Cyber-security risk assessment of offshore assets

MAR Consulting facilitated a cyber-security risk assessment for an operator of offshore assets in the Norwegian Continental Shelf (NCS). The assets shall comply with the strict Norwegian regulatory requirements. Petroleum Safety Authority (PSA) in Norway runs periodical audits to ascertain the level of IT security (among others) in the operating assets in the NCS. This work is part of an extended partnership with the operator to identify potential cyber-security vulnerabilities in their portfolio. Other assessments part of this work are: Cyber-security assessment of FPSO IT/OT systems · MAR Consulting; Cyber-security risk assessment of FPSO · MAR Consulting; Cybersecurity hazard identification […]

Cyber-security risk assessment of FPSO

MAR Consulting facilitated a cyber-security risk assessment of the systems required to operate a floating, production, storage and offloading (FPSO) vessel. The FPSO is currently operating in the Norwegian Continental Shelf (NCS). It is required to adhere to the strict regulatory requirements in the country. Petroleum Safety Authority (PSA) in Norway runs periodical audits to ascertain the level of IT security (among others) in the operating assets in the NCS. The main objective was to draw on the collective experience and lessons learned to identify potential cyber-security hazards. Other objectives were to analyze and evaluate identified cyber-security risks and propose ways to prevent […]

Cyber-security assessment of SAS/ESD system

MAR Consulting performed a cyber-security assessment of a recent upgraded safety and automation system (SAS) on a platform in the North Sea. The main focus was on the emergency shutdown system (ESD) and supporting data network infrastructure. Cyber-security assessments are now required by functional safety standard IEC 61511:2016 Ed. 2. The main objective of the study was to identify cyber-security threats, breaches, and vulnerabilities in the system, with the potential to cause damage and downtime to the platform. Confidentiality consequences were not considered in this study. Each identified scenario was described in terms of consequences, existing barriers and risk ranked […]

Nuclear industry risk identification – contract extension

MAR Consulting AS received a contract extension to perform hazard identification (HAZID) and operability analysis with regards to worker safety in a major new build in Lund, Sweden. The new build will be a European nuclear research facility. Further responsibilities include oxygen deficient hazard (ODH) analysis and defining processes, rules, guidelines, and procedures for risk identification, analysis, evaluation and treatment within the facility during design, manufacturing and installation phases.

Cybersecurity hazard identification of Norwegian offshore production platform complex

MAR consulting AS facilitated a cybersecurity hazard identification (HAZID) of a manned oil & gas offshore production platform complex. The workshop aimed at identifying cybersecurity hazards based on the experience and knowledge of cybersecurity specialists and network administrators. It followed standard hazard identification strategies adapted to cybersecurity hazards. To learn more about the methodology, see our previous article or contact us.

Cybersecurity hazard identification

Cyber-attacks have the potential to become a major threat to oil and gas operators. Global ransomware damage costs are predicted to exceed $5 billion in 2017. That’s up from $325 million in 2015 — a 15X increase in two years and expected to worsen. Prevention and mitigation of accidents are normally achieved through good practices, hazard and risk assessments, and application of appropriate risk reduction measures. However, traditional process and hazard studies such as hazard and operability studies (HAZOP), hazard identification (HAZID), etc.. are not appropriate to address cybersecurity threats since they typically only consider single initiating events. MAR Consulting […]