Cybersecurity of Offshore Oil and Gas Production Assets Under Trending Asset Digitalization Contexts: A Specific Review of Issues and Challenges in Safety Instrumented Systems

Abstract

Due to the rapid digitalization of offshore oil fields and production platforms, diverse technological solutions, products, and application software have begun to appear both in upstream and midstream processes raising new organizational and operational challenges. The potential effects of these digital technologies driven developments have also been generating concerns, particularly in safety, security, and regulatory terms. Both hardware and software related changes and challenges in sensitive systems such as safety instrumented systems (SIS) can expose a production asset to new forms of risks. Hence, diverse aspects of cybersecurity have gained serious attention from authorities, operators, and service providers, particularly due to increasing general tendencies of major cyber-attacks on high-risk industrial assets, as well as their significant impact on safety, production, and asset economics terms. A SIS in an offshore oil and gas production asset has a critical role towards its safety integrity level (SIL). In general, a SIS consists of specific safety assurance instruments and pre-defined safety functions that are tightly coupled to detect, prevent, or mitigate hazardous situations ensuring process safety. Under the current industrial contexts of major changes within the offshore oil and gas production sector, partly due to unavoidable commercial changes and partly due to rapid technological developments, a better understanding of the cybersecurity exposure potentials of SIS is quite important to mitigate unwanted events and incidents. Under such circumstances, this paper explores critical issues and challenges related to cybersecurity of SIS as an extended step of a research study done in collaboration with industrial partners. It assesses the current actual status, requirements in governing standards and guidelines, and identifies some dangerous failure modes of SISs that need due security-oriented attention in a continuous asset digitalisation process. Towards the end, the paper defines and elaborates in-depth on specific issues and challenges relating to cybersecurity of SIS. Moreover, it identifies and reflects on generic initial steps that can be taken for assurance of cybersecurity of SIS within offshore oil and gas production assets to ensure necessary safety and security integrity levels under rapidly changing industrial contexts.