Dear colleagues. This is an unusual request. I was looking for material that could address some basic framework for securing physical access to control equipment and data cabinets on a drilling platform. Whilst implementing controls in data centers or land based office spaces with direct online capabilities, the safety is the primary concern in these dangerous environments. I am sure there is a document(s) that could either directly or indirectly act as a reference point.
Most of the major operators of these platforms (BP, Shell, Chevron, etc) have their own internal process control secuirty policy, procedures and standards, which includes physical security. As you have asked the question, I am assuming the facility you are looking at does not have any of these.
From experience, a number of factors that you need to consider:
Where is the equipment located?
Is it in a shared room/cabinet with other third party equipment?
Is the facility manned?
Are the networks segregated?
As a basic, equipment should be a in locked cabinet or room. If multiple vendors have access, these should be in seperate cabinets if at all possible (I know, space is limited on a platform). Is this a BPCS (basic process control system) or a safety system? If the later, much more stringent controls need to be in place. Definitly in its own locked cabinet, with controlled access.
Physical access logs would be a useful control, including authorization by one of the controllers/engineers (if present).
I may have documents that I can share - let me look at them and I will see what I can do.
Thanks for the reply. I would appreciate any reference I can get my hands on. I agree with your suggestions and these I allready have thought about. I am being asked to provide solutions but they have not given me the base requirements to build the solution on.
Look for NFPA 730 and 731. NFPA 731 is a Standard for the Installation of Electronic Premises Security Systems, NFPA 730 is the Guide to Premises security. Mostly focuses on physical security (the NFPA 730 standard was originally written to help protect against burglary).
Thank you Heinrich. In fact I have a copy of those 2 documents in my desk. These unfortunately do not provide the information I am looking for.
Then I'm slightly at a loss here what you are looking for. Can you elaborate a bit on what these documents do not offer that you're looking for?
The NFPA documents focus on onshore premise installations. I was searching for cases that secure offshore drilling rigs. I also have the complete Protection of Assets library and there is nothing specific to this situation. I have parallel questions going to some of our security integrators.
Also, it is a bit hard, isn't it, if you don't even have proper REQUIREMENTS - to come up with a solution. I'd make sure that you have scope and requirements before you even start.