Skip to main content
SpringerLink
Log in

An Attack Analysis of Managed Pressure Drilling Systems on Oil Drilling Platforms

  • Conference paper
  • First Online:
Critical Information Infrastructures Security (CRITIS 2014)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8985))

  • 1466 Accesses

Abstract

Oil rig systems are frequently assumed to be isolated from external networks, securing them from malicious software attacks. Integrated operations and media and device mobility undermine this assumption. A successful attack on a drilling operation could be devastating in human, environmental, economic and reputational terms. Several threat sources can easily be identified. We therefore propose the use of Causal Bayesian Networks to analyse probable attack strategies on a managed pressure drilling (MPD) system, where the attacker aims to maximise impact, while minimising attribution. Our results can be used to inform company representatives and operators of likely risks and highlight requirements for the successful diagnosis and recovery of well control incidents stemming from cyber causes.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Anecdotal evidence from private conversation indicates that \(>\)80 % of malicious software found on oil rigs arrives through mobile devices and removable media.

  2. 2.

    Extrusion of a salt bed into a sedimentary layer.

  3. 3.

    The complete study is available on request.

  4. 4.

    Bubbles of gas appear in the mud flow.

  5. 5.

    Probabilities are calculated by taking the product of the posteriors of the preceding nodes with the priors of the current node.

References

  1. Read, C.: BP and the Macondo Spill: The Complete Story. Palgrave Macmillan, New York (2011)

    Book  Google Scholar 

  2. Bea, R.: Final Report on the Investigation of the Macondo Well Blowout. Technical report, Deepwater Horizon Study Group, Department of Civil and Environmental Engineering, University of California Berkeley, Berkeley, CA, USA, March 2011

    Google Scholar 

  3. Hempkins, W.B., Kingsborough, R.H., Lohec, W.E., Nini, C.J.: Multivariate statistical analysis of stuck drillpipe situations. SPE Drill. Eng. 2(3), 237–244 (1987)

    Article  Google Scholar 

  4. Dunn-Norman, S., Erickson, K.T., Cetinkaya, E.K., Stanek, E.K., Miller, A.: SCADA system trends in deepwater developments. In: Rio Oil & Gas Expo and Conference, Rio de Janeiro, Brazil, Brazilian Institute of Oil, Gas and Biofuels, pp. 1–8, October 2000

    Google Scholar 

  5. Skogdalen, J.E., Utne, I.B., Vinnem, J.E.: Developing safety indicators for preventing offshore oil and gas deepwater drilling blowouts. Saf. Sci. 49(8–9), 1187–1199 (2011)

    Article  Google Scholar 

  6. Zengkai, L., Yonghong, L., Ju, L.: Availability and reliability analysis of subsea annular blowout preventer. Adv. Inf. Technol. Comput. Sci. 25, 73–76 (2013). Special Issue: Proceedings of the 2nd International Conference on Energy (ICE 2013), Beijing, China

    Google Scholar 

  7. Johnsen, S.O., Aas, A., Qian, Y.: Sector-specific information infrastructure issues in the oil, gas, and petrochemical sector. In: Lopez, J., Setola, R., Wolthusen, S.D. (eds.) Critical Infrastructure Protection. LNCS, vol. 7130, pp. 235–279. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  8. Falliere, N., O Murchu, L., Chien, E.: W32.Stuxnet Dossier. Technical Report Version 1.4, Symantec, Cupertino, CA, USA, February 2011

    Google Scholar 

  9. Langner, R.: To Kill a Centrifuge: A Technical Analysis of What Stuxnet’s Creators Tried to Achieve. Technical report, The Langner Group, Hamburg, Germany, November 2013

    Google Scholar 

  10. Aberdeen Drilling Schools & Well Control Training Centre: Well Control for the Rig-Site Drilling Team. Aberdeen Drilling Schools, Aberdeen, UK, March 2002

    Google Scholar 

  11. Mæland, M.: Managed Pressure Drilling: The Solaris Prospect – HPHT Exploration Well. Master’s thesis, Department of Petroleum Engineering and Applied Geophysics, Norwegian University of Science and Technology, Trondheim, Norway, June 2013

    Google Scholar 

  12. Aarsnes, U.J.F.: Reduced Order Observer Design for Managed Pressure Drilling. Master’s thesis, Department of Engineering Cybernetics, Norwegian University of Science and Technology, Trondheim, Norway, June 2013

    Google Scholar 

  13. Breyholtz, O., Nygaard, G., Nikolaou, M.: Automatic control of managed pressure drilling. In: Proceedings of the 2010 American Control Conference (ACC 2010), Baltimore, MD, USA, pp. 442–447. IEEE Press, June 2010

    Google Scholar 

  14. Harbour, J.L.: Assessing offshore vulnerabilities and counter-response capabilities using RapidOps. In: Oceans 2002, Biloxi, MS, USA, vol. 2, pp. 1176–1179. IEEE Press, October 2002

    Google Scholar 

  15. Dynes, S., Kolbe, L., Schierholz, R.: Information security in the extended enterprise: a research agenda. In: Hoxmeier, J.A., Hayne, S. (eds.) Proceedings of the 13th Americas Conference on Information Systems (AMCIS 2007), Keystone, CO, USA, p. 330. Association for Information Systems, August 2007

    Google Scholar 

  16. Radmand, P., Talevski, A., Petersen, S., Carlsen, S.: Taxonomy of wireless sensor network cyber security attacks in the oil and gas industries. In: Proceedings of the 24th IEEE International Conference on Advanced Information Networking and Applications (AINA 2010), Perth, Australia, pp. 949–957. IEEE Press, April 2010

