cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
vbk92
Newcomer I

Securing an offshore or onshore drilling platform

Dear colleagues. This is an unusual request.  I was looking for material that could address some basic framework for securing physical access to control equipment and data cabinets on a drilling platform.  Whilst implementing controls in data centers or land based office spaces with direct online capabilities, the safety is the primary concern in these dangerous environments.  I am sure there is a document(s) that could either directly or indirectly act as a reference point.

 

Thak you

10 Replies
securedragon
Viewer II

Hi

Most of the major operators of these platforms (BP, Shell, Chevron, etc) have their own internal process control secuirty policy, procedures and standards, which includes physical security. As you have asked the question, I am assuming the facility you are looking at does not have any of these.

 

From experience, a number of factors that you need to consider:

 

Where is the equipment located?

Is it in a shared room/cabinet with other third party equipment?

Is the facility manned?

Are the networks segregated?

Remotely accessible?

 

As a basic, equipment should be a in locked cabinet or room. If multiple vendors have access, these should be in seperate cabinets if at all possible (I know, space is limited on a platform). Is this a BPCS (basic process control system) or a safety system? If the later, much more stringent controls need to be in place. Definitly in its own locked cabinet, with controlled access.

Physical access logs would be a useful control, including authorization by one of the controllers/engineers (if present).

 

I may have documents that I can share - let me look at them and I will see what I can do.

vbk92
Newcomer I

Thanks for the reply.  I would appreciate any reference I can get my hands on.  I agree with your suggestions and these I allready have thought about.  I am being asked to provide solutions but they have not given me the base requirements to build the solution on.

fortean
Contributor III

Look for NFPA 730 and 731. NFPA 731 is a Standard for the Installation of Electronic Premises Security Systems, NFPA 730 is the Guide to Premises security. Mostly focuses on physical security (the NFPA 730 standard was originally written to help protect against burglary).

--
Heinrich W. Klöpping, MSc CISSP CCSP CIPP/E CTT+
vbk92
Newcomer I

Thank you Heinrich. In fact I have a copy of those 2 documents in my desk. These unfortunately do not provide the information I am looking for.

fortean
Contributor III

Then I'm slightly at a loss here what you are looking for. Can you elaborate a bit on what these documents do not offer that you're looking for?

--
Heinrich W. Klöpping, MSc CISSP CCSP CIPP/E CTT+
vbk92
Newcomer I

The NFPA documents focus on onshore premise  installations. I was searching for cases that secure offshore drilling rigs.  I also have the complete Protection of Assets library and there is nothing specific to this situation. I have parallel questions going to some of our security integrators.

fortean
Contributor III

EN791? .. replaced By : BS EN 16228-1:2014, BS EN 16228-2:2014, BS EN 16228-3:2014, BS EN 16228-4:2014, BS EN 16228-5:2014, BS EN 16228-6:2014, BS EN 16228-7:2014

--
Heinrich W. Klöpping, MSc CISSP CCSP CIPP/E CTT+
vbk92
Newcomer I

This is more interresting. I will have to get someone to access those documents.  Thank you.

fortean
Contributor III

Also, it is a bit hard, isn't it, if you don't even have proper REQUIREMENTS - to come up with a solution. I'd make sure that you have scope and requirements before you even start. Robot Sad

--
Heinrich W. Klöpping, MSc CISSP CCSP CIPP/E CTT+