Abstract
Oil rig systems are frequently assumed to be isolated from external networks, securing them from malicious software attacks. Integrated operations and media and device mobility undermine this assumption. A successful attack on a drilling operation could be devastating in human, environmental, economic and reputational terms. Several threat sources can easily be identified. We therefore propose the use of Causal Bayesian Networks to analyse probable attack strategies on a managed pressure drilling (MPD) system, where the attacker aims to maximise impact, while minimising attribution. Our results can be used to inform company representatives and operators of likely risks and highlight requirements for the successful diagnosis and recovery of well control incidents stemming from cyber causes.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Anecdotal evidence from private conversation indicates that \(>\)80 % of malicious software found on oil rigs arrives through mobile devices and removable media.
- 2.
Extrusion of a salt bed into a sedimentary layer.
- 3.
The complete study is available on request.
- 4.
Bubbles of gas appear in the mud flow.
- 5.
Probabilities are calculated by taking the product of the posteriors of the preceding nodes with the priors of the current node.
References
Read, C.: BP and the Macondo Spill: The Complete Story. Palgrave Macmillan, New York (2011)
Bea, R.: Final Report on the Investigation of the Macondo Well Blowout. Technical report, Deepwater Horizon Study Group, Department of Civil and Environmental Engineering, University of California Berkeley, Berkeley, CA, USA, March 2011
Hempkins, W.B., Kingsborough, R.H., Lohec, W.E., Nini, C.J.: Multivariate statistical analysis of stuck drillpipe situations. SPE Drill. Eng. 2(3), 237–244 (1987)
Dunn-Norman, S., Erickson, K.T., Cetinkaya, E.K., Stanek, E.K., Miller, A.: SCADA system trends in deepwater developments. In: Rio Oil & Gas Expo and Conference, Rio de Janeiro, Brazil, Brazilian Institute of Oil, Gas and Biofuels, pp. 1–8, October 2000
Skogdalen, J.E., Utne, I.B., Vinnem, J.E.: Developing safety indicators for preventing offshore oil and gas deepwater drilling blowouts. Saf. Sci. 49(8–9), 1187–1199 (2011)
Zengkai, L., Yonghong, L., Ju, L.: Availability and reliability analysis of subsea annular blowout preventer. Adv. Inf. Technol. Comput. Sci. 25, 73–76 (2013). Special Issue: Proceedings of the 2nd International Conference on Energy (ICE 2013), Beijing, China
Johnsen, S.O., Aas, A., Qian, Y.: Sector-specific information infrastructure issues in the oil, gas, and petrochemical sector. In: Lopez, J., Setola, R., Wolthusen, S.D. (eds.) Critical Infrastructure Protection. LNCS, vol. 7130, pp. 235–279. Springer, Heidelberg (2012)
Falliere, N., O Murchu, L., Chien, E.: W32.Stuxnet Dossier. Technical Report Version 1.4, Symantec, Cupertino, CA, USA, February 2011
Langner, R.: To Kill a Centrifuge: A Technical Analysis of What Stuxnet’s Creators Tried to Achieve. Technical report, The Langner Group, Hamburg, Germany, November 2013
Aberdeen Drilling Schools & Well Control Training Centre: Well Control for the Rig-Site Drilling Team. Aberdeen Drilling Schools, Aberdeen, UK, March 2002
Mæland, M.: Managed Pressure Drilling: The Solaris Prospect – HPHT Exploration Well. Master’s thesis, Department of Petroleum Engineering and Applied Geophysics, Norwegian University of Science and Technology, Trondheim, Norway, June 2013
Aarsnes, U.J.F.: Reduced Order Observer Design for Managed Pressure Drilling. Master’s thesis, Department of Engineering Cybernetics, Norwegian University of Science and Technology, Trondheim, Norway, June 2013
Breyholtz, O., Nygaard, G., Nikolaou, M.: Automatic control of managed pressure drilling. In: Proceedings of the 2010 American Control Conference (ACC 2010), Baltimore, MD, USA, pp. 442–447. IEEE Press, June 2010
Harbour, J.L.: Assessing offshore vulnerabilities and counter-response capabilities using RapidOps. In: Oceans 2002, Biloxi, MS, USA, vol. 2, pp. 1176–1179. IEEE Press, October 2002
Dynes, S., Kolbe, L., Schierholz, R.: Information security in the extended enterprise: a research agenda. In: Hoxmeier, J.A., Hayne, S. (eds.) Proceedings of the 13th Americas Conference on Information Systems (AMCIS 2007), Keystone, CO, USA, p. 330. Association for Information Systems, August 2007
