DNV GL’s new DNVGL-RP-G108 cyber security aims to help the operators, system integrators and vendors to manage and prevent emerging cyber threat in the oil and gas industry, which is caused due to the increased digitalisation in the sector across the world
According to the Ponemon Institute’s recent research, almost 68 per cent of oil and gas companies were affected by at least one significant cyber incident in 2016, with many attacks assuming to be undetected or unpublished.
The increasing use of digitalisation in the oil and gas sector is causing cyber risks to emerge. The critical network segments in isolated production sites are now connected to networks, making the operational technology (OT) more vulnerable. According to recent research, 59 per cent of oil and gas companies, which were surveyed, believe there is greater risk in the OT than the IT environment.
DNV GL said that in order to manage cyber threats towards OT, companies require knowledge beyond general information security, such as operational domain competence, particularly related to automated, unmanned, integrated and remote operations which are accessible online.
The new DNV GL recommended practice (RP) has been designed to outline a tailored approach on how to build security, with the emphasis on OT. Resulted from a two-year-long joint industry project (JIP) together with the company’s international partners, the RP is based on the IEC 62443 standard, professional experience and other globally recommended functional safety standard.
Pal Borre Kristoffersen, JIP project manager of DNV GL oil and gas, said, “The new RP, developed in collaboration with key players, puts OT, together with IT, in the limelight, so the oil and gas industry can protect their operations.”
He further added, “Industry players need confidence that security countermeasures can deal with more frequent and sophisticated cyber-attacks, which are becoming increasingly costly and harder for companies to recover from. Dealing with cyber-security challenges has become a key focus area for the oil and gas sector, and there is greater awareness of the requirements that need to be in place.”
According to the company, the RP is aimed at achieving a reduced risk of cyber-security incidents, cost-savings for operators, contractors and vendors by reducing the resources and simplified audits for authorities and auditors due to common requirements and common conformance claims.
The JIP includes Shell Norge AS, Statoil, Woodside, Lundin Norway, Siemens, Honeywell, ABB, Emerson and Kongsberg Maritime.