Conference Apphttps://app.bizvento.com/oilgasict15
URL on all badges#oilgasict
How did we all get here….
……and where is “here”
Chasing the barrels not the bucks
The law of supply and demand…
- Which direction of change reacts quickest?
Sustainable Business is key.
The Levers for Change…
• The Basics… more oil and/or lower cost
• How can IT help with these challenges
• Working with our supply chain
• Need to challenge the statics
• ‘Upgrade or Die!’
Opportunity or Threat?
Kotter’s model…
A driver for change… a common cause
Re-baseline to a sustainable industry.
Enabling Technologies
Collaboration
Consolidation…
Total Cost of Ownership is king…
- Bandwidth/Riverbed, Cloud vs infrastructure, MI, ERP..(sharpen the pencil and
get good business cases)
Management…
- Applications sprawl – homebrew vs ‘off the shelf’
- ‘Upgrade or Die’
- Business need/challenge
- Chasing the dollar not the barrel
- DO LESS BETTER
Answers ?
Global consolidation & collaboration
Change in business activity
Collaboration….
- Technology
- Supply Chain
- Peer companies
Give them the tools to manage the business
- Cost management, process reviews
Still spending a lot of money, its not going away, just need to rebaseline.
Conclusions…. The future?
Change can be our friend,
Do Less Better… ValueMax
Collaboration…
- offshore/suppliers/like minded companies
Get on the boat!
Information Classification: Restricted 16
Richard Higgs, CEO brightsolid
Investing £5 million into the $50 barrel
17Information Classification: Restricted
Plan for the next 20 minutes
Our Mission, Values and strategy Connecting Aberdeen to the North Sea and beyond What we’ve seen in other sectors Our cloud philosophy Data driven decision making and collaboration Moving to the utility cloud
18Information Classification: Restricted
brightsolid today
Mission: Technical Innovation with Personal Service (TIPS)
The oil and gas virtual and regional systems integrator –providing a platform for collaboration
Globally connected data centre and cloud specialists
A values driven organisation
20Information Classification: Restricted
What are we building?
Uptime Accredited Tier III, Fault Tolerant power & cooling
200 rack positions Day 1. Total capacity 400 racks, 25kW max power density.
Power Efficiency of 1.2. (80% less than national average)
22Information Classification: Restricted
Our VisionExtends
Work place recovery suite
Project working space for the energy community
Digital and innovation resources for all organisations across Aberdeen
Innovation, digital hub
23Information Classification: Restricted
What is on our minds right now?
“Usually, we disrupt markets……..Aberdeen has been disrupted enough.”
24Information Classification: Restricted
Transformations
We helped the Scottish Government in their journey to secure shared resources, the cloud and operationally excellent IT
“The solution is now hosted in a private cloud for less than half the price that IS were currently paying”
The Improvement Service solution is hosted by brightsolid
The reason for starting the journey
25Information Classification: Restricted
Journey to the cloud
“Spending on cloud computing infrastructure and platforms is expected to grow at a 30% compound annual rate from 2013 through 2018 compared with 5% growth for the overall enterprise IT market” Source Goldman Sachs
Operational excellence in infrastructure
26Information Classification: Restricted
Our Cloud PhilosophyHybrid is the answer
Making good use of geographic location of our Clouds.
Not all Clouds are created equal – intelligent architecture at every level.
brightsolid security is strong and simple.
We must provide fantastic value.
Opportunity is in the revolution of cloud, not the evolution.
We embrace commodity cloud wherever appropriate.
27Information Classification: Restricted
Launching in Aberdeen
Cisco Cloud Interconnect
Microsoft Storage Spaces
Millions of IOPs, significantly cheaper than traditional SAN
Linear, predictable scaling
Built in Storage Quality of Service
AA (Aberdeen Azure)
Currently in test
28Information Classification: Restricted
Development in the brightsolid CloudDevOps Toolset
… or your own preferred toolset
29Information Classification: Restricted
Disaster Recovery in the brightsolid Cloud
Multiple Scenarios Catered ForPhysical and Virtual Services ProtectedSelf-Service Management of Disaster Recovery Invocation
30Information Classification: Restricted
Collaborative platform cloudsA portfolio built on capacity for operational excellence & innovative drive
Platform and App. Clouds that are architected for operation, security and reliability
brightsolid
Cloud Recovery
31Information Classification: Restricted
Data driven collaborationLocal Council case study
The challenge:
Siloed departments & data sets Too much data but no valuable information Limited proactive intervention
Finding what’s valuable:
Joined up data, useful information pulled from multiple data sets Inter-agency collaboration that creates a proactive intervention
Copyright © The Open Group 2015 36
Achieving value from standardisation
Chris DavisUniversity of South Florida
Copyright © The Open Group 2015
Goals and overview
• A collaborative approach to improving IT efficiency
• Creating standardised, vendor-neutral IT
architecture
• Driving cost reduction and value optimisation
37
• The Open Group
• The IT4IT™ Forum
• Value propositions
Copyright © The Open Group 2015
The Open Group
• A global consortium that enables the achievement of business
objectives through the development of open, vendor-neutral IT
standards and certifications
• More than 480 member organisations: a diverse membership that spans
all sectors of the IT community — customers, systems and solutions
suppliers, tool vendors, integrators and consultants, as well as
academics and researchers
• Vision: Boundaryless Information Flow™ achieved through global
interoperability in a secure, reliable and timely manner
Copyright © The Open Group 2015
43,283 people in 131 countries
488 memberships
HQs in 40 countries
6 continents
PakistanPhilippines
PolandQatar
Saudi ArabiaSingapore
South AfricaSpain
SwedenSwitzerland
TaiwanTurkey
UKUnited Arab
EmiratesUSA
The Open Group membership
AustraliaBelgiumBrazilCanadaChinaColombiaCzech RepublicDenmarkFinlandFranceGermanyHong KongIndiaIrelandItaly
JapanKoreaLuxembourgMalaysia
MexicoNetherlandsNew ZealandNigeriaNorway
Copyright © The Open Group 2015
The Open Group
• Enables all organisations that use information technology to do things
better, faster and cheaper
• Enables all suppliers of information technology products and services to
gain business benefit
• Enable every individual to develop their skills and capabilities…
• Establish work groups and forums to develop standards, guides, best
practices and white papers
• Openly publish the output of those work groups and forums and
acknowledge the contributors
• Operate certification and accreditation programs to recognise the
individuals, products, services or processes that meet our members’
standards
Copyright © The Open Group 2015
What is the problem?
