DCS; Industrial control system
Product
Article
NameDescriptionContent
English 简体中文
NEW CENTER
Current Location:
Home >> journalism >> Cybersecurity Preparedness for Oil, Gas and Petrochemical Operations

Cybersecurity Preparedness for Oil, Gas and Petrochemical Operations

From:automation | Author:H | Time :2024-11-27 | 170 Browse: | Share:



Figure 1: The ISA/IEC 62443 series of standards addresses all entities involved in the protection of operating facilities. Visit ISA.org for the most up-to-date information. Source: ISA

“The series approaches the cybersecurity challenge in a holistic way, bridging the gap between operations and information technology, and between process safety and cybersecurity,” said Ristano.

According to an ISAGCA whitepaper, “Many organizations (especially very large ones) have established policies and procedures governing the IT security in their office environment; many of these are based on ISO/IEC 27001/2 [27001] [27002]. Some have attempted to address their operational technology (OT) infrastructure under the same management system and have leveraged many IT/OT commonalities.

“Although it would be ideal to always select common controls and implementations for both IT and OT, organizations have been confronted with challenges in doing so: the locking of an OT operator screen creating unsafe conditions, antivirus products incompatible with OT equipment, patching practices disrupting production schedules, or network traffic from routine backups blocking safety control messages. The ISA/IEC 62443 Series standards explicitly address issues such as these; this helps an organization to maintain conformance with ISO/IEC 27001 through common approaches wherever feasible, while highlighting differences in IT versus OT approach where needed.”

The whitepaper offers guidance for organizations familiar with ISO/IEC 27001 and interested in protecting the OT infrastructure of their operating facilities based on the ISA/ IEC 62443 series. It describes the relationship between the ISA/IEC 62443 series and ISO/ IEC 27001/2 and how both standards may be effectively used within one organization to protect both IT and OT.



PETRONAS leverages ISA/IEC 62443

PETRONAS, Malaysia’s national oil and gas company, is a dynamic global energy group with presence in more than 100 countries. According to Sharul A. Rashid, PETRONAS GTS head of technical excellence and group technical authority for instrumentation and control, the enterprise-wide cybersecurity program for PETRONAS started in 2018.

“A five-year roadmap toward building an institutionalized capability in OT cybersecurity was crafted and subsequently approved in 2019,” said Rashid. “The institutionalized capability-building program was established mainly to create a culture of cybersecurity and to ensure the ongoing suitability and competence of personnel commensurate with the risk to critical infrastructure. The organizational objectives were: responsibilities; workforce controls; knowledge, skills and abilities; and awareness.

At that time, the task force consisted of Sharul, principal instrument and control (I & C) engineers Azmi Hashim and Michael Ng Chien Han, and senior I & C engineer Ping Yang. All four men helped shape and steer the PETRONAS OT cybersecurity program.

In November 2020, PETRONAS became a founding member of ISAGCA. By February 2021, it started attending ISAGCA Government Relations—Asia Pacific meetings. “We learned that ISAGCA aspired to designate and reference the ISA/IEC 62443 standard in a country’s law and regulatory policy. So, for Malaysia, we started our efforts to support that,” said Rashid.

OT Risk Management for PETRONAS is based on the ISA/IEC 624443-3-2 Standard, said Ng Chien Han. “Cyber risk of an OT system is established by evaluating the business impact of that system, if it is compromised, and the likelihood of that compromise happening. Business impact is evaluated from the lens of how it affects people, environment and assets, as well as the company’s reputation. The likelihood is established via control compliance in addressing threats from a cyber security threat register,” he explained.

In September 2023, “PETRONAS reached a milestone by—for the first time—executing a cybersecurity risk assessment as part of the engineering design stage of a capital project,” Rashid added. “Through the risk assessment, the Security Level Target (SLT) of each OT system of the project was established. This exercise provided the EPCC (Engineering, Procurement, Construction, and Commissioning), OT, and OT vendors with detailed security specifications for the systems being designed. The specifications to be delivered are from the ISA/IEC 62443-3-3 system security requirements and security levels standard in addition to the PETRONAS technical standards,” he explained.

PETRONAS has made good use of the wide range of cybersecurity resources that ISA offers (see sidebar). “Utilizing the ISA/ IEC 62443 standards in engineering design has helped advance cybersecurity discussions with the OT vendors in delivering secured-by-design OT systems. It has also helped PETRONAS as a tool to strengthen the cybersecurity awareness and practices of its partners and collaborators,” said Rashid.

ISA offers multiple levels of OT cybersecurity training courses. Students who complete the courses and associate exams can earn certificates that demonstrate their growing cybersecurity maturity. Source: ISAGCA.

