Abstract
This chapter discusses digital vulnerabilities and resilience in the Norwegian oil and gas infrastructure. The Norwegian oil and gas sector is a part of the European Union’s critical infrastructure because Norway supplies approximately 10% of the European Union’s oil and 30% of its gas. Hidden, dynamic and emergent risks are considered and resilience engineering is suggested as a framework for handling, recovering from and adapting to unexpected incidents.
Chapter PDF
Similar content being viewed by others
References
Ask, R., Roisli, R., Johnsen, S., Line, M., Ueland, A., Hovland, B., Groteide, L., Birkeland, B., Steinbakk, A., Hagelsteen, E., Rong, C., Losnedahl, T.: Information Security Baseline Requirements for Process Control, Safety and Support ICT Systems, Norwegian Oil and Gas Association, Stavanger, Norway (2006)
Byres, E.: Using ANSI/ISA-99 Standards to Improve Control System Security (plus White Paper), Tofino Security, Lantzville, Canada (2012)
Committee of Digital Vulnerabilities in Society: Digital Vulnerability - Secure Society: Protecting People and Society in a Digitalized World (in Norwegian), Official Norwegian Report (NOU 2015: 13) to the Ministry of Justice and Public Security, Oslo, Norway (2015)
European Council, Council Directive 2008/114/EC on the Identification and Designation of European Critical Infrastructures and the Assessment of the Need to Improve Their Protection. Brussels, Belgium (2008)
Falliere, N., O’Murchu, L., Chien, E.: W32.Stuxnet Dossier, Symantec, Mountain View, California (2011)
Federal Office for Information Security: The IT Security Situation in Germany in 2014, Bonn, Germany (2014)
Flage, R., Aven, T.: Emerging risk - Conceptual definition and a relation to black swan type of events, Reliability Engineering and System Safety, vol. 144, pp. 61–67 (2015)
German Institute for Standardization (DIN), Standard DIN CWA 16649, Managing Emerging Technology-Related Risks, Berlin, Germany (2013)
Hollnagel, E., Woods, D., Leveson, N. (eds.): Resilience Engineering: Concepts and Precepts, CRC Press, Boca Raton, Florida (2006)
International Risk Governance Council: Guidelines for Emerging Risk Governance, Lausanne, Switzerland (2015)
International Standards Organization: ISO 19011: 2011, Guidelines for Auditing Management Systems, Geneva, Switzerland (2011)
Jansen, S., Finkelstein, A., Brinkkemper, S.: A sense of community: A research agenda for software ecosystems, Proceedings of the Thirty-First International Conference on Software Engineering, Companion Volume, pp. 187–190 (2009)
Johnsen, S. : An Investigation of Resilience in Complex Socio-Technical Systems to Improve Safety and Continuity in Integrated Operations, Ph.D. Dissertation, Department of Computer and Information Science, Norwegian University of Science and Technology, Trondheim, Norway (2012)
Johnsen, S.: A comparative study of the Norwegian cyber security strategy vs. strategies in the EU and U.S. - Emerging cybersafety ignored, in Safety and Reliability of Complex Engineered Systems, L. Podofillini, B. Sudret, B. Stojadinovic, E. Zio and W. Kroger (Eds.), CRC Press/Balkema, Leiden, The Netherlands, pp. 3485–3492 (2015)
Johnsen, S. , Ask, R., Roisli, R.: Reducing risk in oil and gas production operations, in Critical Infrastructure Protection, E. Goetz and S. Shenoi (Eds.), Springer, Boston, Massachusetts, pp. 83–95 (2008)
Johnsen, S., Bjorkli, C., Steiro, T., Fartum, H., Haukenes, H., Ramberg, J., Skriver, J.: CRIOP: A Scenario Method for Crisis Intervention and Operability Analysis. SINTEF, Trondheim, Norway (2011)
Johnsen, S., Oren, A.: Ten years from risk assessment to regulatory action - Is complacency creating a reactive and brittle regulatory regime in Norway? in Safety and Reliability of Complex Engineered Systems, L. Podofillini, B. Sudret, B. Stojadinovic, E. Zio and W. Kroger (Eds.), CRC Press/Balkema, Leiden, The Netherlands, pp. 3333–3339 (2015)
Luiijf, E., Basseling, K., de Graaf, P.: Nineteen national cyber security strategies, International Journal of Critical Infrastructures, vol.9(1–2), pp. 3–31 (2013)
Lundberg, J., Rollenhagen, C., Hollnagel, E.: What-you-look-for-is-what-you-find: The consequences of underlying accident models in eight accident investigation manuals, Safety Science, vol.47(10), pp. 1297–1311 (2009)
National Transportation Safety Board, Supervisory Control and Data Acquisition (SCADA) in Liquid Pipelines, Safety Study NTSB/SS-05/02, PB2005-917005, Notation 7505A, Washington, DC (2005)
Norwegian Ministry of Defense: The Security Act (in Norwegian), Oslo, Norway (1998)
Norwegian Ministry of Defense: Measures for Protecting Objects (in Norwegian), Oslo, Norway (2011)
Norwegian Ministry of Justice and Public Security: Statement on Safety and Security, Report 17 (2001–2002), Oslo, Norway (2002)
Norwegian Ministry of Justice and Public Security: National Cyber Security Strategy for Norway, Oslo, Norway (2012)
Norwegian Ministry of Justice and Public Security: The Implementation of the EPCIP Directive, Oslo, Norway (2012)
Norwegian National Security Authority: Guideline for Protecting Objects, Oslo, Norway (2014)
Norwegian National Security Authority: Safety Report 2014, Oslo, Norway (2014)
Norwegian Police Directorate: Response on Measures for Protecting Objects, Oslo, Norway (2009)
Petroleum Safety Authority of Norway: Safety System Independence in Focus, Stavanger, Norway (2010)
Petroleum Safety Authority of Norway, Review of ICT - Security in Drilling, Process Control, Safety and Support Systems within the Oil and Gas Sector (in Norwegian), Stavanger, Norway (2013)
Petroleum Safety Authority of Norway, Regulations Relating to Design and Outfitting of Facilities, etc. in the Petroleum Activities (The Facilities Regulations), Stavanger, Norway (2015)
Petroleum Safety Authority of Norway: Trends in Risk Level, Stavanger, Norway (2015)
Rauscher, K., Yaschenko, V. (eds.) Russia-U.S. Bilateral on Cybersecurity:Critical Terminology Foundations, Issue 1, EastWest Institute,New York and Information Security Institute, Moscow State University, Moscow, Russia (2011)
Robertson, J., Riley, M.: Mysterious ’08 Turkey pipeline blast opened new cyberwar, Bloomberg, December 10, 2014
Subrahmanian, V., Ovelgonne, M., Dumitras, T., Prakash, B.: The Global Cyber-Vulnerability Report. Springer International Publishing, Cham, Switzerland (2015)
U.S. Department of Defense, Department of Defense Standard Practice: System Safety, MIL-STD-882E, Washington, DC (2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 IFIP International Federation for Information Processing
About this paper
Cite this paper
Johnsen, S. (2016). Mitigating Emergent Vulnerabilities in Oil and Gas Assets via Resilience. In: Rice, M., Shenoi, S. (eds) Critical Infrastructure Protection X. ICCIP 2016. IFIP Advances in Information and Communication Technology, vol 485. Springer, Cham. https://doi.org/10.1007/978-3-319-48737-3_3
Download citation
DOI: https://doi.org/10.1007/978-3-319-48737-3_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-48736-6
Online ISBN: 978-3-319-48737-3
eBook Packages: Computer ScienceComputer Science (R0)