• Lack of cooperation across all IT
leads to sub-optimisation
• Insufficiently integrated IT
management toolsets, lack of
prescriptive guidance
• Inability to gain true insight in order to
make good decisions
• Immaturity makes it virtually
impossible to tackle disruptive
innovations like cloud, agility,
mobility, BYOD, …41
Copyright © The Open Group 2015
Who and where are we?
Original Consortium
• Shell
• Hewlett-Packard
• Achmea
• MunichRe
• Accenture
• PricewaterhouseCoopers
• University of South Florida
• AT&T
Forum Members now include
• IBM
• Microsoft
• ServiceNow
• Oracle
• Logicalis
• Capgemini
• ExxonMobil
• BP
• Origin Energy
42
Value Chain
RA 0.5 (level
1)
RA 1.0 (level
2)
RA 1.2 (level
3)
RA 1.3 (level
3)
… …
9/2011 1/2013 10/20148/2012 3/2014
Copyright © The Open Group 2015 43
Val Sribar, Group Vice President
Gartner Enterprise Software Research Group
Copyright © The Open Group 2015
What is IT4IT™?
• IT4IT™, an evolving Open Group standard, provides a
reference architecture for managing the Business of IT,
enabling insight for continuous improvement;
• IT4IT™ will enable IT execution across the entire Value
Chain in a better, faster, cheaper way with less risk;
• IT4IT™ is fundamentally vendor neutral, technology
agnostic and industry agnostic.
44
Copyright © The Open Group 2015
Value Chain, Reference Architecture
45
From Why to What
From What to How(uses TOGAF®, specified in ArchiMate™)
This is all about data!
Embracing existing process and agile frameworks.
Copyright © The Open Group 2015
IT Operating Model: Value Chains &
Reference Architecture
Deploy
• Release plan
• Deployment assets
• Change and
configuration process
• Knowledge
management
• App monitoring
Develop
• Technical policy
• Development (Agile,
iterative, waterfall…)
• Source & set up dev
environment
Requirements
• Business process
model
• User experience
• Functional &
technical
• Functional: desktop,
web, mobile
• Performance:
desktop, web, mobile
• Security: static,
dynamic
Test
Requirement to Deploy
KPIs:
• Cycle Time
• Requirements ‘Churn’
• Production Defects
Copyright © The Open Group 2015
IT4IT™ and ITIL®ITIL IT4IT
Positioning Framework describing functions/capabilities/disciplines.
Information model driven reference architecture, supportive of multiple process frameworks.
Origins “Best” or “good” practice origins intended for broad
audience of executives, managers, and individual contributors.
Originated out of needs identified by enterprise
architects and IT managers for clearer implementation and integration guidance
Methodology Primarily unstructured narrative. “Process” (similar
to what enterprise architects would term function) is the primary unit of analysis.
Structured consistently with TOGAF and
Archimate. Value stream, capability, data, system views.
Orientation Oriented to practitioner education rather than solution
Solution orientation
Value approach Oriented to deep discussion of individual silo
functions/processes. Beyond overall service
lifecycle, does not emphasize longer lived value flows.
Focused on the end to end flow of four high level
IT value streams (Strategy to Portfolio,
Requirement to Deploy, Request to Fulfill, Detect to Correct) across IT capabilities.
Internal consistency Ambiguous and overlapping terminology in places Mutually exclusive and comprehensive, rigorously
avoiding ambiguity and overlap in its architectural catalogs
Level of detail Not sufficiently detailed to be of utility to planners
and architects attempting to integrate IT management infrastructure.
Precise representation of data and integration patterns in complex IT management domain
Agile Implicit waterfall, top-down planning orientation. Explicit coverage of Agile and DevOps trends.
Maintenance process
Long term history of proprietary ownership. Multi-year revision cycle
Open development process
Copyright © The Open Group 2015
IT4IT™ Value Propositions
For ‘consuming IT organisations’ e.g. ExxonMobil,
Shell, Origin Energy
• Helps to plan and implement IT4IT solutions
For software vendors e.g. IBM, HP, Microsoft,
ServiceNow, Oracle
• Helps to determine current tools capability vs.
Reference Architecture
Copyright © The Open Group 2015
IT4IT™ Value Propositions
For software integrators e.g. Accenture, Capgemini,
Logicalis, Tata Consultancy Services
• Prescriptive guidance to help consuming
companies plan for implementation of IT4IT journey
For individuals (‘within’ each of the organisation
types)
• personal professional development opportunity.
