There was a time when offshore platforms were secure communities in which production was controlled by closed processes that were isolated from the external world. Not so today. With modern integrated operations, offshore-onshore contact is transparent and may of the processes out on the platform are controlled by onshore personnel via networked PCs.
Oil company data security is inadequate, and production systems are at risk of attack by hackers, viruses and worms.
Integration and onshore control has several advantages but a big disadvantage is a fall in information security. When onshore and offshore networks are linked together, the chances of attacks by viruses and hackers increase.
SINTEF (The Foundation for Scientific and Industrial Research at the Norwegian Institute of Technology (NTH)) scientists who work on system development and security believe that the oil companies and supply industry have done a good job in the field of offshore health, safety and environment (HSE), but that they have not been just as good as far as information security is concerned.
The researchers have carried out in-depth interviews of key personnel in the petroleum sector in order to find out what conditions out on the field are like. The interviews confirm that the number of “safety incidents” on production systems (platforms) has risen during past few years.
“The worst-case scenario, of course, is that a hacker will break in and take over control of the whole platform,” says SINTEF scientist Martin Gilje Jaatun. “Luckily, this has not happened yet, but we have heard of a number of incidents that could have turned into something quite dramatic. For example, virus attacks have led to process electronic equipment becoming unstable.”
Incidents
Platform managers are still able to deal with any incidents that occur on a platform, but the current trend is in the direction of unmanned robot-controlled platforms, which leave electronic equipment more exposed to attack.
“Our interviews have revealed that we lack a short concise plan that would say something about how people should deal with such specific events in their organisations. And while scenario training is often used by offshore companies to reduce risks, such training is seldom employed in the field of information security,” says Jaatun.
“Some of our informants also told us that they were not certain that negative occurrences would lead to learning and changes in future behaviour. They were afraid that any such learning would soon be forgotten.”
The study of offshore information security has shown that there is still a necessity for measures of the effects of efforts to improve security. We need to develop new measurement mechanisms that can demonstrate how different ways of dealing with security contingencies affect conditions such as earning capacity and uptime.
Next Target For Hackers - Oil Platforms?
Related articles
- Finjan Discovers Compromised Business & Customer Data Of 40 Top-Tier Global Businesses
- The NSA Should Use All That Data For More Accurate Airport Waiting Times
- Know Your Cybercrime Enemy- Finjan Unveils The Latest Cybercrime Organizational Structures And Modus Operandi
- Finjan Identifies Trojan 2.0 A New Genre Of Crimeware
- Finjan Discovers More Than 500 Mb Of Stolen Medical, Business And Airline Data On Crimeware Servers In Argentina And Malaysia
Comments