    Google Scholar 

  17. Peltier, T.R.: Information Security Risk Analysis, 3rd edn. CRC Press, Boca Raton (2010)

    Book  Google Scholar 

  18. Trucco, P., Cagno, E., Ruggeri, F., Grande, O.: A Bayesian Belief Network modelling of organisational factors in risk analysis: a case study in maritime transportation. Reliab. Eng. Syst. Saf. 93(6), 845–856 (2008)

    Article  Google Scholar 

  19. Kondakci, S.: A causal model for information security risk assessment. In: Proceedings of the Sixth International Conference on Information Assurance and Security (IAS 2010), Atlanta, GA, USA, pp. 143–148. IEEE Press, August 2010

    Google Scholar 

  20. Pearl, J.: Causality: Models, Reasoning, and Inference, 2nd edn. Cambridge University Press, Cambridge (2009)

    Book  MATH  Google Scholar 

  21. McEvoy, T.R., Wolthusen, S.: Agent interaction and state determination in SCADA systems. In: Butts, J., Shenoi, S. (eds.) Critical Infrastructure Protection: Proceedings of the Sixth Annual IFIP Working Group 11.10 International Conference on Critical Infrastructure Protection. International Federation for Information Processing Advances in Information and Communication Technology, vol. 390, pp. 99–109. Springer, Heidelberg (2012)

    Google Scholar 

  22. Wu, R., Li, W., Huang, H.: An attack modeling based on hierarchical colored petri nets. In: Proceedings of the 2008 International Conference on Computer and Electrical Engineering (ICCEE 2008), Phuket, Thailand, pp. 918–921. IEEE Press, December 2008

    Google Scholar 

  23. Arnold, F., Hermanns, H., Pulungan, R., Stoelinga, M.: Time-dependent analysis of attacks. In: Abadi, M., Kremer, S. (eds.) POST 2014 (ETAPS 2014). LNCS, vol. 8414, pp. 285–305. Springer, Heidelberg (2014)

    Chapter  Google Scholar 

  24. Godhavn, J.M., Pavlov, A., Kaasa, G.O., Rolland, N.L.: Drilling seeking automatic control solutions. In: Proceedings of the 18th IFAC World Congress, Milano, Italy, pp. 10842–10850. International Federation of Automatic Control, August 2011

    Google Scholar 

  25. Elliot, D., Montilva, J., Francis, P., Reitsma, D., Shelton, J., Roes, V.: Managed pressure drilling erases the lines. Oilfield Rev. 23(1), 14–23 (2011)

    Google Scholar 

  26. Zhou, J., Stamnes, O.N., Aamo, O.M., Kaasa, G.O.: Switched control for pressure regulation and kick attenuation in a managed pressure drilling system. IEEE Trans. Control Syst. Technol. 19(2), 337–350 (2011)

    Article  Google Scholar 

  27. Ablard, P., Bell, C., Cook, D., Fornasier, I., Poyet, J.P., Sharma, S., Fielding, K., Lawton, L., Haines, G., Herkommer, M.A., McCarthy, K., Radakovic, M., Umar, L.: The expanding role of mud logging. Oilfield Rev. 24(1), 24–41 (2012)

    Google Scholar 

  28. Pavel, D., Grayson, B.: MPD powers static pre-drill modeling with dynamic capacity. Drill. Contractor 68(6), 110–113 (2012)

    Google Scholar 

  29. Perrow, C.: Normal Accidents: Living with High Risk Technologies. Princeton paperbacks, Princeton University Press, Princeton (1984)

    Google Scholar 

  30. Roy, A., Kim, D.S., Trivedi, K.S.: Attack Countermeasure Trees (ACT): towards unifying the constructs of attack and defense trees. Secur. Commun. Netw. 5(8), 929–943 (2012)

    Article  Google Scholar 

  31. Sandaruwan, G.P.H., Ranaweera, P.S., Oleshchuk, V.A.: PLC security and critical infrastructure protection. In: Proceedings of the 8th IEEE International Conference on Industrial and Information Systems (ICIIS 2013), Kandy, Sri Lanka, pp. 81–85. IEEE Press, December 2013

    Google Scholar 

  32. Burgess, T., Starkey, A.A., White, D.: Improvements for kick detection. Oilfield Rev. 2(1), 43–51 (1990)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Norwegian Information Security Laboratory, Department of Computer Science, Gjøvik University College, Gjøvik, Norway

    Thomas Richard McEvoy & Stephen D. Wolthusen

Authors
  1. Thomas Richard McEvoy
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Stephen D. Wolthusen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Stephen D. Wolthusen .

Editor information

Editors and Affiliations

  1. University of Cyprus , Nicosia, Cyprus

    Christos G. Panayiotou

  2. University of Cyprus , Nicosia, Cyprus

    Georgios Ellinas

  3. University of Cyprus , Nicosia, Cyprus

    Elias Kyriakides

  4. University of Cyprus , Nicosia, Cyprus

    Marios M. Polycarpou

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

McEvoy, T.R., Wolthusen, S.D. (2016). An Attack Analysis of Managed Pressure Drilling Systems on Oil Drilling Platforms. In: Panayiotou, C., Ellinas, G., Kyriakides, E., Polycarpou, M. (eds) Critical Information Infrastructures Security. CRITIS 2014. Lecture Notes in Computer Science(), vol 8985. Springer, Cham. https://doi.org/10.1007/978-3-319-31664-2_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-31664-2_12

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-31663-5

  • Online ISBN: 978-3-319-31664-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation