Cybersecurity Barrier Management
This project will develop new knowledge, methods and guidance to secure industrial control and safety systems against cyberattacks. With several threat actor activity groups targeting the petroleum sector, the number of publicly known cyberattacks is increasing, revealing a larger threat landscape.
Digitalization leads towards new hazard scenarios that must be considered during design and operation of petroleum installations. The Petroleum Safety Authority Norway requires that the industry’s commitment to digitalization must help improve security and advocates the use of similar barrier management principles for functional safety and cybersecurity to control major accidents in the Norwegian petroleum sector. Barriers are safeguards (measures, countermeasures, solutions) which are activated when operations are outside the normal operating envelope. With respect to safety (not including cybersecurity), Norwegian oil and gas companies have developed barrier management systems to prevent and mitigate safety consequences, incorporating technical, operational and organizational barrier elements.
The overall project objective is to provide new knowledge and guidance for cybersecurity barrier management as a continuous process during development and operation, covering both technical and non-technical aspects, bridging the safety and cybersecurity domains.
Project deliverables will provide knowledge for revision of guidelines to PSA regulations, further development of IEC standards such as IEC 61508, IEC 61511 and IEC 62443.
The project is supported by the PETROMAKS 2 program in the Research Council of Norway and by Aker BP and Equinor.