An Empirical Study of CERT Capacity in the North Sea

This paper documents the results of an empirical study of cyber incident response readiness in the Norwegian petroleum industry. The study addressed the Computer Emergency Response Team (CERT) capacity among various actors in the industry in handling critical cybersecurity incidents in industrial control and safety systems, with a focus on Operational Technology (OT) systems. The paper presents results from interviews with personnel in petroleum companies as well as interviews with national and international CERT actors. The informants in the petroleum industry are relatively satisfied with their own CERT capacity today, but it is acknowledged that one can always improve. Oil and gas companies and drilling companies share information and experience in various (virtual) meeting places and forums organized by external actors, but there is little focus, especially among the smaller companies, on systematic sharing of information and experiences of cyber incidents. There is a strong need for coordinating and harmonizing cybersecurity in IT and OT systems, as there are significant differences in terminology, maturity of technical solutions and culture today. CERT actors pointed out a need for better communication and contact between CERT actors and key persons within the companies, something that could be accomplished with the establishment of a petroleum sector Information Sharing and Analysis Centre (ISAC).