Offshore Industry issue 5 2021

Page 29

A UTOMATION, CONTROL & MEASUREMENT TECHNOLOGY

Naval Dome concludes cyber security project NAVAL DOME AND THE OFFSHORE DIVISION OF A SUPERMAJOR HAVE COMPLETED A JOINT PROJECT TO IDENTIFY AND MITIGATE CYBER RISKS COMMON TO OFFSHORE DEEPWATER DRILLING RIGS.

More advanced solutions are needed to better protect an offshore platform from cyber-attack.

F

indings from the two-year project, culminating in the installation and pilot testing of Naval Dome’s Endpoint cyber defence system aboard drilling rigs in the Gulf of Mexico, indicate that the minimum industry guidelines, regulations and security techniques are out of step with current platform technology, connectivity requirements and cyber-attack methodology.

Shortfalls and challenges

In a joint research paper presented at the recent OTC Houston conference, the authors state, “Activities over two years have demonstrated shortfalls and real challenges that need to be addressed if we are to create a more cyber-secure deepwater drilling rig environment.” In presenting the Cyber defence of Offshore Deepwater Drilling Rigs paper to conference delegates, Adam Rizika, Head of Strategy of Naval Dome, says, “Where systems installed on offshore platforms had traditionally been isolated and unconnected, limiting cyber hack success, the increase in remote monitoring and autonomous control, IOT, and digitalisation has made rigs much more susceptible to attack.”

Simulation

Going on to reveal how the test rigs’ OT (operation technology) networks were penetrated using a software installation file for dynamic positioning (DP) and workstation charts, Mr Rizika, explained that Naval Dome simulated an OEM service technician unwittingly using a USB stick with

o f f s h o r e - i n d u s t r y.eu

Cyber security.indd 27

malicious software containing three zeroday exploits. “The modified file was packaged in a way that looked and acted like the original one and passed anti-virus scanning without being identified as a cyberattack or picked up by the installed cyber network traffic monitoring system”, he explains. Although the attack was carried out internally, Mr Rizika noted remote execution was feasible using the rig’s externally facing network connections. “Penetration testing confirmed how a targeted cyber-attack on a deepwater drilling rig could result in a serious process safety incident, with associated financial and reputational impact”, he adds.

Purpose-built solutions are needed

In the paper, the authors state that pilot tests confirm traditional, ‘perimeter type’ IT transplanted OT cyber security solutions, such as anti-virus, network monitoring and firewalls, are not enough to protect critical safety and processing equipment from attack, leaving rigs vulnerable. “It is abundantly clear that more advanced purpose-built solutions are needed to better protect an offshore platform from exposure to external and internal cyber-attacks, whether targeted or otherwise”, reports Mr Rizika. The paper goes on to highlight a shortage of OT cyber domain skilled staff, regulation and controls that are slow to evolve and be implemented, an IT-centric approached being applied to an OT

Photo courtesy of Naval Dome.

environment, and a mismatch between drilling rig systems and equipment and their supporting software. Mr Rizika states, “Although industry guidelines and regulations offer minimum standard requirements, we found the advancement in rig technology, connectivity and cyber-attack methodology has outpaced the regulations, driving the need for a more comprehensive approach.”

No expensive upgrades needed

Commenting on the project’s findings, Naval Dome’s Chief Executive Officer Itai Sela, states, “The project and successful pilot testing of a multi-layer cyber defence solution aboard these rigs has demonstrated that both new and legacy OEM systems can be better protected from internal and external cyberattack vectors, without the need for expensive equipment upgrades, or higher overheads that lead to an increase in total cost of ownership. Results to date demonstrate that the endpoint system is robust and can operate without interfering with ongoing rig operations. The cost of upgrading the obsolete systems is high, and even if upgrades are undertaken vulnerabilities can still remain.” By approaching the problem differently, Naval Dome and the oil major believe that the attainment of a cyber resilient environment can be accelerated onboard offshore installations at a critical time for the industry. i. navaldome.com

OSI  2021 | Vo l u me 14 | I s s u e 5 | 2 7

25-10-2021 11:47

Turn static files into dynamic content formats.

Create a flipbook

Articles inside

Paving the way

3min
pages 32-33

Yellow & Finch Pages

9min
pages 48-49

Salem Harbor to be transformed into ofshore wind port

4min
pages 42-43

The Yellow & Finch Maritme Charity Golf Event

2min
pages 44-46

Repowering wind farms

7min
pages 38-41

The world’s most infuental meetng place

3min
pages 34-35

Wintershall Dea investgates conversion of natural gas pipelines for CO2 transport

2min
pages 36-37

World’s most advanced project set to transform deepwater riser market ON THE COVER

4min
pages 30-31

Three ladies and a gentleman

12min
pages 18-21

World’s frst recyclable wind turbine blade launched

4min
pages 16-17

Showcasing the potental of wind-based electrifcaton

7min
pages 10-13

New Ocean Grid project in the North Sea

2min
pages 26-28

Van Oord orders new vessel to install 20MW ofshore wind turbine

2min
pages 14-15

News in brief

7min
pages 6-9

Naval Dome concludes cyber security project aboard deepwater drilling rigs

3min
page 29
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.