The reports help to consolidate and increase the understanding of ICT security in the sector and may thereby assist in improving robustness in the face of undesirable incidents in the petroleum sector’s industrial ICT systems. Sintef has employed literature reviews and interviews with industry participants and representatives from other sectors and the authorities.
The reports in brief (some of the reports are in Norwegian only):
Data quality in digitalisation processes in the petroleum sector
The aim was to examine which data sources and data are used in industrial ICT systems and how data is handled and processed prior to being made accessible to office networks, as well as strengths and weaknesses in respect of data quality and security.
SINTEF has prepared a memorandum to clarify how ICT security in the petroleum industry is regulated by applicable regulations. The memorandum shows the extent of systems commonly designated as industrial ICT systems and which directly support the operation of facilities and mobile rigs.
Core principles of ICT security in industrial ICT systems
Guidance has been prepared for the Norwegian petroleum industry to supplement the core ICT security principles set out by the Norwegian National Security Authority. Assessment has also been made of the relevance of aspects of the Norwegian Water Resources and Energy Directorate’s power supply regulations and the NIST Cybersecurity Framework. The guidelines are tailored to the solutions typically employed in the petroleum sector, while retaining the flexibility to address the key elements of the petroleum industry’s ambitions for digitalisation.
The report summarises knowledge and recommendations concerning the secure use of model-controlled drilling operations. A special emphasis is given to the quality assurance of models and data therefrom, as well as ICT security and communications between software solutions in drilling operations.
The report describes how digitalisation and the use of cloud services affect industrial ICT systems, and the security solutions that must be implemented to ensure secure use of cloud services. The Petroleum Safety Authority Norway’s regulations are built on a pillar of segregation and independence as strategies for establishing safety and security.
Communications systems for external emergency communications
Sintef investigated the external communications roles that data networks can provide in the event of hazard and accident situations. The report describes challenges involved in the risks and vulnerabilities of data networks and makes specific recommendations for improvements.
Sofe of the reports are in Norwegian only.