Reducing Risk in Oil and Gas Production Operations

  • Stig Johnsen
  • Rune Ask
  • Randi Roisli
Part of the IFIP International Federation for Information Processing book series (IFIPAICT, volume 253)

Remote operations are commonly employed in oil and gas installations in the North Sea and elsewhere. The use of information and communications technologies (ICT) has resulted in process control systems being connected to corporate networks as well as the Internet. In addition, multiple companies, functioning as a virtual organization, are involved in operations and management. The increased connectivity and human collaboration in remote operations have significantly enhanced the risks to safety and security. This paper discusses methods and guidelines for addressing different types of risks posed by remote operations: technical ICT-based risks, organizational risks and risks related to human factors. Three techniques are described: (i) ISO 27001 based information security requirements for process control, safety and support ICT systems; (ii) CRIOP, an ISO 11064 based methodology that provides a checklist and scenario analysis for remote operations centers; and (iii) CheckIT, a method for improving an organization’s safety and security culture.

Keywords: Oil and gas production, remote operations, information security, human factors


Information Security Security Incident Remote Operation Risk Matrix Security Culture 


  1. Advisory Committee on the Safety of Nuclear Installations, Third Report of the Advisory Committee on the Safety of Nuclear Installations: Orga- nizing for Safety, Health and Safety Commission Books, Norwich, United Kingdom, 1993.Google Scholar
  2. [2]
    S. Andersen, Improving Safety Through Integrated Operations, Master’s Thesis, Department of Industrial Economics and Technology Management, Norwegian University of Science and Technology, Trondheim, Norway, 2006.Google Scholar
  3. [3]
    R. Ask, R. Roisli, S. Johnsen, M. Line, T. Ellefsen, A. Ueland, B. Hovland, L. Groteide, B. Birkeland, A. Steinbakk, A. Pettersen, E. Hagelsteen, O. Longva and T. Losnedahl, Information security baseline requirements for process control, safety and support ICT systems, OLF Guideline No. 104, Norwegian Oil Industry Association (OLF), Stavanger, Norway, 2006.Google Scholar
  4. [4]
    G. Chadwell, F. Leverenz and S. Rose, Contribution of human factors to incidents in the petroleum refining industry, Process Safety Progress, vol. 18 (4), pp. 206-210, 1999.CrossRefGoogle Scholar
  5. P. Hudson and G. van der Graaf, Hearts and minds: The status after 15 years research, Proceedings of the SPE International Conference on Health, Safety and Environment in Oil and Gas Exploration and Production (SPE 73941), 2002.Google Scholar
  6. S. Johnsen, C. Bjorkli, T. Steiro, H. Fartum, H. Haukenes, J. Ramberg and J. Skriver, CRIOP: A scenario method for crisis intervention and op- erability analysis (www.criop. sintef. no/The%20CRIOP%20report/CRIOP Report. pdf), 2006.
  7. S. Johnsen, C. Hansen, Y. Nordby and M. Line, CheckIT: Measurement and improvement of information security and safety culture, Proceedings of the International Conference on Probabilistic Safety Assessment and Management, 2006.Google Scholar
  8. [8]
    S. Johnsen, M. Lundteigen, H. Fartum and J. Monsen, Identification and reduction of risks in remote operations of offshore oil and gas installations, in Advances in Safety and Reliability (Volume 1), K. Kolowrocki (Ed. ), Taylor and Francis/Balkema, Leiden, The Netherlands, pp. 957-964, 2005.Google Scholar
  9. [9]
    P. Kotter, Leading Change, Harvard Business School Press, Boston, Massachusetts, 1996.Google Scholar
  10. [10]
    S. Luders, CERN tests reveal security flaws with industrial networked devices, The Industrial Ethernet Book, GGH Marketing Communications, Titchfield, United Kingdom, pp. 12-23, November 2006.Google Scholar
  11. D. McCafferty and C. Baker, Human error and marine systems: Current trends, Proceedings of the Second Annual IBC Conference on Human Error, 2002.Google Scholar
  12. Norwegian Oil Industry Association (OLF), Integrated operations on the Norwegian Continental Shelf, Stavanger, Norway (www.olf. no/?22894.pdf), 2004.
  13. Norwegian Petroleum Directorate (NPD), The NPD’s fact pages, Stavanger, Norway (www.).
  14. Petroleum Safety Authority (www.ptil. no/English/Frontpage. htm).
  15. [15]
    K. Stouffer, J. Falco and K. Kent, Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems Security -Initial Public Draft, National Institute of Standards and Technology, Gaithersburg, Maryland, 2006.Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2008

Authors and Affiliations

  • Stig Johnsen
    • 1
  • Rune Ask
    • 2
  • Randi Roisli
    • 3
  1. 1.SINTEFNorway
  2. 2.Det Norske VeritasNorway
  3. 3.Statoil ASNorway

Personalised recommendations