Data Explosion
• The world's per-capita capacity to store information has roughly doubled every 40 months since the 1980s
• As of 2012, 2.5 exabytes(2.5×1018) of data are being created each day
• Problem is very big and growing fast
• Opportunity is very big and growing fast
Data is an Opportunity
• Drop in oil price
• Rise in costs
• Diminishing resource
• Ageing assets
. D D D Da Data
• huge volumes of data
• efficiency
• optimisation
• transformative
• oil and gas behind the curve
• Drop in oil price
• Rise in costs
• Data model of 21 temperature sensors in a gas turbine power plant
• Model from 15 mins of normal operations data (870 measurements per sensor)
• Used to compare actual values with those inferred from neighbours
• 0.4% severe missed alarms
• 6.5% mild false alarms
• Controllable precision
Data Model for Sensor Validation
C4
AX
AE
C2
C5
C3
C1
Extract from the sensor model
Prof. John McCall, RGUIbargüengoytia et al. 2008)
Condition Monitoring and Control
Remote inaccessible equipment
Diagnostics typically reactive
Costly intervention and repair
Risk of lost production
Control Systems Data Model
• V-Sentinel™ – pressure sensors data model
– no mathematical modelling
– no fixed alarm thresholds
– self-adapts to new installations
• Detects:
– accumulator gas loss, insulation resistance dropping, standby pump anomaly,hydraulic fluid leakage
• predicts valve failure
V-Sentinel™
• provides 24/7 condition monitoring
• allows early fault detection
• enables predictive maintenance
• Benefits for the industry– increased production
availability
– customisable fault-detection to fit specific needs
http://www.vipersubsea.com/products/v_sentinel/
Logistics and Supply Chain Optimisation
• Resource intensive– high opex– affects production
• Dynamic– demand and supply
changes
• Unpredictable– delays and events affect
plans
• Complexity– complex chain of decision
and implication– tendency to over-resource
Solving Logistics Problems
• Modern algorithms can solve hard logistical problems effectively
– genetic algorithms, ant colonies, …
• Need to be data driven
• Need to capture important constraints
• Computationally Intensive
77
Travelling Salesman Problem
• Age of the Earth:
~5 x 109 years
• Age of the Universe
~1018 years
• Exhaustive search
for 40 cites at 1
million routes per
second:
~3 x 1031 years
63
244
8 x 104740
3,628,80010
7206
1205
routescities
Faster machines will not
help here!
Large Scale Complexity
13,509 US cities Pop. > 500
Modern algorithms are routinely solving world tours in a few hours
Supply Vessel Scheduling
Internet
Server
Data Gathering
Hosted Service
/ SAP interface
Reporting, Analysis,
Control, Decision
Support
Operations
Modelling,
Simulation,
Optimisation
for Fleet
Planning &
Scheduling
AHTS
PSV
DSV
http://www.plansea.co.uk
Potential Benefits of Optimisation
• Increase utilisation, decrease resource requirement
• typical resources savings 10% -30% – supply vessel @£15K/day hire
– reduce 5 vessel fleet to 4 saves £4.5M per year on hire costs alone
• similar savings can be realisedthroughout the supply chain.
Conclusion
• Smart Data offers huge benefits• Much potential remains to be explored• Economics favours new approaches• Aberdeen has leading industry
expertise and a strong supporting environment– DataLab – data science– CENSIS – sensors technology– OGIC – oil and gas innovation– Robert Gordon and Aberdeen Universities
Using technology to minimise the environmental impact of drilling and exploration--Integrated environmental monitoring
Vidar Hepsø (PhD), Statoil RDI, Trondheim, Norway
A shift in environmental monitoring
From expeditions and
offline samples
To continuous environmental
monitoring based on real-time data
Licence to operate demonstrating prudent operations
Integrated Environmental Monitoring; the total concept
Knowledge Sharing &
Analytics
Learning
Analysis
Sense making
Intelligent
Infrastructure
Planning
Decision making
Workflow
Business
Operations
Information &
Collaboration
Virtual interaction
Coordination
Shared awareness
Access
Connect
Sense
Emergency response
Sensors
& sensor
platforms
MobileExisting sensors & sources Stationary
ocean
observatory
Information & work processesExternal
organisations
Central support functionsAsset control room
Domain experts
Emergency responseEmergency response
Sensors
& sensor
platforms
MobileExisting sensors & sources Stationary
ocean
observatory
Sensors
& sensor
platforms
MobileExisting sensors & sources Stationary
ocean
observatory
Information & work processesInformation & work processesExternal
organisations
External
organisations
Central support functionsCentral support functionsAsset control roomAsset control room
Domain expertsDomain experts
Background photo: Harald Pettersen
Environmental monitoring over the life-cycle of a field
Before development
& operations
During development
& operations
During production After
decommissioning
• Monitor and map
biological activity
• Analysis of data
and establishing
design basis
• Monitor and map
biological activity
• Analysis of
environmental
impact
• Leak detection by
acoustic & visual
monitoring for early
warning
• Monitor and map
biological activity
• Analysis of
environmental
impact
• Leak detection by
acoustic & visual
monitoring for early
warning
• Monitor and map
biological activity
• Analysis of
environmental
impact
The Norwegian Sea-the Morvin asset
• Area with cold water coral
structures
• On-line monitoring before, during
and after drilling
• Physical/chemical data
• Visual monitoring
• Real time monitoring proved no
harm to the corals
Drilling in areas with cold water corals
Planning phase
• Reduce environmental impact
• Obtain discharge permit
• Document & communicate
Operational phase
