Journal of Cybersecurity and Privacy (Feb 2022)

Security and Independence of Process Safety and Control Systems in the Petroleum Industry

  • Tor Onshus,
  • Lars Bodsberg,
  • Stein Hauge,
  • Martin Gilje Jaatun,
  • Mary Ann Lundteigen,
  • Thor Myklebust,
  • Maria Vatshaug Ottermo,
  • Stig Petersen,
  • Egil Wille

DOI
https://doi.org/10.3390/jcp2010003
Journal volume & issue
Vol. 2, no. 1
pp. 20 – 41

Abstract

Read online

The developments of reduced manning on offshore facilities and increased information transfer from offshore to land continue and may also be a prerequisite for the future survival of the oil and gas industry. A general requirement from the operators has emerged in that all relevant information from offshore-located systems should be made available so that it can be analysed on land. This represents a challenge to safety in avoiding negative impacts and potential accidents for these facilities. The layered Purdue model, which helps protect OT systems from unwanted influences through network segregation, is undermined by the many new connections arising between the OT systems and the surroundings. Each individual connection is not necessarily a problem; however, in aggregate, they add to the overall complexity and attack surface thereby exposing the OT systems to increased cyber risk. Since the OT systems are critical to controlling physical processes, the added connections represent a challenge not only to security but also to safety.

Keywords