An alternative methodology using new preventative technology to manage cybersecurity exposure on deepwater drilling rig assets is presented. For the past two years Shell's Deepwater Wells business has been evaluating typical cyber defence approaches and undertaken cybersecurity risk assessments and penetration tests. These activities have demonstrated the challenges attaining cybersecure drilling rig environments. Whilst cyberattacks increase in frequency, adaptability, and become cheaper to launch, regulatory and liability insurance requirements are also evolving. To achieve the goal of cyber-resilience, a major Operator has collaborated with a cybersecurity firm to trial technology for rapidly and reliably protecting deepwater rigs.
The paper presents aspects of the numerous challenges faced and offers a different approach using new technology applied to both supplement and accelerate the attainment of a cyber-resilient environment onboard deepwater drilling rigs. It shares the deep dive lessons learnt leading to a more comprehensive understanding of how to protect drilling rigs and their safety critical control systems. Aside from addressing technical attributes using risk vs. maturity based methods, the approach also caters to business demands of short term rig contracts, managing multi-vendor legacy systems and satisfying increasing digitalisation/remote access needs with associated reductions in overall cybersecurity CAPEX spend.