Until very recently, many offshore platforms and vessels operated their entire working lives using only the safety systems and features that were installed during construction. Their mechanical systems perform certain sets of functions that can be regulated and monitored by crews that possess complete knowledge of the systems and their interactions.
But the offshore industry and its business processes are evolving rapidly. As the offshore industry continues to deploy highly instrumented, automated and connected assets, unforeseen technical problems and risks have emerged.
Control systems
Today systems interconnect more widely than before, and this introduces concerns with system integrity. So one major area of concern is control systems, system interfaces and data management.
System integrity is the degree to which a particular system can operate completely deterministically—that is, its behavior in all circumstances is known, predictable and within designed boundaries and remains in that condition without conscious operator action despite potential failures or interfering influences. System integrity provides reliability and dependability, but it is affected by system modifications.
Typical requirements for systems on offshore units include the functions and considerations associated with software-intensive systems. Life-cycle requirements—which at one time were based largely on finite numbers of improvements or replacements to hull machinery and equipment resulting from long technology evolution cycles—now also include software updates and upgrades along with associated asset configuration and version control efforts.
Software modifications, updates and upgrades during the asset life cycle affect system behavior and response and therefore affect system integrity. This is most visible where real-time (RT) and near-real-time (NRT) control systems are used.
RT and NRT control systems are critical to the safe and effective operation of offshore assets. Their quick responses, data capture functions and labor-multiplying effects deliver vastly expanded capabilities. These types of control systems are referred to as operational technology (OT).
System integrity is central to offshore OT systems largely because of the complexity inherent in applications like drilling systems, which are highly integrated. On an offshore asset, many individual OT systems function together to produce the desired functionality. When the overarching functionality is defined and documented, the goals, purposes and critical natures of the connected subsystems are clear. It is at that point that the notion of system integrity is created as a required and expected
function that has to remain unaffected by either internal or external conditions.
Upgrades, vulnerabilities
The second major area of concern is configuration control. While there are many integrity-reducing conditions, a fair number of them can be managed through disciplined implementation of a relatively small number of comprehensive software quality engineering practices that include a detailed OT system architectural description, strict control of OT software and hardware evolution, and disciplined physical and cyber-OT system security protection.
Inadequate understanding of OT system architecture opens the door to threats to system integrity. For offshore crew members to maintain system integrity, they need to understand their systems completely, and they must have a detailed functional description of the OT system architecture. This transparent view of the “virtual asset” provides a working view of the asset that is critical to system operation, recovery, system evolution and system protection.
Clearly, controlling and managing updates and upgrades are critical to maintaining system integrity. Cost control measures, however, can work against good configuration control in two areas. One is in perceived return on expenditures. Owners commonly look for rapid and measurable value in return for software updates because the updates rarely associate with physical construction or drydocking. The lack of value recognition can result in decisions to defer updates to OT systems.
The opposite effect can occur when systems are updated simply because contracts include clauses for maintenance updates that allow external third parties to perform updates to maintain specified performance levels. If original equipment manufacturers (OEMs) or third-party maintenance personnel make software modifications without owner or crew knowledge, the working system configuration becomes very fragile.
Strict OT system software, firmware and hardware control is possible if all changes are vetted and authorized prior to installation. This evolutionary process can be orderly and effective if managed conscientiously.
Managed system evolution includes applying software management-of-change practices to all systems. It demands supplier transparency in change and configuration management during software development and maintenance, disciplined pre-installation review of new OT system elements, pre-installation supplier testing protocols for both computer hardware and software, disciplined warm- and cold-stacking of OT systems, and preplanned OT system end-of-life management.
Cyberthreats
The third major area of concern is cybersecurity. As remote connectivity through the Internet has increased, it has opened OT systems to integrity threats. Networked and remote connectivity bring major high-profile threats to OT systems.
Threats to remotely accessible systems have created a need for new types of corporate expertise and new practices and protective imperatives to manage threats to OT system integrity. Now more comprehensive policies for establishing organizational, technical and procedural capabilities are being applied to protect OT systems.
Two practices are particularly useful in protecting integrity: formal requirements management and documented system traceability. Documenting the linkages of formally stated requirements to the as-built system architecture, test procedures, and criticality and safety analyses allows those in the change management approval workflow to base decisions about system evolution on the original functional intent of the software.
These processes are part of normal systems engineering. Positive control of systems integrity and systems configurations is required before effective cybersecurity is possible. Cybersecurity of safety-critical systems really translates to maintaining integrity and deterministic outcomes of those systems.
Dependence on software, automation Growing dependence on software, increases in control system integration and more widespread connectivity to onshore monitoring systems have made cybersecurity a serious issue. Expanding automation means more interconnections, which present additional hazards, whether through the introduction of malicious code, malevolent actions, or imprudent care and maintenance.
There is greater pressure on OEMs, software developers and shipyards to design assets for which the system architecture is well defined, documented and communicated so informed decisions can be made throughout the asset’s service life—before, during and after modifications. Better system architecture and engineering should require that the unit be delivered with a documented process in place so security updates can be carried out easily.
The role of classification in this evolving environment is to apply technical competence and experience to determine risks and hazards and to provide a framework for practical and appropriate safety infrastructure without unduly restricting the potential for progress.
Recommended Reading
IndustryVoice: Phoenix Capital Group's Innovative Path to Success in the Williston Basin
2024-11-20 - In just five years, Phoenix Capital Group has combined technological innovation and a direct-to-investor financing approach to position itself as a leading operator in North Dakota’s Williston Basin.
Vistra to Offer Senior Notes for Equity Interest Repayment
2024-11-19 - Vistra Corp. said the proceeds from the offer will be used toward an early payout for the installment purchase of Avenue Capital Management II’s interest in Vistra Vision.
US Energy Secretary Nominee Chris Wright Champions Energy at DUG GAS
2024-11-19 - President-elect Donald Trump's energy secretary nominee Chris Wright championed energy's role in bettering human lives earlier this year on stage at Hart Energy’s DUG GAS Conference and Expo.
DT Midstream to Buy 3 Pipe Networks from ONEOK in $1.2B Deal
2024-11-19 - ONEOK plans to use the proceeds from the sale of the Guardian Pipeline, Midwestern Gas Transmission and Viking Gas Transmission to focus on other operational priorities.
Exclusive: MPLX Drives US NGL Growth with Propane Exports Reaching 2 MMbbl/d
2024-11-19 - MPLX Executive Vice President and COO Greg Floerke delves into the company evolution in Appalachia and the increase in its liquids exports and production scale, in this Hart Energy Exclusive interview.
Comments
Add new comment
This conversation is moderated according to Hart Energy community rules. Please read the rules before joining the discussion. If you’re experiencing any technical problems, please contact our customer care team.