  • ALSTOM COP232.2 VME A32/D32, 029.232 446 controller unit
  • GE 151X1235DB15SA01 Gas turbine controller
  • Abaco VP869 FPGA Card
  • Abaco VP868 FPGA Card
  • Abaco VP780 FPGA Card
  • Abaco VP680 FPGA Card
  • PC821 PCIe FPGA Card
  • Abaco PC820 FPGA Card
  • Abaco PC720 FPGA Card
  • Abaco FlexVPX Backplane
  • Abaco VP880 / VP881
  • Abaco VP889 FPGA Board
  • Abaco VP430 RFSoC Board
  • Abaco VP460 Direct RF Processing System
  • Abaco VP431 RFSoC Board
  • Abaco VP461 6U VPX Xilinx UltraScale
  • Abaco VP891 3U VPX FPGA Processing Card
  • Abaco TM-683 2 PMC rear panel I/O transition module for 6U CPCI
  • Abaco CPCI-100A-FP 2-slot IndustryPack carrier for 3U CPCI systems
  • Abaco BIO-4 Rear transition card for the CPCI-200A IP carrier
  • Abaco VME-4116 VME Analog I/O Output Boards
  • Abaco VME-4140 VME Analog I/O Output Boards
  • Abaco VME-3122B VME Analog I/O Input Boards
  • Abaco VME-3113B Scanning 12-bit Analog-to-Digital Converter with Built-in-Test
  • Abaco Vme-4132 VME Analog I/O Output board
  • N-Tron® NT24K-14FXE6-SC-80 Managed 14-Port Gigabit Industrial Ethernet Switch
  • N-Tron® 7012FXE2-SC-40 Managed 12-port Industrial Ethernet Switch
  • N-Tron® NT24K-11GX3-SC-PT Managed 11-Port Gigabit Industrial Ethernet Switch
  • N-Tron® NT24K-14FXE6-SC-15 Managed 14-Port Gigabit Industrial Ethernet Switch
  • N-Tron® 7018FXE2-SC-15 Managed 18-port Industrial Ethernet Switch
  • N-Tron® NT24k 24-Port Rackmount Gigabit Managed Industrial Ethernet Switch
  • N-Tron® NT24k 24-Port, Dual Redundant VDC Power Input, Rackmount Gigabit Managed Industrial Ethernet Switc
  • N-Tron® NT24K-10FX2-SC Managed 10-Port Industrial Ethernet
  • N-Tron® NT24K-12SFP-DM4 Managed 12-Port Gigabit Industrial Ethernet Switch
  • N-Tron® NT24k 16-Port, Single Redundant VDC Power Input
  • N-tron SLX-6ES-5SC Unmanaged 6-port industrial Ethernet switch
  • NT24k® 10FX2-POE Managed PoE+ Gigabit Ethernet Switch
  • N-Tron® 105FXE-SC-15-POE-MDR Unmanaged 5-port PoE Switch
  • Sixnet® SL-8ES-1 Unmanaged 8-port Industrial Ethernet Switch
  • N-Tron® 106FX2-SC-MDR Unmanaged 6-port Industrial Ethernet Switch
  • Sixnet® SLX-9ES-3SC Unmanaged 9-port Industrial Ethernet Switch
  • N -Tron® 710FXE2-ST-80 Managed 10-port Industrial Ethernet Switch
  • N -Tron® 712FXE4-SC-15-HV Managed 12-port Industrial Ethernet Switch
  • N -Tron® 712FXE4-ST-15-HV Managed 12-port Industrial Ethernet Switch
  • N -Tron® 709FXE-SC-40 Managed 9-port Industrial Ethernet Switch
  • ABB IEMMU21 Module Mounting Unit
  • ABB CMA120 3DDE300400 Basic Controller Panel Unit
  • Bently Nevada 2300/20-RU 2300/20-CN Monitoring controller
  • A-B 4100-234-R IMC™ S Class Compact Motion Controllers
  • B&R Power Panel 300/400
  • ADLINK cPCI-3840 Processor module
  • ACQUISITIONLOGICAL81G -2
  • HIMA K1412B PLC Module
  • IS200VTCCH1CBD GE Speedtronic Turbine Control PCB board
  • TRICONEX 4200 Digital Output Module
  • DEIF SCM-1 PCB CARD Module
  • HIMA F3DIO20802 controller plc F3DIO20802
  • HIMA B5233 PLC Module
  • HIMA B5322 PLC Module
  • HIMA F7105A PLC Module
  • HIMA F7150 PLC Module
  • HIMA Z7308 PLC Module
  • HIMA F60 PS01
  • TRICONEX 4409 PLC Module
  • F8651X HIMA Central module F8651X
  • HIMA-6E-B HIMA-6E-B Large System Controller
  • HIMA P8403 PLC Module