• Monitor & control exposure
• Take preventive actions
• Verify predicted risk & impact
Post drilling phase
• Document & evaluate operations
• Verify predicted risk & impact
Gather baseline data
• Environmental resources
• Species and conditions
• Critical levels / thresholds
• Met-ocean data
Perform analysis
• Simulate discharges
• Assess risk to environmental
resources
Create drilling plan, select drilling
& discharge locations
Visualize real-time environmental
and operational data
• Drill cuttings generated
• Key environmental parameters
Repeat simulation of discharges
Update risk evaluations
Decision support
Document risk evaluations and
any incidents
Document recommendations
and decisions made
Document and verify possible
environmental effects
Conclusion
• Move to Integrated environmental monitoring covering the life-
cycle of an oil and gas asset
− Common operating pictures
− Real-time and operational understanding of risk and
environmental parameters
• Developing a capability platform/stack with a plug and play
sensor network that will enable us to test out new potential
environmental sensors
• Development of a platform with modules that can be adjusted to
various situations during the life-cycle of an oil and gas field
Classification: Internal 2013-09-1291
Presentation title:
Using technology to minimise the
environmental impact of drilling and
exploration
-Integrated environmental monitoring
Presenters name: Vidar Hepsø
Presenters title: Project Manager
E-mail: [email protected]
Tel: +4748034803
www.statoil.com
9
2
What do we want to measure? -Examples
Sensor Parameter Data type Location specific
Echo sounders Biological activity:
Fish
sea mammals
gas bubbles
Particles
Echogram, needs expert
interpretation
Large range
Camera with light Visual observation Video and/or still pictures Large range
Doppler recorder and
Current Profiler
Current speed and direction
Temperature
Conductivity
Pressure
Oxygen
Turbidity
Fluorescence
Time series, vector data
Point data
Point source
Sediment trap Samples to be analysed in the
laboratory
Point source
Hydrophone Biological activity Echogram, large data files that
needs expert interpretation
Large range
Hydrocarbon sniffers Presence of hydrocarbons Point data Point source
96
Expro employs over 5,400 people in over 50 countries, offering a truly global service solution.
With our head office in the UK, we have regional headquarters in Aberdeen, Accra (Ghana), Dubai, Houston, Kuala
Lumpur and Rio.
©Copyright Expro 2015
AmericasLocations: Texas, Los Angeles, Colarado, Oklahoma, North Dakota, Connecticut, Canada, Brazil, Argentina, Bolivia, Columbia, Mexico
More than 1,250 employees
Europe & CISLocations include: UK, Kazakhstan, Norway, Russia, Holland
More than 1,800 employees
Sub Saharan AfricaLocations include: Ghana, Nigeria, Angola, Congo, Gabon, South Africa, Equatorial Guinea, Cameroon, Ivory Coast
More than 1,000 employees
Asia, Middle East and North AfricaLocations include: Algeria, Egypt, Iraq, Saudi Arabia, UAE, Australia, India, Indonesia, Malaysia, Thailand, Vietnam, China
More than 1,400employees
100+ service locations
5,400+ employees
Extensive global presence
Introduction
/Martin Ogden – CIO
Joined Expro 2000
IT Team of 40
Global Remit
Support function working with:
Group HR,
Learning & Development,
Corporate Communications,
Global Supply Chain,
Business Process Improvement
Benefits of the cloud
SalesForce
Flexibility
Disaster recovery
Automatic software updates
Cap-Ex Free
Increased collaboration
Work from anywhere
Document control
Security
Competitiveness
Environmentally friendly
NTT
Achieve economies of scale
Reduce spending on
technology infrastructure
Globalize your workforce on
the cheap
Streamline processes
Reduce capital costs
Improve accessibility
Monitor projects more
effectively
Less personnel training is
needed
Minimize licensing new
software
Improve flexibility
Imperial College London
No wasted capacity
No in house maintenance
Fast deployment of new
services
No in-house maintenance of
infrastructure to support
application
Access to data anywhere
Synchronisation of data
across devices
Easy to share data
Data is backed up
Queensland Government
Reduced IT costs
Scalability
Business continuity
Collaboration efficiency
Flexibility of work practices
Access to automatic updates
Benefits of the cloud
SalesForce
Flexibility
Disaster recovery
Automatic software updates
Cap-Ex Free
Increased collaboration
Work from anywhere
Document control
Security
Competitiveness
Environmentally friendly
NTT
Achieve economies of scale
Reduce spending on
technology infrastructure
Globalize your workforce on
the cheap
Streamline processes
Reduce capital costs
Improve accessibility
Monitor projects more
effectively
Less personnel training is
needed
Minimize licensing new
software
Improve flexibility
Imperial College London
No wasted capacity
No in house maintenance
Fast deployment of new
services
No in-house maintenance of
infrastructure to support
application
Access to data anywhere
Synchronisation of data
across devices
Easy to share data
Data is backed up
Queensland Government
Reduced IT costs
Scalability
Business continuity
Collaboration efficiency
Flexibility of work practices
Access to automatic updates
FlexibilityFlexibility – Disaster recoveryFlexibility – Disaster recovery – Management Flexibility – Disaster recovery – Management – Cost
Is the cloud a myth?
Conversation at a conference:
“I’ve been told it will take 6 months to migrate our data from system x to system
y, is that true?”
“That sounds reasonable, depending on how much data you have and how well
the two systems match”
“Why does it take so long, after all it’s all in the cloud”
Is the cloud a myth?
