3 minute read
Naval Dome concludes cyber security project aboard deepwater drilling rigs
Naval Dome concludes cyber security project
NAVAL DOME AND THE OFFSHORE DIVISION OF A SUPERMAJOR HAVE COMPLETED A JOINT PROJECT TO IDENTIFY AND MITIGATE CYBER RISKS COMMON TO OFFSHORE DEEPWATER DRILLING RIGS.
More advanced solutions are needed to better protect an offshore platform from cyber-attack.
Photo courtesy of Naval Dome.
Findings from the two-year project, culminatng in the installaton and pilot testng of Naval Dome’s Endpoint cyber defence system aboard drilling rigs in the Gulf of Mexico, indicate that the minimum industry guidelines, regulatons and security techniques are out of step with current platorm technology, connectvity requirements and cyber-atack methodology.
Shortfalls and challenges
In a joint research paper presented at the recent OTC Houston conference, the authors state, “Actvites over two years have demonstrated shortalls and real challenges that need to be addressed if we are to create a more cyber-secure deepwater drilling rig environment.” In presentng the Cyber defence of Ofshore Deepwater Drilling Rigs paper to conference delegates, Adam Rizika, Head of Strategy of Naval Dome, says, “Where systems installed on ofshore platorms had traditonally been isolated and unconnected, limitng cyber hack success, the increase in remote monitoring and autonomous control, IOT, and digitalisaton has made rigs much more susceptble to atack.”
Simulation
Going on to reveal how the test rigs’ OT (operaton technology) networks were penetrated using a sofware installaton fle for dynamic positoning (DP) and workstaton charts, Mr Rizika, explained that Naval Dome simulated an OEM service technician unwitngly using a USB stck with malicious sofware containing three zeroday exploits. “The modifed fle was packaged in a way that looked and acted like the original one and passed ant-virus scanning without being identfed as a cyberatack or picked up by the installed cyber network trafc monitoring system”, he explains. Although the atack was carried out internally, Mr Rizika noted remote executon was feasible using the rig’s externally facing network connectons. “Penetraton testng confrmed how a targeted cyber-atack on a deepwater drilling rig could result in a serious process safety incident, with associated fnancial and reputatonal impact”, he adds.
Purpose-built solutions are needed
In the paper, the authors state that pilot tests confrm traditonal, ‘perimeter type’ IT transplanted OT cyber security solutons, such as ant-virus, network monitoring and frewalls, are not enough to protect critcal safety and processing equipment from atack, leaving rigs vulnerable. “It is abundantly clear that more advanced purpose-built solutons are needed to beter protect an ofshore platorm from exposure to external and internal cyber-atacks, whether targeted or otherwise”, reports Mr Rizika. The paper goes on to highlight a shortage of OT cyber domain skilled staf, regulaton and controls that are slow to evolve and be implemented, an IT-centric approached being applied to an OT environment, and a mismatch between drilling rig systems and equipment and their supportng sofware. Mr Rizika states, “Although industry guidelines and regulatons ofer minimum standard requirements, we found the advancement in rig technology, connectvity and cyber-atack methodology has outpaced the regulatons, driving the need for a more comprehensive approach.”
No expensive upgrades needed
Commentng on the project’s fndings, Naval Dome’s Chief Executve Ofcer Itai Sela, states, “The project and successful pilot testng of a mult-layer cyber defence soluton aboard these rigs has demonstrated that both new and legacy OEM systems can be beter protected from internal and external cyberatack vectors, without the need for expensive equipment upgrades, or higher overheads that lead to an increase in total cost of ownership. Results to date demonstrate that the endpoint system is robust and can operate without interfering with ongoing rig operatons. The cost of upgrading the obsolete systems is high, and even if upgrades are undertaken vulnerabilites can stll remain.” By approaching the problem diferently, Naval Dome and the oil major believe that the atainment of a cyber resilient environment can be accelerated onboard ofshore installatons at a critcal tme for the industry.