  • F8621A HIMA communication module
  • IS200VRTDH1D GE Mark VI Printed Circuit Board
  • ABB NIACO2 PLC Module
  • ABB NIAMO1 PLC Module
  • HIMA F8652 98465266 PLC Module
  • F8652X HIMA Central module
  • HIMA 62100
  • HIMA 99-7105233 B5233-1 NSMP
  • ABBSPAD 346 C3-AA
  • ABBREF543KM127BABB
  • ABB 0-63007 M003742626
  • Abb FET3251A0P1B3C0H2M
  • ABB 3HAB8800-1
  • ABB 3AUA266001B166
  • ABB3HNM07686-1
  • ABB PQF4-3 TAS
  • Honeywell 30735863-502 - SWITCH
  • Honeywell TK-CCR014 - REDUNDANT NET INTERFACE NEW ORIGINAL FREE EXPEDITED SHIPPING/
  • Honeywell 51403165-400 - new 51403165400/
  • Honeywell318-049-001 quot100 Batteries(Japan Liion2Ah14.8Wh)INTERMEC/ PR2,PR3 P/N
  • Honeywell FC-PSU-UNI2450U - Power Supply
  • Honeywell 965-0676-010 - WARNING COMPUTER SV
  • Honeywell 51403519-160 - Module
  • Honeywell 107843 - HOUSING CARBON FILE P/N NE COND # 11438 (4)
  • Honeywell VR434VA5009-1000 - Brand new in box Condensing boiler valve DHL fast shipping
  • Honeywell SPXCDALMFX - plc new FREE EXPEDITED SHIPPING/
  • Honeywell BCM-PWS - BCM-ETH BCM-MS/TP BCM-MS/TP Network controller setFedEx or DHL
  • Honeywell YSTR12D-22/C/-2J0DFA/BE/400/T/-CM.HO.TG.SB.SM,ZS,F1,LP,/FX/,1C-BT - UNMP
  • Honeywell IWS-1603-HW - 90-250VAC 1.0A UNMP
  • Honeywell 51304386-150 - MEASUREX Factory Packed
  • Honeywell CC-PFB401 - / CCPFB401 (NEW IN BOX)
  • Honeywell 50071726 - St 800 Series Pressure Transmitter Remote Diaphragm 11-42VDC
  • Honeywell 621-2150 - / 6212150 (NEW NO BOX)
  • Honeywell 80360206-001 - USED YAMATAKE CLI BOARD
  • Honeywell BMDX001A-001 - ACCURAY / BOARD BMDX001A001
  • Honeywell XCL8010A - New CPU Controller.
  • Honeywell PGM-7320 - 1PCS NEW Rae Systems MiniRAE 3000 Portable VOC Monitor#XR
  • Honeywell BK-G40 - U65 *FULL INSTALLATION* Gas Meter 3?± Inlet/Outlet Spool NEW UNUSED
  • Honeywell DM106-0-B-00-0-R-1-00000-000-E0 - DPR100 250V NSNP
  • Honeywell KFD840 - PRIMARY FLIGHT DISPLAY CORE PN: 066-01206-0104
  • Honeywell 51401914-100 - 51400996-100
  • Honeywell C7012A1145 - 1PC New UV Flame Detector Expedited Shipping
  • Honeywell OV210 - Baxter Bakery Oven Igition Control. For DRO. 00-616973 NEW
  • Honeywell 51304431-125 - 1PC New /51304431125 1 year warranty#XR
  • Honeywell QPP-0002 - Quad Processor Module / 5 Vdc / Massima 1.2A/24Vdc/max.25mA
  • Honeywell QPP-0002 - Quad Processor Module / 5Vdc / Max. 1.2A/24Vdc/max.25mA
  • Honeywell 8C-PCNT02 - 514543363-275 module
  • Honeywell DPCB21010002 - Tata Printed Circuit Board
  • Honeywell DPCB21010002 - Tata Printed Circuit Board Rev: 0
  • Honeywell 001649-M5T028 - Tata Printed Circuit Board Rev: 0
  • Honeywell YSTD924-(J2A)-00000-FF,W3,TP,TG,SS - NSFS
  • Honeywell XF523-A - / XF523A (NEW IN BOX)
  • Honeywell TK-PRS021 - NEW IN STOCK ship by UPS
  • Honeywell 2MLR-AC22 - " 2mlr-dbsf,2mlf-ad4s,2mlf-dc4s,2mlr-ac22 Rack"
  • Honeywell 9436610 - MEASUREX NSMP
  • Honeywell RT10A-L0N-18C12S0E - RT10A.WLAN.IN.6803.CAM.STD.GMS
  • Honeywell 51305896-200 - P:C1 Rev D Nim Modem - FAST SHIP BY Fedex
  • Honeywell TK-FTEB01 - PCL module Brand New Fast Shipping By DHL
  • Honeywell 8694500 - Measurex Control Processor Module
  • Honeywell DR4500 - Truline and DR4300 Circular Chart Recorder
  • Honeywell EC-7850-A-1122 - / EC7850A1122 (NEW IN BOX)