical to safe operation, and it is the focus of a new and important capability being rapidly expanded within ABS. Established earlier this year, the organization’s CyberSafety laboratory is being created to prove, analyze, and test data integrity and security concepts. In that way, it is different from other labs that concentrate on certifying tools.
Beyond security, the team is using this lab to better understand how to engineer and manage the emerging “communicating ship,” or a vessel that is heavily electronically sensed and constantly producing very large amounts of data. This knowledge is key to understanding a unit’s critical listening points, visualizing the most useful and cost-effective placement of sensors and managing the impact of very large data sets on both design and operation. Tools derived from this type of engineering information are being contemplated that will enable the industry to answer important questions about sensing total vessel health and beneficially communicating that knowledge to its operators and monitors. When used in combination, such tools can magnify the notion of asset safety to a level well beyond the physical vessel.
In creating and providing guidance for safe operation of cybersystems, it is critical to understand that the computational FPSO can be and must be engineered with the same principles as the steel FPSO. The focal point of that engineering is the development of architectural and visual representations of data generation points, communication pathways, and use points for actionable knowledge. The model of the cybersystem of an FPSO is being developed to mathematically describe and investigate the computerized elements of a vessel in much the same way that the steel vessel is described, investigated, and made safer. The intent is to use this model to describe the system’s characteristics (e.g., tasks, behaviors, capabilities, efficiencies, vulnerabilities, failures, etc.) using mathematically based engineering concepts.
|The ability to gather enormous volumes of data creates the challenge of how to use the data to advantage. By monitoring, gathering, evaluating and synthesizing input, it is possible to turn raw data into actionable knowledge. (Image courtesy ABS)|
The FPSO cybersystem model is to be a computational and graphical view of the digital assets. This view provides a complete representation of the elements of a vessel’s cybersystems, making it a “communicating ship.” This holistic approach results in actionable guidance that draws clear the distinctions between traditional IT practices and equally or more complex operational technology practices. It is a view that considers the safety engineering aspects of an FPSO in the increasingly computerized context of the offshore industry, beyond more familiar IT systems that support the industry’s business mission. This approach goes beyond regulatory compliance and moves into the realm of advanced data management and data analytics.
With sensors and instrumentation feeding a constant stream of health data, the hull becomes alive, continuously communicating its condition. Expectedly, a detailed FPSO cybersystem model will show these inputs, their functions, and connections to provide a more understandable representation of how data travels and is used onboard. It will show the digital components that are necessary to safe vessel operation and provide the clarity needed to assign critical status to cybersystem components in much the same way that this designation is given to heavily monitored and protected physical workings of the steel vessel.
Additional work focuses on understanding the integrity and use of data collected aboard the FSPO. By representing collected data as a proprietary asset that is transformed into organized information, the digital depiction can be translated into actionable, operational knowledge that in turn can inform the actions of those maintaining it. While today, the primary custodians of the vessel are people, there is a clear trend toward augmenting the skills and capabilities of crew with automation and decision support tools that make their jobs easier and safer.
Whether applied to software control systems, sensor technology, cybersecurity, or crew decision support, this research will provide a clear and accessible basis for industry-wide understanding and improvement. It has the potential to provide insight that the industry can use to make better decisions about automation, cybersecurity, data and system integrity, and even supply chain management. Through continued development, it may even provide a view of how much actionable information is actually delivered through investment in sensors, data collection, data analytics, and complex onboard communications systems. The overarching goal is to help industry understand, prove, analyze, and evaluate massively integrated systems, supporting data integrity, and cybersecurity concepts.
Making the intangible tangible
Although the concepts outlined are somewhat abstract, they become more comprehensible when an FPSO’s cybersystem is visualized as a factory that produces actionable knowledge as the end product. The raw material is data that is digitally manipulated, stored, and transformed into information that can be used by onboard equipment and staff to enable safe and effective operation. In practice, this knowledge factory can be visualized as a schematic diagram that enables the user to mathematically characterize the processes within the information factory – the knowledge production system working to convert data into information, information into knowledge, and finally knowledge into actionable knowledge that informs vessel functions and activities.
Within the model of the FPSO’s cybersystem, the processes of the information factory are decomposed and characterized with attributes that allow the factory’s behavior, risk points, integrity reducers, and cybersecurity penetration points to be analyzed. It provides a conceptual way of contemplating the unseen digital intelligence that provides semi-automated and automated decision support for operating the FPSO. This is a highly specialized engineering view of the “brains” of the asset through which information support system behaviors are described, examined, and predicted through an engineering lens.
When represented as schematics, these cybersystem views are made visual as layered images of categorized functions resident onboard the FPSO (e.g., power management, navigation, blowout prevention, etc.) and the information processes that support those functions. These images are similar conceptually to electrical or hydraulic schematic diagrams that are more accessible to technical staff aboard the vessel.
Beyond the uses for onboard FPSO personnel, the described representation of cybersystems allows owners and operators to focus on safety and levels of criticality of data that improve the ability to maintain asset integrity. It enables engineers to evaluate the dynamics and security of data being captured and communicated, which vastly improves the ability to assess cybersafety. Today, a family of representative vessels and their various levels of automation is being created to begin understanding the broader potential for the cybersystem models. The concept is even being considered for similar uses to research these systems for other types of assets, including ports, pipelines, and related infrastructure. With continued research and development, this new engineering representation of FPSO cybersystems has the potential to deliver useful insights into how much actionable knowledge is yielded through the investment made in sensors, data collection, data analytics and complex onboard communications systems. This unique approach to cybersafety charts a new path, delivering wider and deeper classification services as technology evolves and becomes more sophisticated. It provides a novel approach to addressing cyber-enabled systems that emphasizes human and systems safety. •
Risk-based management program introduced
Through its CyberSafety laboratory, ABS has generated multiple volumes of a suite of related documents, introducing the first module,Guidance Notes on the Application of Cybersecurity Principles to Marine and Offshore Operations in February 2016. This document was the industry’s first risk-based management program for applying best practice approaches to four key cyber areas: security, automated systems safety, data integrity, and software verification.
Additional guides and guidance notes address operational technology and information technology assessment, guidance on data integrity for the marine and offshore industries, and systems verification. Two additional volumes discuss integrated software quality management, while the final volume will provide a guide for cyber testing, providing a methodology for testing systems onboard marine and offshore assets.
Since this guidance is built using the lens of safety for offshore assets, it addresses concerns that make sense to owners and operators, which is particularly important in an environment filled with noise, uncertainty, and doubt.
This unique approach to cybersafety charts a new path, delivering wider and deeper classification services as technology evolves and becomes more sophisticated.