Looking for a specific product?

Make a search for products & suppliers, articles & news.

INDUSTRY COLLABORATION DELIVERS RECOMMENDED PRACTICE ON HOW TO FIGHT CYBER THREATS IN THE OIL AND GAS INDUSTRY

Critical network segments in production sites,

DNV GL

Offshore Europe, Aberdeen: The benefits of digitalization in the oil and gas industry are profound, but are also causing cyber risks to emerge. Almost 68% [1] of oil and gas companies were affected by at least one significant cyber incident in 2016, and many attacks are assumed to be undetected or unpublished. Based on a joint industry project, DNV GL is now launching a globally applicable recommended practice (RP), DNVGL-RP-G108, addressing how oil and gas operators, together with system integrators and vendors, can manage the emerging cyber threat.

 

DNV GL

Critical network segments in production sites, which used to be kept isolated, are now connected to networks, making the operational technology (OT) more vulnerable. According to recent research[1], fifty-nine per cent of oil and gas companies surveyed believe there is greater risk in the OT than the IT environment. Managing threats towards OT requires knowledge beyond general information security, such as oil and gas operational domain competence, in particular related to automated, unmanned, integrated and remote operations which are accessible online.  

 

The new DNV GL recommended practice (RP) "Cyber security in the oil and gas industry based on IEC 62443" is the result of a nearly two-year-long joint industry project (JIP) together with partners Shell Norge AS, Statoil, Woodside, Lundin Norway, Siemens, Honeywell, ABB, Emerson and Kongsberg Maritime. The Norwegian Petroleum Safety Authority has observed the work and exchanged experiences with the JIP group from a regulatory perspective. The RP is based on the IEC 62443 standard, international practice, professional experience, and takes into account HSE requirements and the IEC 61511 functional safety standard. It outlines a tailored approach for the oil and gas industry on how to build security, with the emphasis on OT.  

 

Pål Børre Kristoffersen, JIP Project Manager, DNV GL – Oil & Gas, says: “Industry players need confidence that security countermeasures can deal with more frequent and sophisticated cyber-attacks, which are becoming increasingly costly and harder for companies to recover from. Dealing with cyber-security challenges has become a key focus area for the oil and gas sector, and there is greater awareness of the requirements that need to be in place. There has, until now, been a lack of guidance for the oil and gas industry on how to implement these requirements. The new RP, developed in collaboration with key players, puts OT, together with IT, in the limelight, so the oil and gas industry can protect their operations.” 

 

 

The scope of the RP is guidance on how to use the IEC 62443 series of standards for projects and operational phases, including good practice and a reusable approach. It is tailored for oil and gas onshore and offshore operations. The IEC standards define what to do, while the RP describes how, and implementation will result in:

  • A reduced risk of cyber-security incidents
  • Cost-savings for operators by reducing the resources needed to define requirements and follow up
  • Cost-savings for contractors and vendors based on standardized design requirements from operators
  • Simplified audits for authorities and auditors due to common requirements and common conformance claims.

 

DNV GL Julie Fallon, Senior Vice President Engineering, Woodside says: “Aligning our Operational Technology cyber security approach to IEC 62443 enables us to learn from and contribute to industry knowledge and capability. The recommended practice provides practical guidance on applying the standard to oil and gas.”  

 

"The OT convergence between IT and Engineering is critical to ensuring successful OT security management. The JIP process leading to this RP has enabled our team to leverage industry best practices, share learnings, and grow capability,” she adds.  

 

A joint statement from the vendors involved in the RP: “Our customers in the oil and gas industry are to a large extent facing the same types of cyber-threats found in information technology systems. Being able to standardize what we deliver to our customers is important in reducing cyber-risks and reducing cost. Above all, it will increase the safety, availability and reliability of the operational technology systems. The organizations operating the systems can also manage cyber-risks by following and implementing the identification, protection, detection, response and recovery steps defined in the standards to withstand cyber-attacks. In the process of defining this RP, we have collaborated with both our competitors and our customers on guidance to the IEC 62443 series of standards.”  

 


Associated companies:


Related news

Latest news

IAEA Mission says Research Reactor Operator in Norway is Committed to Safety

A team of eight reactor experts from the International Atomic Energy Agency (IAEA) has for one week undergone the safety of the JEEP II research reactor at Kjeller. The expert group concludes that IFE strongly emphasizes s...

New Research Center for Environment-friendly Energy

The new FME center is dedicated to development of materials, components and technology for use of batteries and hydrogen in zero emission transport systems. It will be a special focus on the maritime sector.

The Netherlands re-join the Halden Reactor Project

The Netherlands signed the Halden Agreement on December 1st and will formally become the 20th member country in the Halden Reactor Project (HRP) after the formal acceptance from the Halden Board during their Paris meeting ...

First phase of DNV GL led offshore cable and pipeline operations equipment joint industry project completed

The data analysed during phase 1 has identified and recorded various processes...

The end of the paper chase: DNV GL to roll out electronic certificates across entire fleet

Certificates are published on DNV GL’s customer portal immediately after an onboard survey is completed,

New Integrated Solution Set to Redefine DP Reference Systems

DPS i2 and DPS i4 utilise KONGSBERG's unique motion gyro compass (MGCTM) and motion reference unit (MRUTM) technology.

Servogear service hub in Asia

September 2017, Servogear announce the strengthening of our presence in Asia with the establishment of a service hub in Singapore.

New Machining Center In Fredrikstad

Jotne opened a brand new machining hall in Fredrikstad on the 20th of May.

Construction and Testing of 4 Caterpillar C280 Gensets Finalized

Jotne has together with thier client Pon Power finalized construction and testing of 4 Caterpillar C280 gensets in Jotne’s factory in Fredrikstad.