Abstract
Digitization may provide increased access to and more efficient use of real-time and historical data, internally as well as externally in an organization. However, when information from industrial control systems (ICS) becomes more available in office IT systems and in the "cloud", ICS systems may become more vulnerable and attractive targets for cyberattacks. We have investigated data safety in ICS in the Norwegian offshore sector when data is processed from ICS to the office network. The work is mainly based on document review and nine interviews with selected oil companies, rig companies and service providers of operational data. The paper addresses strengths and threats related to data safety with emphasis on (1) Data sources and data flow, (2) Safety and security of data, (3) Data cleaning and processing, (4) Contextualization, (5) Validation, and (6) Quality assurance. We also discuss shortcomings for functional safety in current standards such as IEC 61508 and IEC 61511 and standard series for security, IEC 62443. It is a major challenge for the industry that there are no good international standards and guidelines that define the relevant terminology across IT systems and ICS. Future work should address data safety challenges when applying artificial intelligence and machine learning in ICS systems.
