Cyber-security risk assessment of offshore assets

MAR Consulting facilitated a cyber-security risk assessment for an operator of offshore assets in the Norwegian Continental Shelf (NCS). The assets shall comply with the strict Norwegian regulatory requirements. Petroleum Safety Authority (PSA) in Norway runs periodical audits to ascertain the level of IT security (among others) in the operating assets in the NCS. This work is part of an extended partnership with the operator to identify potential cyber-security vulnerabilities in their portfolio. Other assessments part of this work are: Cyber-security assessment of FPSO IT/OT systems · MAR Consulting; Cyber-security risk assessment of FPSO · MAR Consulting; Cybersecurity hazard identification […]

CHAZOP of control system on electrical power plant

MAR Consulting facilitated and documented a 2-day computer and control system HAZOP (CHAZOP) and a what-if analysis for an electrical power plant in Aruba. Major upgrades to the control system (HMI, PLCs, and network) triggered the analysis, with the objectives to: ▪ Evaluate the control system design modifications with regards to safety and operability;▪ Eliminate or reduce the likelihood of accidents and incidents due to the control system design modifications;▪ Identify and recommend design improvements. A what-if/ CHAZOP is a systematic review of the design and operation of a control system. MAR Consulting conducted the study as a multidisciplinary workshop […]

Cyber-security assessment of FPSO IT/OT systems

MAR Consulting performed a cyber-security assessment of a floating, production, storage and offloading (FPSO) vessel operating in the Norwegian Continental Shelf (NCS). The methodology used was similar to previous studies delivered by MAR Consulting. Please refer to (1, 2, 3, 4) for further details on the methodology or feel free to contact us. There were a number of key findings. Specifically, regarding interfaces between different systems; culture and awareness surrounding cyber-security; and potential backdoors to some IT/OT systems in the vessel. It was shown that the most critical control and automation process equipment were protected with several layers. Inherent safety […]

Cyber-security risk assessment of FPSO

MAR Consulting facilitated a cyber-security risk assessment of the systems required to operate a floating, production, storage and offloading (FPSO) vessel. The FPSO is currently operating in the Norwegian Continental Shelf (NCS). It is required to adhere to the strict regulatory requirements in the country. Petroleum Safety Authority (PSA) in Norway runs periodical audits to ascertain the level of IT security (among others) in the operating assets in the NCS. The main objective was to draw on the collective experience and lessons learned to identify potential cyber-security hazards. Other objectives were to analyze and evaluate identified cyber-security risks and propose ways to prevent […]

Cyber-security assessment of SAS/ESD system

MAR Consulting performed a cyber-security assessment of a recent upgraded safety and automation system (SAS) on a platform in the North Sea. The main focus was on the emergency shutdown system (ESD) and supporting data network infrastructure. Cyber-security assessments are now required by functional safety standard IEC 61511:2016 Ed. 2. The main objective of the study was to identify cyber-security threats, breaches, and vulnerabilities in the system, with the potential to cause damage and downtime to the platform. Confidentiality consequences were not considered in this study. Each identified scenario was described in terms of consequences, existing barriers and risk ranked […]

Cybersecurity hazard identification of Norwegian offshore production platform complex

MAR consulting AS facilitated a cybersecurity hazard identification (HAZID) of a manned oil & gas offshore production platform complex. The workshop aimed at identifying cybersecurity hazards based on the experience and knowledge of cybersecurity specialists and network administrators. It followed standard hazard identification strategies adapted to cybersecurity hazards. To learn more about the methodology, see our previous article or contact us.

Cybersecurity hazard identification

Cyber-attacks have the potential to become a major threat to oil and gas operators. Global ransomware damage costs are predicted to exceed $5 billion in 2017. That’s up from $325 million in 2015 — a 15X increase in two years and expected to worsen. Prevention and mitigation of accidents are normally achieved through good practices, hazard and risk assessments, and application of appropriate risk reduction measures. However, traditional process and hazard studies such as hazard and operability studies (HAZOP), hazard identification (HAZID), etc.. are not appropriate to address cybersecurity threats since they typically only consider single initiating events. MAR Consulting […]