Deverg.global

View Original

Cybersecurity Compliance with Global Oil, Gas & Renewables company

Our client turns natural resources into energy for 170 million people worldwide. They are operating in 36 countries leveraging strong synergies between oil, gas, renewables, carbon capture and hydrogen.
Committed to long term value creation, our client is creating lasting changes in how the industry works. They do this by constantly innovating to simplify and standardise their activities with which they will break new ground and devise new ways of working in a smarter, better, and simpler way.

The Challenge

Our client plans to integrate a DrillTronics system into its drilling operations. The system automates the drilling process and allows drillers to improve the efficiency and safety of their operations. This is accomplished by monitoring drilling progress and taking remedial action ranging from safety changes to a complete halt of the drilling process to avoid serious problems.

The system, after integration, should implement a set of security requirements (taken from IEC 62443) provided by the client. The main goal of the requirement is to protect the system from security attacks that could have consequences such as:

  • Potential loss of life or production

  • Environmental damages

  • Regulatory violations

  • Compromise of a safety system

The Solution

Deverg conducted the following activities to help the client ensure compliance with their security requirements: 

  • Developed an inventory of assets (System Under Consideration). Conducted High-Level risk assessments to identify areas of high risk and provide recommendations on how to mitigate these risks

  • Grouped assets into zones and conduits as recommended by IEC 62443

  • Assigned Target security levels to zones (SL-T). Conducted further detailed level risk assessments

The Result

By helping our client implement their security requirements and handle identified risks, the damaging consequences related to production, health, safety, and the environment caused by cybersecurity attacks can be avoided or reduced to a minimum.