If hindsight is 20/20, then disaster prevention usually gets fine-tuned only after the most unfortunate events occur. Such is the overarching objective of the U.S. Bureau of Safety and Environmental Enforcement (BSEE) Oil and Gas and Sulfur Operations in the Outer Continental Shelf-Blowout Preventer Systems and Well Control (or Well Control Rule), which was published in the Federal Register in April of 2016.
But putting in place regulation that seeks to prevent disasters, such as the Deep Water Horizon explosion and spill of 2010, is not a straightforward endeavor. Section 250.720 of the rule covers the issue of Real Time Monitoring (RTM) and requires real-time data from offshore well control equipment to be transmitted to onshore data monitoring centers, and for that data to be ultimately made available to the BSEE. The new requirements, which will go into effect 3 years after the Final Rule publication date in April 2019, require operators to gather, store and transmit data regarding the BOP control system, the well’s fluid handling system on the rig, and the well’s downhole conditions with bottom hole assembly tools.
To the BSEE’s credit, this is the largest safety and environmental protection effort they have undertaken to date. But as with any regulation imposing new technical requirements to massive operating and industrial systems, the industry has its fair share of concerns. Though cost is always on the table as a pain point, the requirement to incorporate real-time data brought up an interesting scenario: that BSEE’s requirement to prevent disaster could possibly expose offshore operations to new ones, such as increased vulnerabilities to cyber attacks. How could this happen? Wouldn’t monitoring BOP control system data give both operators and BSEE extra assurance that two sets of eyes are better than one?
Well, yes and no.
Industry representatives from Chevron, the API, Offshore Operators Committee, NOIA, IPAA, IADC, Pacific Drilling, ENSCO, BP, Shell, XOM, Noble Energy, and Cameron approached the BSEE with the collective concern that connecting industrial control operations to onshore data centers exposes operators to significant cyber threats. And they are right. When you connect industrial control systems to enterprise systems, you open your control centers to the IT/corporate network of the enterprise, which increases the attack surface for potential attackers and saboteurs.
Therefore, additional preventative security must be layered on top of this RTM requirement to ensure the safety and security of not just property and physical assets, but for everything that could be affected by the integrity of the data, including human lives. Sabotage and disaster doesn’t just happen from inside the control systems; interconnecting networks adds a digital channel through which a whole new threat can present itself.
Remote monitoring, not remote control
What is important to realize when connecting operating networks to IT networks, is that the BSEE requires data monitoring, not data management or control. Monitoring data, is an entirely different – and safer – scenario than data management and control. Monitoring requires one sender and one receiver; for data to flow for the benefit of an outside party, not the other way around. Data transmission for monitoring purposes, therefore, is traveling onshore – not from onshore to offshore – and this fact must drive decision making when choosing the best perimeter protection for offshore operations. This is precisely why unidirectional security gateway technology, which prevents remote cyberattacks from entering offshore operations while replicating operational data for monitoring purposes onshore, is the perfect answer to the BSEE’s requirement for real time monitoring.