69 Towards More Secure Virtual Organizations by Implementing a Common Scheme for Incident Response Management (PSAM-0457)
-
Published:2006
Download citation file:
Remote operation and control of offshore oil and gas production is increasing in the North Sea. The technology used to support operations and exception handling is changing from proprietary closed systems to standardized IT systems built on PCs and MS Windows. The PCs are integrated in networks that can be connected to the Internet. This leads to a major change in which threats the industry faces. PCs using MS Windows are vulnerable, new exploits are continuously found and the number of hacker attacks is increasing. The reliance on MS Windows and Internet is thus increasing the vulnerability of the oil and gas production. In addition, a network of companies that functions as a virtual organization is increasingly performing the operations and management of the oil and gas fields. These virtual organizations and the increased number of vulnerabilities create the need for common safety and security culture, communication and incident management during regular operations and when handling information security incidents. In this paper, these challenges are presented and discussed, and a suggestion for a standardized scheme for Incident Response Management in the North Sea is proposed. We suggest exploring information security incidents across the virtual organizations, and to standardize on reporting and on training to be able to establish common goals and objectives. All in order to establish more resilient organizations and systems related to information security.