Back to search

PETROMAKS2-Stort program petroleum

Cybersecurity Barrier Management

Alternative title: Cybersikkerhet og barrierestyring

Awarded: NOK 16.1 mill.

The project will develop new knowledge and methods for control and monitoring of cyber attacks on industrial control and safety systems. With several threat actor activity groups targeting the oil and gas sector, the number of publicly known cyberattacks is increasing, revealing a larger threat landscape. Digitalization leads towards new hazard scenarios that must be considered during design and operation of petroleum installations. The Petroleum Safety Authority Norway requires that the industry's commitment to digitalization must help improve security and advocates the use of similar barrier management principles for functional safety and cybersecurity to control major accidents in the Norwegian Petroleum sector. Barriers are safeguards (measures, counter-measures, solutions) which are activated when operations are outside the normal operating envelope. With respect to safety (not including cybersecurity), Norwegian oil and gas companies have developed barrier management systems to prevent and mitigate safety consequences, incorporating technical, operational and organizational barrier elements. The overall project objective is to provide new knowledge and guidance for cybersecurity barrier management as a continuous process during development and operation (including maintenance), covering both technical and non-technical aspects, bridging the safety and cybersecurity domains. Through active participation by two leading oil and gas companies (Equinor and Lundin Energy), workshop participation by more than 20 industry companies, the collaboration with international experts in industrial security and standardisation, and the project team’s interdisciplinary expertise, the project has a great potential to develop ground-breaking new knowledge. The project includes one PhD student at NTNU.

The overall project objective is to provide new research-based knowledge and guidance for cybersecurity barrier management as a continuous process during development and operation (incl. maintenance) of ICS in the petroleum industry, covering both technical and non-technical aspects, bridging the safety and cybersecurity domains. Digitalization calls for novel concepts to be able to exploit the potential in digitalization while at the same time managing a considerable growth in cybersecurity threats. Main challenges addressed in this project are protection of ICS to security threats and software upgrade procedures to ensure that newly discovered cyber-security threats are resolved fast. There is a need to develop new research-based knowledge on establishment and follow-up of cybersecurity requirements for technical as well as non-technical barrier elements, and to investigate and develop new innovative work processes for improved interaction between the office IT systems and ICS. The challenge of mastering the interdependencies between safety and cybersecurity is still significant and will be a major challenge for many years to come. The industry needs more practical guidelines and standardized approaches for integrating the safety and security domain to ensure that cybersecurity does not interfere with the proper safe operation of the production process. There is also a need to build new scientific knowledge on the transition from unidirectional to continuous processes for operation and maintenance of ICS, in a context with a multitude of suppliers.

Publications from Cristin

No publications found

Funding scheme:

PETROMAKS2-Stort program petroleum