Proceedings magazine is a communication tool for the Coast Guard's Marine Safety & Security Council. Each quarterly magazine focuses on a specific theme of interest to the marine industry.
Issue link: https://uscgproceedings.epubxp.com/i/436751
35 Winter 2014 – 2015 Proceedings www.uscg.mil/proceedings staff knowledge, and documentation, as well as confusion regarding the procedures to handle communication errors. 5 In 2012, workgroup member, the Petroleum Safety Author- ity of Norway, released a self-assessment schema for vessel and rig owners operating on the Norwegian continental shelf, which covered cybersecurity topics grouped into 16 information security baseline requirements. 6 Participants assessed their level of preparedness on a scale from zero to four (zero being the worst score). In the results specif- cally for drilling rigs, the overall average result was 2.4, with 1.5 being the worst score average on one of the information security baseline requirements. 7 Ongoing Security Concerns Unfortunately, an attack on a gas facility partially owned by the Norwegian state oil company in Algeria, in January 2013, showed that Norwegian interests in the oil and gas sector continue to be an attractive target for terrorist orga- nizations. 8 Additionally, one year later, the Norwegian National Secu- rity Authority's annual report listed 15,815 security inci- dents in national networks that year, 50 of which were Gigishots / iStock / Thinkstock serious infltration attempts against critical industrial net- works (an increase from 46 in 2012 and 23 in 2011). The report concluded that enterprises lack awareness about their vulnerabilities, and while commercial security products are widely used, they are usually only capable of handling cybersecurity threats where the vulnerability is known beforehand. However, the report does suggest that third- party organizations could strengthen critical infrastructure and industrial communication systems cybersecurity. 9 A Third-Party Approach For example, hardware-in-the-loop (HIL) testing can be applied to verify functional correctness, failure-handling capabilities, and secure operations. 10 Marine Cybernetics has been applying the HIL testing methodology since 2002 to test advanced marine control systems, such as dynamic positioning, power management, steering propulsion and thrusters, and blow-out prevention and drilling systems. We plan to complement this successful test approach by verify- ing cybersecurity. In line with the guidelines from the Norwegian authorities, we have developed procedures for auditing cybersecurity and establishing an information security policy. For