The main objective is to obtain knowledge about risks, threats, vulnerabilities, and the importance of ICT security for industrial systems. Due to digitalization, the distinction between industrial ICT systems and administrative IT systems is getting blurred, and cyber-attacks on administrative systems can be a steppingstone towards attacks on industrial ICT systems. The reports will contribute to increased understanding of ICT security and promote robustness against cyber-attacks in the petroleum industry.
The reports in brief:
Data Quality:
The purpose is to investigate which data sources and data are used in industrial ICT systems and how data is processed and processed before they are made available in the office network. Strengths and vulnerabilities related to data quality and data security will be discussed.
Memo - ICT Security in the Petroleum Industry:
SINTEF will prepare a memo clarifying how ICT security in the petroleum industry is regulated in current regulations. The memo will provide an overview of industrial ICT systems supporting the operation of installations and mobile rigs.
Recommended Practice ICT Security:
A guideline for ICT security of industrial ICT systems in the petroleum sector will be prepared. The guideline will be designed as an addendum to the principles for ICT security published by The Norwegian National Security Authority.
Model Controlled Operations:
The report will summarize knowledge and recommendations for protection of safety and security when models of drilling systems and processes are used for automation and control. Emphasis is placed on quality assurance of models and communication between software solutions.
Premises for Digitization and Integration IT - OT:
The purpose is to describe and assess how digitalisation and use of cloud services may affect safe operations of industrial ICT systems. SINTEF will present security solutions for protection of safety in cloud services.
Communications Network:
SINTEF will investigate the role of computer networks in external communication during undesirable incidents. The report will describe challenges related to risk and vulnerability in the computer networks and suggestions for improvements.