MAR Consulting performed a cyber-security assessment of a floating, production, storage and offloading (FPSO) vessel operating in the Norwegian Continental Shelf (NCS). The methodology used was similar to previous studies delivered by MAR Consulting. Please refer to (1, 2, 3, 4) for further details on the methodology or feel free to contact us. There were a number of key findings. Specifically, regarding interfaces between different systems; culture and awareness surrounding cyber-security; and potential backdoors to some IT/OT systems in the vessel. It was shown that the most critical control and automation process equipment were protected with several layers. Inherent safety […]
MAR Consulting performed a cyber-security assessment of a recent upgraded safety and automation system (SAS) on a platform in the North Sea. The main focus was on the emergency shutdown system (ESD) and supporting data network infrastructure. Cyber-security assessments are now required by functional safety standard IEC 61511:2016 Ed. 2. The main objective of the study was to identify cyber-security threats, breaches, and vulnerabilities in the system, with the potential to cause damage and downtime to the platform. Confidentiality consequences were not considered in this study. Each identified scenario was described in terms of consequences, existing barriers and risk ranked […]
MAR consulting AS facilitated a cybersecurity hazard identification (HAZID) of a manned oil & gas offshore production platform complex. The workshop aimed at identifying cybersecurity hazards based on the experience and knowledge of cybersecurity specialists and network administrators. It followed standard hazard identification strategies adapted to cybersecurity hazards. To learn more about the methodology, see our previous article or contact us.
Cyber-attacks have the potential to become a major threat to oil and gas operators. Global ransomware damage costs are predicted to exceed $5 billion in 2017. That’s up from $325 million in 2015 — a 15X increase in two years and expected to worsen. Prevention and mitigation of accidents are normally achieved through good practices, hazard and risk assessments, and application of appropriate risk reduction measures. However, traditional process and hazard studies such as hazard and operability studies (HAZOP), hazard identification (HAZID), etc.. are not appropriate to address cybersecurity threats since they typically only consider single initiating events. MAR Consulting […]