Reality is:
The cloud is a managed service
There are a myriad of providers
• Most do not interface/collaborate
• You will need other services:
– Single sign on/identity management
– Interfaces between on premise and cloud
– Interfaces between clouds
Its not a new concept – they used to be called Application Service
Providers (ASP)
The pitfalls of the Cloud
Service will only be as good as the service provider Over six in ten (63%) respondents are not 100% clear on what constitutes a failure or violation of their cloud service
provider’s SLA
Almost a quarter (22%) of respondents say that their cloud service provider didn’t deliver what they thought their
organisation had signed up to
Over one in ten (14%) had their job roles threatened because of SLA failure/violation
More than three quarters (77%) expect the pay-out received after an SLA violation to offset damage done to their company.
However, of those who have received a penalty payment from a cloud service provider after an SLA violation almost half of
these (46%) felt the pay-out was not comparable with the level of violation
(source Vanson Bourne Business Panel)
The pitfalls of the Cloud
You are no longer in control of the data
The data is sitting on the providers infrastructure
It is unlikely you will have full system access
You are no longer in control of the functionality
Upgrades can become onerous
Cloud sprawl
Application lock in – inflexibility
Cost
Conclusions
Cloud is not a silver bullet
It has its place
It is a useful deployment method
But it will bring problems and issues
My strategy
Cloud first unless:
• You lose functionality
• It is overly complex
• It costs more
European Union Agency for Network and Information Security www.enisa.europa.eu
Safeguarding the European energy market
Dr. Cédric LÉVY-BENCHETON
Network and Information Security Expert
European Union Agency for Network and Information Security
Oil & Gas ICT Leader, Aberdeen, 19 March 2015
European Union Agency for Network and Information Security www.enisa.europa.eu 116
Summary
• Presentation of ENISA
• Focus on protecting ICS / SCADA
– ICS/SCADA certification (2013)
– Window of exposure (2013)
– Certification of skills in ICS/SCADA (2015)
• Conclusion
European Union Agency for Network and Information Security www.enisa.europa.eu 117
EU Cyber Security Strategy
• The Five strategic objectives of the strategy:
– Achieving cyber resilience
– Drastically reducing cybercrime
– Developing cyberdefence policy and capabilities related to the Common Security and Defence Policy (CSDP)
– Developing the industrial and technological resources for cybersecurity
– Establishing a coherent international cyberspace policy for the European Union and promote core EU values
ENISA explicitly called upon
European Union Agency for Network and Information Security www.enisa.europa.eu 118
Presentation of ENISA
• The European Union Agency for Network and Information Security was formed in 2004. The original mandate was renewed and extended in 2013
• The Agency is a Centre of Expertise that supports the Commission and the EU Member States in the area of information security
• We facilitate the exchange of information between communities, with particular emphasis on the EU institutions, the public sector and the private sector
European Union Agency for Network and Information Security www.enisa.europa.eu 119
Hands on
Policy ImplementationRecommendations
Mobilising Communities
ENISA Activities
European Union Agency for Network and Information Security www.enisa.europa.eu 120
ENISA’s contributions to EU Initiatives and WG on SG and ICS/SCADA Security
• EuroSCSIE
• EU-US WG on smart grids security
– EU-US Working Group on Cyber Security and Cyber Crime (losing momentum)
• ERNCIP
– European Reference Network for Critical Infrastructure Protection
• TNCEIP
– Thematic Network on Critical Energy Infrastructure Protection
• DENSEK
– European Energy - ISAC
• NIS platform
• ENISA SISEC
– Smart Infrastructures Security Experts Community
• ENISA ICS Security Stakeholder Group
120
European Union Agency for Network and Information Security www.enisa.europa.eu 121
ICS/SCADA Security
• Key underlying infrastructure in all CIIs
• “Modernised” to be used via Internet
• Not business as usual for cyber security matters
• ENISA’s work– Certification of ICS/SCADA experts’ cyber security skills (2014)– Ex-post analysis of security incidents in ICS/SCADA environments
(2013)– ICS/SCADA Patching (2013)– ICS/SCADA Testing (2013)– ICS/SCADA Recommendations (2011)
European Union Agency for Network and Information Security www.enisa.europa.eu 122
Summary
• Presentation of ENISA
• Focus on protecting ICS/SCADA
– ICS/SCADA certification (2013)
– Window of exposure (2013)
– Certification of skills in ICS/SCADA (2015)
• Conclusion
European Union Agency for Network and Information Security www.enisa.europa.eu 123
ICS/SCADA certification (2013)
• ICS security certification requirements could be prioritized based on the “Damage Extent” of consequences
European Union Agency for Network and Information Security www.enisa.europa.eu 124
Window of exposure (2013)
• Patching may not be possible for various reasons
• Patch management to enhance the security of ICS/SCADA
European Union Agency for Network and Information Security www.enisa.europa.eu 125
Certification of skills in ICS/SCADA (2015)
• Ensure security skills of all personals
– From operational to top management
– Importance in case of a crisis
• The report evaluates the needs of the sector
– List existing certification schemes
– Recommendations for a harmonised certification scheme
Certification is part of a global approach to enhanced cyber security
European Union Agency for Network and Information Security www.enisa.europa.eu 126
Summary
• Presentation of ENISA
• Focus on protecting ICS/SCADA
– ICS/SCADA certification (2013)
– Window of exposure (2013)
– Certification of skills in ICS/SCADA (2015)
• Conclusion
European Union Agency for Network and Information Security www.enisa.europa.eu 127
Conclusion
• ENISA’s work to enhance cyber security in ICS/SCADA
– A practical approach
– Targeted at different stakeholders
• Promote a multi-level approach
– Secure network architecture
– Patch management
– Certification of skills for every personal
Cyber Security for ICS/SCADA is a main concern for every actor
www.enisa.europa.euEuropean Union Agency for Network and Information Security
Follow ENISA:
Thank you
Dr. Cédric LÉ[email protected]
Phone: +30 2814 409 630Mobile: +30 6948 460 133
Making Information Security Relevant and Real
Matt Grist – Group Information Security and Compliance Manager
Swire Oilfield Services
Swire Oilfield Services
The Americas:
USA & Brazil
Over 200 employees
Europe & Africa:
Head Office, UK, Norway,
West, Southern & East Africa
Over 600 employees
Asia Pacific:
SE Asia, Australia, India,
Sakhalin, Middle East
Over 50 employees
Global CCU Fleet Size:
Over 60,000
OverVu® - full service, track and trace solution
Assumptions
•The majority of the audience are not dedicated solely to information security
•Focus on costs
• IT is often seen as being responsible for security
• Information Security and IT Security are not (quite) the same thing
It comes down to risk (and reward?)•Make Information Security a business risk
•Do that by making it something that is relevant at the ‘C’ level
•Threat is real and it will happen. Is it ‘advanced’?
