The drilling operation now enjoys high levels of automation with integrated control systems being responsible for the safety, reliability and performance monitoring of everything from drilling and BOP control to dynamic positioning and power management.
With these advanced systems come advantages but also emerging challenges. Due to the increasingly complex nature of new generation rig control systems, the need for effective and reliable auditing, verification of performance and safety compliance is essential.
Utilising highly qualified and experienced Control System engineers supplemented by training from ADC’s Virtual Academy and Original Equipment Manufacturers, ADC’s Control System division are recognised as specialists in inspecting and auditing drilling and marine-related control systems and software covering all systems from modern land rigs through to 7th Generation Ultra Deepwater Drillships.
With years of experience in the field, ADC’s Control Systems Inspection Division has proven to be of major advantage to clients, credited with identifying and resolving a broad range of issues prior to acceptance of new build and in service rigs and identifying major potential sources of downtime across a broad spectrum of rig types and systems.
Whether evaluating a new-build rig or retrofitting advanced systems into an older rig, ADC’s unique synergy of drilling experience and control system expertise is here to ensure maximum efficiency and safety whilst significantly reducing costly downtime.
FOR A LIST OF SERVICES PROVIDED AND REGULATIONS COMPLIED FOLLOW THIS LINK:
A digital revolution has taken place within the Oil and Gas industry where sensor and networking technologies and integrated control system frameworks now dominate the infrastructure of modern drilling environments. The obvious benefits of this revolution have been to deliver significant advances in the areas of increased safety and improved production. However, the less obvious consequences have been the creation of a whole range of cyber threats and vulnerabilities which in turn have increased the risk vector throughout upstream, midstream and downstream operations.
Today, according to industry sources, there has been an estimated rise of 250% in reported control system incidents over the last four years. A recent survey conducted by Tripwire (a leading global provider of endpoint detection and response, security and compliance solutions) revealed 77% of energy sector respondents had seen an increase in successful cyber attacks in the past 12 months. These attacks have not only grown in stature, but also in sophistication, making them much more difficult to detect and defend against.
Aboard today’s modern drilling rigs there is a very clear and present threat posed to production, safety and the wider environment. It is believed that less that 15% of operational platforms have had a specific cyber audit to ascertain their vulnerability to attack, with less than 10% undergoing a deeper sweep of systems and software to detect back doors, malware and other nefarious cyber hazards. A recent study conducted by DNV GL focusing on operations on the Norwegian Continental Shelf identified the following top ten cyber security vulnerabilities:
1. Lack of cyber security awareness and training among employees.
2. Remote work during operations and maintenance.
3. Using standard IT products with known vulnerabilities in the production environment.
4. A limited cyber security culture among vendors, suppliers and contractors.
5. Insufficient separation of data networks.
6. The use of mobile devices and storage units including smartphones.
7. Data networks between on and offshore facilities.
8. Insufficient physical security of data rooms, cabinets, etc.
9. Vulnerable software.
10. Outdated and ageing control systems in facilities.
In response to this hazardous new environment ADC Cybersecurity Services offer clients a comprehensive and unique 6 point Cyber Security Audit designed to effectively expose and mitigate this new and unfamiliar category of risk:
ADC CYBER SECURITY AUDIT INCLUDES:
1. RISK ASSESSMENT OF SECURITY POLICIES
2. SYSTEM VULNERABILITY ASSESSMENT
3. DATA ACCESS SECURITY AUDIT
4. NETWORK HEALTH STATUS INSPECTION
5. ASSESSMENT OF THIRD PARTY ACCESS
6. SOFTWARE CHECK
ADC Cyber Inspection teams consist of professionals drawn from the global cyber community and as such are able to apply a unique holistic approach to their inspections, particularly essential when dealing with ‘cyber warriors’ and hackers. Our teams identify and categorise the differing levels of risk found and can provide effective management protocols to respond to, and recover from, present and future cyber events.
& SOFTWARE SERVICES
- Vendor software process assessment.
- Factory Acceptance Testing of software.
- Software Management Processes.
- Software Management of Change.
- Software Security.
CONTROL SYSTEMS INSPECTED:
- Drilling Control.
- BOP MUX Control Systems.
- Fire and Gas.
- Motion Compensation.
- Vessel Management.
- Bulk Systems.
- Bilge and Ballast.
- Dynamic Positioning.
- Power Management.
- Remotely Operated Vehicles.
- Jacking Systems.
- FMEA review, witness and gap analysis.
- Identification of single point failures and human barriers.
- Tubular Handling Surveys: Conducted in conjunction with HSE Department to evaluate the Tubular Handling, people, processes and equipment from supply boat to well centre. These typically inspect, rig equipment condition, control systems, operational procedures, equipment maintenance, Crew Competence and Management Systems.
- Acceptance test plans for control system equipment.
- Systems Integration Testing – Involving all rig equipment operated in operational scenarios to demonstrate capability.
- Evaluation of control systems operational processes and procedures.
- Evaluation of anti-collision systems for safe and optimal performance.
- Development of control system training manuals and checklists.
- Operational support for new, innovative or poorly documented control systems.
- Support of jack up rig moving operations by provision of jacking systems expertise.
- Policies and procedures relating to advanced control systems.
- Management of Change.
- Management of System Overrides.
- Management of Alarms.
- Management of non-standard operating modes.
- Alarm Analysis – Alarm records are evaluated in order to provide information on the health of both the equipment under control and the control system.
- Review of Maintenance procedures and records relating to control systems.
- Utilizing detailed system knowledge, ADC can assist in incident investigation by conducting a system evaluation and utilize combinations of alarm records, I/O logs and replay facilities to provide an electronic picture of events.
Rigs evaluated for compliance with:
- DNV and NORSOK Regulations
As a sample, ADC has proven experience with the control systems and automation systems of the following rig equipment manufacturers:
- NOV, CYBERBASE, AMPHION
- CAMERON, TTS, X-COM
- MH WIRTH, DRILLVIEW
- BENTEC, INFODRILL
- HONG HUA
- EXCEL MARCO