Cyber security

With an increased focus on cyber security in the oil and gas industry, it is imperative that necessary measures are implemented to enhance the security of the rig Drilling Control System. The HMH Cyber Security service portfolio Secure Operations (SecureOPS™) is designed to meet this ever-increasing demand, and to conform with government, rig owner and drilling contractor requirements. HMH can support clients to meet the requirements of the industry as the services are designed in accordance with the IEC 62443-2-4 standard.

Secure Operations
The HMH Cyber Security services are designed to support all aspects of the Secure Operations portfolio throughout the lifespan of the Drilling Control System. The initial CS assessment and scheduled health checks report on system status and security stature. Threat and vulnerability management, as well as Account Management and Secure Control make sure that the system is maintained controlled and safe during everyday-operation. Monitoring and Incident response is designed to identify and react to incidents, while Disaster recovery’s purpose is to assist restoring the system to it’s operational state after a potential incident.

Cybersecurity Incident Response Team (CSIRT)
Cybersecurity Incident Response Team (CSIRT) is a critical component for securing Drilling Control ICS system in the event of a system compromise or system breach. HMH’s CSIRT consists of dedicated response personnel with 24/7 support, GOSC Cyber Security engineers, HMH Cyber Security responsible, and product responsible specialists.

The HMH CSIRT response process involves a systematic approach to detecting, containing, and mitigating the impact of security incidents. This is achieved by using industry verified standard processes and procedures to identify and manage data breaches, malware attacks, and network intrusions. Incident response can be initiated by either client request, automated detections systems, asset on-site personnel or by other detections methods available to the asset. The CSIRT team can help contain threats or data breaches and minimize downtime by returning the ICS to operational to status as more quickly after a security incident.

Cyber Security Assessment
As focus on Drilling Control System Cyber Security, regulations and corporate requirements increase, it is necessary to perform a Cyber Security assessment to establish and determine the current security posture of a system. The assessment will provide an indication of risks, as well as insight into vulnerabilities that need to be mitigated to increase the protection level. The HMH Cyber Security Assessment will be performed in accordance with IEC 62443.

The assessment is designed to discover and document risk and vulnerabilities such as, but not limited to:

  • Firewall rule audit; any-any, or 3d-party to control system
  • Network issues, erroneous config on switches
  • Network crosstalk between 3d-party networks
  • Rogue or unwanted network communication between control system and other networks such as navigation and propulsion
  • Direct connection to internet
  • System vulnerabilities (firmware and patch level)
  • Unauthorized remote access
  • Software mismatch
  • PLC software mismatch
  • Insider risk potential
  • Removable storage risk

In addition to establishing a threat picture, the assessment will provide a complete understanding and inventory of the drilling control system. Based on the discoveries, HMH specialists will be able to create a plan of action to mitigate or correct identified risks and issues.

Remote Diagnostic Service
At our 24/7 Support Center, our team of highly skilled and dedicated support personnel is available around the clock to provide immediate technical support. Our 24/7 Support Engineers are proficient in connecting, monitoring, and troubleshooting all aspects of the drilling control and monitoring systems offered by HMH, which can help improve uptime, performance, and reduce the need for field service missions.

The HMH Cyber Security Incident Response Team (CSIRT) is responsible for managing all cybersecurity incidents and reports within the HMH fleet. Whenever a cybersecurity incident is detected or reported to our CSIRT, we will thoroughly investigate and take appropriate actions based on the nature and severity of the incident. This proactive approach helps to reduce cybersecurity risk and enables faster recovery in the event of an incident. By connecting to the Remote Diagnostic System on the rig, our support engineers can carry out:

  • Analysis of PLC codes
  • Fault finding on equipment
  • Fine tuning of parameters
  • Troubleshooting on DrillView system
  • Online installation of certain software upgrades
  • Cyber Security incident and response (CSIRT)

The online technical support provided by our team is an invaluable resource for our customers, as it helps to minimize downtime on rigs and prevent critical situations from arising. Our team of experts is able to quickly troubleshoot and resolve a wide range of software and operational issues through online remote diagnostic support, ensuring that our customers can keep their operations running smoothly

Threat and vulnerability management
The Threat and vulnerability management service is part of the HMH Cyber Security service portfolio Secure Operations (SecureOPS™). The service patches and updates HMH systems on a scheduled interval.

With an evolving threat landscape, it is important to be able to provide the necessary measures to enhance security related to assets on a rig. Through the service, tested patches, definitions, and critical updates for all HMH systems are provided and uploaded to HMH
systems (switches, Windows clients / server, malwareprotection).

HMH utilizes a drilling control systems lab to test the different patches, definitions, and critical updates. The testing enables detection of issues with software and hardware before the updates are deployed on a rig. Trained specialists also monitor a variety of security advisors/bulletins, forums, and the dark web for threats. This enables HMH to be on top of critical issues, warn the effected customers / rigs and initiate a mitigation or solution to the issue. All patches are tested on relevant equipment in a built-to-purpose lab.

Disaster Recovery
The Disaster recovery service is part of the HMH Cyber Security service portfolio Secure Operations (SecureOPS™). The service is designed to provide disaster recovery in accordance with the IEC 62443-2-4 standard.

To reduce the impact of critical cyber incidents, server crashes or loss of software/data, and return the control system back to operational state, it is imperative that a valid copy of the running software is easily accessible.

HMH provides a Disaster recovery service where the impact of a loss of data / software is minimized. Regular checks ensure that all backup systems are running, and that proper backup of virtual, physical and other operational equipment is maintained (e.g. PLCs, servers, clients, switches, firewalls, etc.).

HMH specialists conduct periodical tests and verifications of the disaster recovery system to ensure that a system can be restored with minimal downtime. Testing of system backup is performed on a regular basis. After each verification, a report will be issued, confirming the system status. The report will contain any deviation from normal operation, corrections made and suggestion for improvements.

Please contact us at if you have any questions.