ABS Assesses Offshore Asset Cybersecurity
Increased Internet and remote connectivity to offshore assets has exposed industrial control systems to targeted attacks and vulnerabilities previously obscured. Remote monitoring, remote upgrades, Internet connections and the complexity/criticality of the systems in general on Drillships, FPSO’s, Semisubmersibles and other highly valuable assets potentially facilitate targeted attacks and cyber assaults on Dynamic Positioning, Drilling Control, BOP and other control systems.
ABS Group is directly responding to these threats by offering standards based security assessments specifically for newbuilds, operating assets and retiring assets, performed by certified security practitioners with offshore experience.
According to Cris Dewitt, Director of Technology, Software and Control Systems, “The current industry approach is piecemeal with some suggesting solutions that just don’t work in offshore environments. We’re bringing cybersecurity experts, wrapped in standards-based methodologies, into the oilfield that understand these systems deeply.” DeWitt has over 20 years in the industry, writes and speaks on cybersecurity, presents at multiple conferences a year, and is a Certified Information System Security Professional with extensive knowledge of control systems on offshore assets, system theory and cybersecurity.
“Software integrity is just as relevant as mechanical and structural integrity. Cybersecurity is a large component of software integrity, and if understood and acted upon, can make an asset much safer,” said Tom Nolan, VP of Maritime Services. He added that, “Now, with so many entry points into an asset and with their control systems remotely connected to suppliers, headquarters, and the internet, it’s a feeding frenzy for bad actors.”
ABS Group’s certified experts will develop a security baseline and identify potential gaps based on control system standards and practices, specifically modified to address the intricacies of offshore assets. Owners and Operators may use this information to mitigate vulnerabilities and decrease the risk of compromise on an asset.