Oil industry battles cybercrimes

*An oil industry worker inspecting a flow line.

*An oil industry worker inspecting a flow line.

10 October 2016, Lagos – Cybercrimes cost energy and utilities companies about $12.8m yearly a report by a security group has indicated.

The report on the website of DNV GL said the loss was in ruin business and damaged equipment.

It said platform operators needed confidence that countermeasures could deal with more sophisticated cyberattacks.

It described cybersecurity as a growing issue in the oil and gas sector since critical network segments in production sites, which used to be kept isolated, were now connected to networks.

According to the statement, the trend is towards remote operations and maintenance with centralised process data and plant information.

Old and outdated installations were said to be at risk and required risk mitigation actions.

The Control and Automation Engineer, Shell, Rune Wærstad, said, “We see that cybersecurity incidents are increasing with attempted attacks on a daily basis. By collaborating with others in the industry, we can ensure that we end up with one globally applicable regulation that is suitable for the oil and gas sector.”

To address these challenges, the DNV GL said it had established a Joint Industry Project with Shell, Statoil, Lundin, Siemens, Honeywell, ABB, Emerson and Kongsberg Maritime.

It said, in addition, the Norwegian Petroleum Safety Authority would take part as an observer, adding that the JIP would produce a guideline for protecting oil and gas installations against cybersecurity threats.

According to the statement, the JIP will result in reduced risk of cybersecurity incidents and cost-savings for operators by reducing the resources needed to define requirements and follow up.

It would also lead to cost-savings for contractors and vendors based on identical requirements from operators, and simplified audits for authorities and auditors due to common requirements and common conformance claims.

“Dealing with cybersecurity challenges has become a key focus area for the oil and gas sector. Attacks are becoming increasingly costly and harder for companies to recover from,” said the Principal Consultant, DNV GL – Oil and Gas, Pål Kristoffersen.

He added, “This JIP will lower the risk of cybersecurity incidents and trim costs for operators, contractors and vendors by reducing the resources needed to define requirements and by driving a standardised approach.”

According to the statement, the scope of the JIP is to produce cybersecurity guidelines to simplify and clarify the use of the IEC 62443 for FEED, projects and operations.

It said, “Good practice and reusable patterns are to be produced. The JIP will result in a recommended practice for industrial automation and control systems in 12 months’ time.

“The DNV GL is currently assisting Total E&P Norge with cybersecurity risk management for the Martin Linge field development and associated operations offshore Norway. The DNV GL’s scope of work includes the day-to-day management and coordination of cybersecurity during the project phase and through preparations for operation, with a specific focus on integrated control and safety systems.”

  • Punch
About the Author