This paper presents an overview of Pipeline Project Technical Documents, along with Control Room Management and Compliance Issues, Challenges and Processes in the Oil & Gas Industry. It will be based on the work that the authors have developed between 2010 and 2015.
With an overwhelming number of standards, norms, and best practices, operational and security requirements needs to be well implemented and documented. Any compliance issues have the potential to cause serious repercussions to an organization as an incident or an audit failure could result in significant financial loss.
This review is especially critical to the industry as it highlights the advantages of taking a broad approach to obtain and maintain compliance in today’s Oil & Gas regulatory environment. The focus will be on pipeline monitoring regulations - Department of Transportation (DOT) - Pipeline and Hazardous Materials Safety Administration (PHMSA) and American Petroleum Institute (API) recommended practices: API 1164 (Supervisory Control and Data Acquisition System - SCADA Security), API 1165 (SCADA Displays), API 1167 (SCADA Alarm Management) and API 1168 (Control Room Management).
Regarding Supervisory Control and Data Acquisition Systems (SCADA) security, this includes not only IT infrastructure such as computers and network related appliances, but also other equipment such as programmable logic controllers (PLCs) and Remote Terminal Units (RTUs) depending on the system architecture. The cyber-security threat has become a real issue related to critical infrastructure protection, and physical or human-risk issues. Understanding the systems vulnerabilities that could impact the availability of the control system and the facilities it controls is key.
On the Control Room Management side, current PHMSA regulatory framework, a human factors plan is required to ensure control systems match human capabilities and limitations. Pipeline operators are since required to inform controllers of their roles and responsibilities, and carefully assess the implications on each of the following SCADA areas: alarm management, documentation and procedures, HMI displays, shift handover, fatigue management, change management and training.
Therefore with the pipeline industry facing increasing regulatory scrutiny and ever-increasing cyber-threats, it’s more important than ever for companies to improve their plans, documentation, and processes. Companies around the globe are converging and prioritizing Security and Control, establishing long-term strategy to meet and sustain regulatory compliance to remain competitive, increase efficiency and productivity.
The authors, working jointly with the client and industry leaders, have developed compliance methods and procedures to deal with these challenges. After applying these methods and procedures, the observed results were translated into smoother transitions to a centralized SCADA control center, which not only meet regulatory safety guidelines and PHMSA regulation, but also added value and efficiency to the control center operations.
The trends of supervisory control and data acquisition security challenges in heterogeneous networks