Cost of Breaches 2014
£600k -£1.15m is the average cost to a large organisation of its worst security breach of the year (up from £450 - £850k a year ago)*
£65k -£115k is the average cost to a small business of its worst security breach of the year (up from £35 -£65k a year ago)*
* Source - Department for Business, Innovation and Skills Information Security Breaches Survey 2014
Threat
• 1 Billion records breached in 2014
• “Chinese have penetrated every major corporation of consequence in the US and taken information”
• Saudi Aramco
• Attacks in Norway
• POC at Black Hat 2013 – Programmable Logic Controller
• What we don’t know
JP Morgan Chase
• May have been a set of stolen or compromised credentials
• Failure to use two factor authentication
• Used as step off to attack approximately 90 other servers
• 76 million household customers and 7 million businesses
It comes down to risk…. (and reward?)•Make Information Security a business risk
•Do that by making it something that is relevant at the ‘C’ level
•Threat is real and it will happen. Is it ‘advanced’?
•Not just about Confidentiality. Safety, availability, reputation etc.
Air Traffic Control Systems -Swanwick• Controls 200,000 square miles of airspace
• 5000 flights every 24hrs
• Ageing systems – and approximately 50 different systems
• Single line of code
• Challenge to upgrade
It comes down to risk…. (and reward?)• Make Information Security a business risk
• Do that by making it something that is relevant at the ‘C’ level
• Threat is real and it will happen. Is it ‘advanced’?
• Not just about Confidentiality. Safety, availability, reputation etc.
• Consider as part of the wider Risk Management process
• Risk owner – not IT
• Risk assessment informs investment
• Red lines (are there any?)
• Rewards – collaboration, efficiency. Enabled by security.
Not (just) about IT
• Information Management
• Risk
• Vendors - ‘compliance in a box’
• Policy
• Culture, convenience, employee expectation
• Cross function collaboration
• Business focussed and driven – support efficiency and collaboration
• Governance
Addressing the problem
• Management ownership
• Understand your environment and information
• The ‘basics’ will address much of the technical risk
• Focus on areas of risk or exception - legacy
• Monitor and report
• User education – make it not just about work
• Policy and Governance
• It will happen – have a plan (not just an IT plan)
Resources
• E&P Information Security Forum
• CISP and UK CERT
• Cyber Essentials
• ISO 27002
• Vendors
Making Information Security Relevant and Real
Matt Grist – Group Information Security and Compliance Manager
Swire Oilfield Services
Improving Collaborationand Performance with
Unified Communications
19 March 2015
Anders From and John Mullin
151Page 20-Mar-15
Islands of communication technology
IM & Presence
Telephony
Video Conferencing
Audio Conferencing
Mobile Telephony
154Page 20-Mar-15
Lync conferencing launch
• Deployment of Lync 2010 Conferencing Server
• Sonus SBC and contract with SIP Trunk Provider for dial in conferencing numbers
• Procurement and delivery of headsets to all land-based users globally - >6,500
155Page 20-Mar-15
Lync collaboration
• Collaboration with screen sharing and peer to peer audio
• Federation with clients and suppliers
• Federation now active with 35 external business partners allowing effectively free communication with them
So What Is Digital Offshore?
Is it seeking to
increase the
connectivity,
the
connections
and the
connectors ...?
For Oil &Gas,
OW, Sub Sea
Mining?
So What Is Digital Offshore?
Is it seeking to
encourage and
develop more
intelligent ,
safer and
smarter
devices in the
offshore
environment....
under ever
worsening
conditions?
So What Is Digital Offshore?
Is it seeking to
prove the value
that can come
from the data to
reduce costs,
improve
efficiencies and
increase
safety...for all
offshore
industries?
Digital Offshore
TopicsThursday 19th March
1. What do we mean by Digital Offshore?
2. The Digital Offshore opportunity
3. The Challenges
4. Finding Value
5. Consultative Study
6. FAMA
Objectives
1. Share with you our thinking about the Digital Offshore opportunity
2. Encourage you to volunteer your companies, data, resources to exploring these opportunities
3. Update you on our plans to consult with you about this opportunity and to seek your active involvement
What do we mean by Digital Offshore?
Working Definition
• Digital Offshore is the convergence
of the technologies, data sciences
and offshore industries and plays to
the strengths that Scotland has in
Sensors / Sub Sea electronics, Big
Data / Data Sciences / Data
analytics/ data visualisation and the
Offshore Industries of E&P,
Subsea, CCS, Decom, OW. ( And
future markets)
• Digital Offshore is an economic
development opportunity for
company growth, new venture
creation, innovation &
internationalisation.