Radmand, P., Talevski, A., Petersen, S., Carlsen, S.: Taxonomy of wireless sensor network cyber security attacks in the oil and gas industries. In: Proceedings of the 24th IEEE International Conference on Advanced Information Networking and Applications (AINA 2010), Perth, Australia, pp. 949–957. IEEE Press, April 2010
Peltier, T.R.: Information Security Risk Analysis, 3rd edn. CRC Press, Boca Raton (2010)
Trucco, P., Cagno, E., Ruggeri, F., Grande, O.: A Bayesian Belief Network modelling of organisational factors in risk analysis: a case study in maritime transportation. Reliab. Eng. Syst. Saf. 93(6), 845–856 (2008)
Kondakci, S.: A causal model for information security risk assessment. In: Proceedings of the Sixth International Conference on Information Assurance and Security (IAS 2010), Atlanta, GA, USA, pp. 143–148. IEEE Press, August 2010
Pearl, J.: Causality: Models, Reasoning, and Inference, 2nd edn. Cambridge University Press, Cambridge (2009)
McEvoy, T.R., Wolthusen, S.: Agent interaction and state determination in SCADA systems. In: Butts, J., Shenoi, S. (eds.) Critical Infrastructure Protection: Proceedings of the Sixth Annual IFIP Working Group 11.10 International Conference on Critical Infrastructure Protection. International Federation for Information Processing Advances in Information and Communication Technology, vol. 390, pp. 99–109. Springer, Heidelberg (2012)
Wu, R., Li, W., Huang, H.: An attack modeling based on hierarchical colored petri nets. In: Proceedings of the 2008 International Conference on Computer and Electrical Engineering (ICCEE 2008), Phuket, Thailand, pp. 918–921. IEEE Press, December 2008
Arnold, F., Hermanns, H., Pulungan, R., Stoelinga, M.: Time-dependent analysis of attacks. In: Abadi, M., Kremer, S. (eds.) POST 2014 (ETAPS 2014). LNCS, vol. 8414, pp. 285–305. Springer, Heidelberg (2014)
Godhavn, J.M., Pavlov, A., Kaasa, G.O., Rolland, N.L.: Drilling seeking automatic control solutions. In: Proceedings of the 18th IFAC World Congress, Milano, Italy, pp. 10842–10850. International Federation of Automatic Control, August 2011
Elliot, D., Montilva, J., Francis, P., Reitsma, D., Shelton, J., Roes, V.: Managed pressure drilling erases the lines. Oilfield Rev. 23(1), 14–23 (2011)
Zhou, J., Stamnes, O.N., Aamo, O.M., Kaasa, G.O.: Switched control for pressure regulation and kick attenuation in a managed pressure drilling system. IEEE Trans. Control Syst. Technol. 19(2), 337–350 (2011)
Ablard, P., Bell, C., Cook, D., Fornasier, I., Poyet, J.P., Sharma, S., Fielding, K., Lawton, L., Haines, G., Herkommer, M.A., McCarthy, K., Radakovic, M., Umar, L.: The expanding role of mud logging. Oilfield Rev. 24(1), 24–41 (2012)
Pavel, D., Grayson, B.: MPD powers static pre-drill modeling with dynamic capacity. Drill. Contractor 68(6), 110–113 (2012)
Perrow, C.: Normal Accidents: Living with High Risk Technologies. Princeton paperbacks, Princeton University Press, Princeton (1984)
Roy, A., Kim, D.S., Trivedi, K.S.: Attack Countermeasure Trees (ACT): towards unifying the constructs of attack and defense trees. Secur. Commun. Netw. 5(8), 929–943 (2012)
Sandaruwan, G.P.H., Ranaweera, P.S., Oleshchuk, V.A.: PLC security and critical infrastructure protection. In: Proceedings of the 8th IEEE International Conference on Industrial and Information Systems (ICIIS 2013), Kandy, Sri Lanka, pp. 81–85. IEEE Press, December 2013
Burgess, T., Starkey, A.A., White, D.: Improvements for kick detection. Oilfield Rev. 2(1), 43–51 (1990)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
McEvoy, T.R., Wolthusen, S.D. (2016). An Attack Analysis of Managed Pressure Drilling Systems on Oil Drilling Platforms. In: Panayiotou, C., Ellinas, G., Kyriakides, E., Polycarpou, M. (eds) Critical Information Infrastructures Security. CRITIS 2014. Lecture Notes in Computer Science(), vol 8985. Springer, Cham. https://doi.org/10.1007/978-3-319-31664-2_12
Download citation
DOI: https://doi.org/10.1007/978-3-319-31664-2_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-31663-5
Online ISBN: 978-3-319-31664-2
eBook Packages: Computer ScienceComputer Science (R0)