A Dynamic Positioning MODU Critical Control Systems Communications and Software Reliability Assessment

Abstract

Abstract Objectives/Scope Deepwater drilling units utilize critical Industrial Control Systems (ICS) that may be vulnerable to malicious software attacks. These systems include Dynamic Positioning, Vessel Management, BOP and Drilling Control. Dynamic Positioning Systems are critical to deepwater operations and many software failures pose a risk of environmental and/or economic impact. The objective is to assess a Mobile Offshore Drilling Unit (MODU) systems architecture and communication connections for the possibility of unauthorized access. A review of Software Management of Change (SMOC) procedures as practiced on these vessels is included to determine adherence to any existing procedures or policies. Methods, Procedures, Processes The vast majority of control systems contain dedicated embedded processors. These processors use operating systems that have an extremely low risk with regard to common malicious software. However, many systems have operator Human Machine Interfaces (HMI) that use Microsoft Windows or other vulnerable operating systems. These operating systems represent a risk of vulnerability if not managed appropriately. Newer processors or consoles have USB ports and/are connected via Ethernet or similar communication links that provide an entry point for unauthorized software. There are some systems that connect via remote communication links over the Internet for system data extraction and/or troubleshooting. If these communication links have not been validated as secure, unauthorized access is possible. Results, Observations, Conclusions This paper will present successes in other industries, how they apply to offshore assets, and prioritized areas of a rig's critical control systems. Demonstrated performance of a rig assessment (case study) on one particular unit is presented and how United States (US) and International standards and methods were applied is addressed. Results of the assessment and the remedial actions taken are presented. Relevant standards or methods for conducting an audit are reviewed. Novel/Additive Information Approaches to software reliability management including an "assessment template" that may be applied to a similar unit or production facility are included.