What do we mean by Digital Offshore?
Working Definition
• Digital Offshore is the convergence
of the technologies, data sciences
and offshore industries and plays to
the strengths that Scotland has in
Sensors / Sub Sea electronics, Big
Data / Data Sciences / Data
analytics/ data visualisation and the
Offshore Industries of E&P,
Subsea, CCS, Decom, OW. ( And
future markets)
• Digital Offshore is an economic
development opportunity for
company growth, new venture
creation, innovation &
internationalisation.
Offshore Industries:Challenges, Realities & Visions
Technology:Machines/Plant Processing, Controlsystems
Data:Capture, Collecting, Transmission, Storage, Analysis
What do we mean by Digital Offshore?
Working Definition
• Digital Offshore is the convergence
of the technologies, data sciences
and offshore industries and plays to
the strengths that Scotland has in
Sensors / Sub Sea electronics, Big
Data / Data Sciences / Data
analytics/ data visualisation and the
Offshore Industries of E&P,
Subsea, CCS, Decom, OW. ( And
future markets)
• Digital Offshore is an economic
development opportunity for
company growth, new venture
creation, innovation &
internationalisation.
Offshore Industries:Challenges, Realities & Visions
Technology:Machines/Plant Processing, Controlsystems
Data:Capture, Collecting, Transmission, Storage, Analysis
Sorry it was a trick
question..its all of
them and more
Steve H & Scottish Enterprise
• An Engineer – 15 years in a Multinational – Oil & Gas Services
• A Business Professional - Strategy, M&A, Operations, HR, Business Development, Innovation.
• A coach, mentor & advisor
• A facilitator – helping to make things happen
Overview
1. SE Supports individual companies to grow ...grants/expertise/networks
2. SE develops, invests & manages projects to help sectors to grow
– Creating conditions to encourage growth
– Removing barriers / obstacles that prevent growth
– Identifying opportunities and investing in resources to realise them.
“We identify and exploit opportunities for Scotland's economic growth by supporting Scottish companies to compete, helping to build globally competitive sectors, attracting new investment and creating a world-class business environment.”
Digital Offshore
TopicsThursday 19th March
1. What do we mean by Digital Offshore?
2. The Digital Offshore opportunity
3. The Challenges
4. Finding Value
5. Consultative Study
6. FAMA
Opportunity
1. Can Digital Technologies increase uptime and improve efficiency?
2. Can Digital Technologies improve prediction and reservoir modelling accuracies?
3. Can Digital Technologies better inform capital investment decisions?
4. Can Digital Technologies reduce lift cost?
However “they” have been saying that for decades...
Data2Text
Founded 2009,
3 scientist’s + 1
entrepreneur
Merged to form
Arria NLG in
2013
Floated on AIM
in 2014 for
£100M
Current trading
at £35M and 50
data scientists
Digital Offshore
The Value of Data
• As an ICT leader do you ever struggle to make the business case for improved & new technology?
• Is ICT seen as a value investment or a cost commodity?
• What if you could show that your systems, network and data can have a significant positive impact on performance?
Opportunity
1. Can Digital Technologies increase uptime and improve efficiency?
2. Can Digital Technologies improve prediction and reservoir modelling accuracies?
3. Can Digital Technologies better inform capital investment decisions?
4. Can Digital Technologies reduce lift cost?
However “they” have been saying that for decades...
Digital Offshore
TopicsThursday 19th March
1. What do we mean by Digital Offshore?
2. The Digital Offshore opportunity
3. The Challenges
4. Finding Value
5. Consultative Study
6. FAMA
(BIG) Vision’s
1. A vibrant and growing industry
cluster in Scotland & Aberdeen NOT
dependant upon proximity of
hydrocarbons and resilient to $oil
price.
2. A super cluster of high growth
companies to rival Silicon Valley as
the home for the Internet of (Energy )
Industry
3. Aberdeen regains and sustains its
reputation as the goto location of
choice for industry professionals and
companies. “Innovation City”
Digital Offshore
TopicsThursday 19th March
1. What do we mean by Digital Offshore?
2. The Digital Offshore opportunity
3. The Challenges
4. Finding Value
5. Consultative Study
6. FAMA
Challenges
1. Overcoming resistance and inertia
to change....
2. Gaining access to existing data
streams so that data scientists can
explore with domain experts to
interpret.
3. The reality of
operations...equipment not
configured correctly at first
installation and never corrected since
(22 regular inspections! GIGO)
4. Talking the same language and
having the same priorities
5. Misalignment and reward...
TopicsThursday 19th March
1. What do we mean by Digital Offshore?
2. The Digital Offshore opportunity
3. The Challenges
4. Finding Value
5. Consultative Study
6. FAMA
Overview
Digital Offshore
Joined Up Approach
1. A lot of activity is planned and
happening (calls & conferences)
2. Agreement to co-ordinate and
collaborate between different
organisations.
3. Working together on a 6 month
study consultation to baseline and
understand the opportunity.
4. Seeking ways to gain attention &
traction due to the current low oil
price
5. Developing a program of activity to
stimulate, encourage & support
Digital Offshore high growth
company start up’s.
Digital Offshore
TopicsThursday 19th March
1. What do we mean by Digital Offshore?
2. The Digital Offshore opportunity
3. The Challenges
4. Finding Value
5. Consultative Study
6. FAMA
Pathfinders Wanted
1. Do you have a datastream or data
set that you think might have hidden
value within it?
