Page 100 - Intelligent Digital Oil And Gas Fields
P. 100

Instrumentation and Measurement                               69


              cyber-attacks on energy industry targets appear to be of this nature ((Bronk,
              2014; Persons, 2014).
                 The increasing number of threats and vulnerabilities has warranted
              industry practitioners, leaders, and policymakers to raise awareness, develop,
              deploy, and manage solutions to reduce the risk and ensure uninterrupted
              operations of O&G industry assets.



              2.4.2 Cybersecurity Challenges in DOF Systems
              DOF vulnerabilities encompass all the vulnerabilities related to IT systems,
              software, networks, communication, and data systems. The US government
              Cybersecurity Framework (NIST, 2014) provides a great starting point to
              understand all aspects of cybersecurity related to DOF systems. The frame-
              work has five major steps:
              •  Identify all threats, actors, and their motivation.
              •  Set up protective measures against known threats.
              •  Implement all possible means of detection of vulnerabilities, attacks, and
                 attackers.
              •  Defend against intrusions by analyzing the sources and their impact.
              •  After any incident, recover and bring systems back to pristine condition.
              Before ubiquitous Internet connectivity, the systems controlling operational
              processes on the rig, oil field, refinery, or pipeline were closed systems.
              Now, these control systems operate in an open network environment that
              makes them vulnerable to potential threats. The need for an open network is
              required to increase productivity, automated communications from the field
              to the office or remote control centers, and perform a broad range of elec-
              tronic transactions (NPC, 2001).
                 The vulnerabilities in upstream O&G industry include the ones listed
              below.
              •  Physical security: Drilling operations are mostly in remote locations,
                 where a large number of resources (equipment, computing systems, sen-
                 sors, people, etc.) are located. The mere fact that these locations are
                 remote makes them more vulnerable.
              •  Intelligent sensors and devices: Across the upstream O&G life cycle, a
                 large number of intelligent devices are involved in managing all the
                 aspects of operations (drilling, production, etc.). As evident from some
                 recent incidents, these intelligent devices become an entry point for
                 attacks in the network that can cause disruption in the operation of
                 the O&G field.
   95   96   97   98   99   100   101   102   103   104   105