ADVERTISEMENT

Control-System Cybersecurity: Staying Ahead of Evolving Threats

The benefits of modern industrial control systems have never been greater. However, as these systems have evolved, the threats to their safe and secure operation have grown. While the return on investment for a complete control-system security audit may be difficult to calculate, the cost of not having a complete plan in place may, if a worst-case condition arises, be impossible to comprehend. A baseline system security image, as a start, allows a vessel owner or operator to understand the security risks.

Introduction

A diver-support-vessel control system suddenly loses position control and begins to drift while the divers below are put in harm’s way. A programmable-logic controller on the vessel’s dynamic-positioning system had entered an error state and flooded the primary and backup control networks with erroneous data, knocking all connected systems offline. Before control is restored, the vessel is 200 m from its station and one diver has been left unconscious on the template bailout and the other is stranded in the diving bell. The unconscious diver is rescued by his companion from the diving bell once the vessel arrives back on station. Is this a scene from a movie? Unfortunately not; it was a recent, real-world failure. Just as unsettling is the fact that the root cause of the network jamming was never identified.

While viruses, Trojans, worms, and backdoors have been generally associated with Web servers, personal computers, and phones with access to the Internet, serious concerns about cyberphysical attacks on industrial control systems have also been raised—attacks that could result in conditions similar to the loss of positional control just described.

Offshore assets with complex operational capabilities, such as floating production, storage, and offloading vessels; drillships; and semisubmersibles, while not necessarily targets for national-security-based malicious attacks, are nevertheless high-value targets whose compromise may have high-consequence results. Control systems onboard the vessel demand real-time operation, interference with which may result in costly and even life-threatening situations.

This article, written by Special Publications Editor Adam Wilson, contains highlights of paper OTC 24393, “Control-System Cybersecurity: Staying Ahead of the Evolving Threats,” by C. DeWitt, ABS Consulting, and J. Ellis, Neodigm Press, prepared for the 2013 Offshore Technology Conference Brasil, Rio de Janiero, 29–31 October. The paper has not been peer reviewed. Copyright 2013 Offshore Technology Conference. Reproduced by permission.
...
This article is reserved for SPE members and JPT subscribers.
If you would like to continue reading,
please Sign In, JOIN SPE or Subscribe to JPT

Control-System Cybersecurity: Staying Ahead of Evolving Threats

01 August 2014

Volume: 66 | Issue: 8

STAY CONNECTED

Don't miss out on the latest technology delivered to your email weekly.  Sign up for the JPT newsletter.  If you are not logged in, you will receive a confirmation email that you will need to click on to confirm you want to receive the newsletter.

 

ADVERTISEMENT

ADVERTISEMENT

ADVERTISEMENT

ADVERTISEMENT

ADVERTISEMENT