2. Do you have a problem where you
need a business case to validate
investment in technology?
3. Do you have a digital technology or
usage case that you would like us to
test and evaluate?
We are looking for bold pathfinders .
We have resources , we want your
problems so we can prove value.
Contact: [email protected]
to arrange a discussion.
Digital Offshore
TopicsThursday 19th March
1. What do we mean by Digital Offshore?
2. The Digital Offshore opportunity
3. The Challenges
4. Finding Value
5. Consultative Study
6. FAMA
Digital Entrepreneurs Wanted
1. Do you have an idea for a Digital
Offshore venture but unsure where
to start?
2. Would you like to be a Digital
Offshore millionaire, but don’t have
a killer idea?
3. Do you have an idea for a Digital
Offshore technology but not the
ability to develop it?
We are looking for bold entrepreneurs.
We have resources , we want to help
you build a venture of scale & value.
Contact: [email protected] to
arrange a discussion.
Digital Offshore
TopicsThursday 19th March
1. What do we mean by Digital Offshore?
2. The Digital Offshore opportunity
3. The Challenges
4. Finding Value
5. Consultative Study
6. FAMA
Investigation & Study
1. Establish the current realities about
the Digital Offshore sector in
Scotland
2. Investigate what is happening
elsewhere
3. Discuss and examine the critical
constraints, challenges and
handbrakes on growth
4. Develop suggestions for investment
to ensure Aberdeen continues to
lead
We need your voice in this. If you
want to take part or even help steer
then please :
Contact: [email protected]
to arrange a discussion
Digital Offshore
TopicsThursday 19th March
1. What do we mean by Digital Offshore?
2. The Digital Offshore opportunity
3. The Challenges
4. Finding Value
5. Consultative Study
6. FAMA
Freedom to Ask Me Anything!
(But I might not answer)
Objectives
1. Share with you our thinking about the Digital Offshore opportunity
2. Encourage you to volunteer your companies, data, resources to exploring these opportunities
3. Update you on our plans to consult with you about this opportunity and to seek your active involvement
Collaborative Innovation
• Facilitating collaboration between academia and industry
• Delivering innovative solutions to the UKCS
• Ongoing IT Projects
OGIC – delivering demand-led innovation
• An oil & gas industry focussed broker and research funding organisation
• Aligned to industry agenda and ‘demand’ led
• Linking industry needs to university capabilities and ‘know-how’
• Funding £10.6m secured February 2014• Formal launch November 2014
• Targeting c. 100 projects over next 5 years• Funding of circa £1 million per year across 20 projects
OGIC Team
• Based at the Innovation Park in Aberdeen
• Broad oil & gas industry technical experience
• In house project management capability
Areas of demand – and of focusDefined by the oil & gas industry
Asset Integrity and Life Extension
Improving Exploration Outcomes
Subsea
Decommissioning
EnhancedOil Recovery
Production Optimisation
WellConstruction
Shale Gas Exploitation
OGIC – part of the oil & gas landscape
PILOT / ILGTechnologyLeadership
Board
IndustryCouncil
ResearchCouncilUK / SFC
Innovate UKSE / HIE
Sevenother
InnovationCentres
0
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
TRL 1 TRL 2 TRL 3 TRL 4 TRL 5 TRL 6 TRL 7 TRL 8 TRL 9
Basic Research Most Government Innovation Support
CommercialExploitation
Commercial Research Funding
UK Research Council Funding (NERC, ESPRC etc)
SFC Research Excellence Grants
SFC Research Postgraduate Grants
Pu
blic
Fu
nd
ing
Innovate UK funding
Innovation Centre funding
EU Project funding
Scottish GovernmentScottish Enterprise / HIE funding
Where Government funding is available
Technology Readiness levels – a useful language
Delivering innovative solutions
• Criteria• Oil & Gas• Innovative• Require academic input• Economic benefit for Scotland• OGIC funding typically £10-150k per project equating to 50% of project costs• Company contribution 50%
• Intellectual property• Held by company not university (or OGIC)• Non-competing license, deferred publication and use for teaching
Industry-led governance
Board
Chair
Paul de Leeuw
CEO
Ian Phillips
Enquest
Neil McCulloch
Proserv
David Lamont
Heriot Watt
Garry Pender
ETP
Barrie Shepherd
Oil & Gas UK Oonagh
Werngren
SFC - observer
Keith McDonald
SE / HIE -observer
David Rennie
Industry Advisory Panel
Project Review Panels
SubseaSeismic & Reservoir
Characterisation
Asset Integrity and Life
ExtensionDecom
Enhanced
Oil Recovery
Production
optimisation
Shale Gas Exploitation
Well
Construction
Delivering Innovative Solutions:Typical project application process
Initial company
approach to OGIC
Company agreed project
summary
University expressions of
interest
Project design evolves –
scope of work, schedule
Project Review Panel
approval
Contractual negotiation
Project delivery
Signpost to others Exit if criteria not met
Pre-project workshopsCompany approach OGIC with defined issue to be tackled
Initial problem definition, with NDA as appropriate
University expressions of interest – multiple participants
Collaborative workshop to generate potential solutions
R & D programme scoped
Projects executed
Project approval
Projects development
Initial University contacts
OGIC project hopper
~100 approaches
~18 in discussion
2 projects signed
Updated to 10 March 2015
Ongoing IT Projects
• Of the 20 projects in our hopper, 3 are IT based
• Topics include:• Artificial intelligence application for logistics
• Rapid data to knowledge conversion
• Advanced imaging
Top Related