Page 20 - 10. Gi_Dec-Jan2019_LR
P. 20
COUNTERING
CYBER THREATS
TO GAS NETWORKS
The spread of digital technologies in the Managing cyber threats to OT
oil and gas industry is generating exciting requires detailed domain knowledge
new opportunities to improve performance, beyond general IT security. This
protability and sustainability, but brings encompasses traditional oil and gas
operational domain competence as
new safety and security challenges in well as automated, unmanned,
operations, including gas networks. integrated and remote operations,
Petter Myrvang, Information Risk Manager which are accessible online.
for DNV GL Digital Solutions, explains TAILORED GUIDANCE FOR OIL
AND GAS
as transmission system information technology (IT), and the Confronted by the OT/IT cyber
operators are looking at rise of the IIoT, can increase and even security challenge, parties responsible
articial intelligence, the change the vulnerabilities of oil and for the safe and sustainable operation
Industrial Internet of gas assets to cyber attack. of oil and gas assets need to take a
G Things (IIoT), machine Cyber security breaches can lead to holistic approach. The International
learning and augmented reality to see lost production; raised health, safety Electrotechnical Commission’s IEC
how they may improve operational and environmental risk; costly damages 62443 standard covering security for
eciency and safety. For example, claims; breach of insurance conditions; industrial automation and control
some are already integrating digital negative reputational impacts; and loss systems is the rst stop for
technologies into more sophisticated of licence to operate. information on cyber security.
data gathering, analysis and The industry is guarded about the DNV GL’s Recommended Practice
visualisation to maintain, repair and frequency and impact of such (RP) DNVGL-RP-G108, Cyber security in
operate gas networks. breaches, but we are certainly seeing the oil and gas industry based on IEC
DNV GL’s 2018 Industry Outlook cyber security move up the agenda for 62443, provides best practice on how
survey found nearly half (43 per cent) pipeline owners, operators, industry to apply the IEC 62443 standard to the
of more than 800 senior oil and gas associations, and for governments and oil and gas industry, including pipelines.
professionals globally expect their their agencies. Looked at in more The globally-applicable, tailored
organisations to increase spending on detail, the risk arises as critical OT guideline came out of a two-year joint
cyber security this year. Digitalisation network segments that were once industry project (JIP) in response to
1
(75 per cent) and cyber security (68 isolated are now being connected to demand to address how operators,
per cent) are clear investment IT networks. working with system integrators and
intentions over the next ve years. These segments include, among vendors, can manage the emerging
others, supervisory control and data cyber threat. DNV GL initiated and led
GREATER CONNECTIVITY acquisition (SCADA) systems, safety the JIP involving ABB, Emerson,
IMPACTS ON CYBER and automation systems (SAS) and Honeywell, Kongsberg Maritime,
VULNERABILITIES control systems with programmable Lundin, Shell Norway, Siemens, Statoil
Greater connectivity between logic controllers (PLCs): an attractive (now Equinor), and Woodside Energy.
operational technology (OT) and target for hackers (Figure 1). The Norwegian Petroleum Safety
Authority observed the work and
exchanged experiences with the JIP
Cyber security breaches can lead to group from a regulatory perspective.
The RP is relevant for the whole oil
lost production; raised health, safety and gas industry including the
midstream and downstream sectors. It
and environmental risk; costly damages embraces international practices and
claims; breach of insurance conditions; experiences, and considers health,
safety and environmental
negative reputational impacts; and loss requirements, as well as the IEC 61511
of licence to operate standard for specication, design,
installation, operation and
20
CyberSecurityFromDNV_V2.indd 1 15/11/2018 14:29
