Over the past year, various institutions and organizations—both domestic and international—have shown an interest in moving the increasingly prevalent cybersecurity conversation offshore. Domestically, both Congress and federal agencies have pushed to mandate cybersecurity measures for ships, ports, terminals, and offshore facilities. Internationally, a United Nations agency has issued new guidelines designed to enhance cybersecurity in worldwide shipping operations.
Critical energy infrastructure has long been at the forefront of cybersecurity, both because it is a frequent target of cyberattacks and because the potentially debilitating effects of a successful attack. However, maritime cybersecurity regulations will not necessarily target just the energy industry and are likely to come from a variety of sources, some of which may be unfamiliar to industry players.
Despite a strong national interest in regulating the cybersecurity of critical energy infrastructure, the industry’s maritime operations have largely gone under the radar. To date, approaches to cybersecurity in the energy industry’s maritime operations have largely been voluntary and, thus, company- or even vessel-specific. At the same time, global economic growth and the corresponding increase in energy demand have led many energy companies to explore offshore options for replenishing reserves and meeting production needs. Oil and gas producers, in particular, have shown a steadily rising interest in maritime technologies, such as floating production, storage, and offloading vessels and floating liquefied natural gas operations, that can both meet energy demand and align companies with global efforts to reduce emissions. But the rapid adoption of new operational technologies and an increased dependence on networked cyber structures opens the possibility of cyberattacks that could threaten the economy, worker safety, the environment, or national security.
As a new year begins, the energy industry is now facing the prospect of new regulatory oversight of its cybersecurity efforts in maritime operations. The past year revealed a series of indicators that maritime cybersecurity regulation is imminent. Six months ago, the United Nations International Maritime Organization published Interim Guidelines on Maritime Cyber Risk Management, which were drafted with input from representatives of 44 member states, including the United States Coast Guard (USCG). Six months before that, the US House of Representatives sent a bill to the Senate that would require USCG to enforce cybersecurity standards at US ports and in maritime operations. Meanwhile, the two federal agencies with primary jurisdiction over industrial maritime operations—USCG and the Bureau of Safety and Environmental Enforcement—have been speaking out publicly about the need for regulatory involvement in maritime cybersecurity. In 2017, maritime operations are expected to emerge as the next frontier of cybersecurity regulation affecting in the energy industry.
Read the full story here.
Don't miss our latest HSE content, delivered to your inbox twice monthly. Sign up for the HSE Now newsletter. If you are not logged in, you will receive a confirmation email that you will need to click on to confirm you want to receive the newsletter.
23 - 24 Apr 2019
- Kuala Lumpur, Malaysia
Be ahead of the curve
7 Jun 2019
- London, United Kingdom
An introduction to Coalbed Methane from a basic understanding through to exploration, appraisal and development of the resource.
17 - 19 Mar 2020
- Bogotá, Colombia
Call for papers open
23 May 2019
- Moscow, Russia
Exchange state-of-the-art knowledge in HSE and its applicability in the Russian environment.
18 - 22 Mar 2019
- The Hague, The Netherlands
Register your interest
HSE Now is a source for news and technical information affecting the health, safety, security, environment, and social responsibility discipline of the upstream oil and gas industry.
©2003-2019 Society of Petroleum Engineers, All Rights Reserved.