Embracing the security perspective in the Digital Age
Energy and maritime assets are targets
Many energy workers have experienced how quickly and easily malware and viruses can be accidentally transferred to OT systems. For example, through e-mail or unsecure websites, via infected devices brought in from the outside. Along with increasing levels of digitalization and automation, the potential for damaging consequences increase equally. Even more disturbing is the fact that many cyber-attackers today are extremely well financed and organized, capable of launching highly sophisticated attacks. Hacker tools are available for sale on the black market, providing perpetrators with a comprehensive toolbox to build from.
Like ships, assets in the Oil & Gas industry used in exploration, drilling, transportation and production, depends on a myriad of inter-connected industrial automation and control systems. Today, this industry is undergoing a massive digitalization process offering new insight, efficiency, optimization and the ability to keep people away from harmful tasks. Taking advantage of digitalization and increased connectivity however also means opening open up OT systems to cyber threats.
Better security practices and solutions are required
International and national standardization and regulatory activities to protect OT systems in the Oil, Gas and Maritime industry are starting to take form. Examples are voluntary guidelines issued by or referred to by regulators. The goal of these guidelines is to ensure a common adequate level of security in all parts of the supply chain affecting Oil, Gas or Maritime assets. Often they refer to, or reference industry generic internationally recognized standards.
In addition to NIST CFS, IMO refer to other relevant best practices: BIMCOs Guidelines on Cybersecurity Onboard Ships and ISO/IEC 27001.
Secure-NOK has chaired the IADC Cybersecurity Committee since its beginning as a Work Group in 2014. We and others have contributed our expertise in developing policies, processes and technology to ensure security. In close cooperation with the industry, it is made sure everything we propose is practical and can be realistically utilized in a driller’s environment and mode of operation. The result of this effort is a series of user-friendly guidelines designed to help drillers becoming more secure:
Key to a Cybersecurity Program
Once the required organizational support and scope of the Cybersecurity Program is in place, the strategy and requirements for the program must be established. This usually include selecting a relevant and recognized standard to be used as inspiration and guidance.