Today the Bureau of Safety and Environmental Enforcement
(BSEE) published a proposed rule in the Federal Register (78 FR
52239-52284) that would revise the regulation of production safety systems
for Oil and Gas and Sulphur Operations on the Outer Continental Shelf. This is
a very complex rule with most of it being outside my professional comfort zone,
but I am concerned that I can find no mention of any requirements for
cybersecurity to protect these critical safety systems.
There are numerous references to various control systems and
monitoring systems that are integral parts of the safety systems controlled by
these regulations. Because much of the monitoring and control involved in these
systems is done remotely these systems are potentially vulnerable to remote
cyber-attacks. A successful cyber-attack on these safety systems, either in
conjunction with other attacks on the platforms or as stand-alone attacks on
the safety systems could have catastrophic consequences.
The failure to specifically address the electronic and
physical security of these safety systems makes no sense, particularly when
there have been well documented efforts made to compromise control systems in
the oil and gas industry.
Posts
No comments:
Post a Comment