Identification of security scenarios in offshore Oil&Gas production facilities based on past incident analysis

Offshore Oil&Gas installations may be attractive targets of intentional attacks due to their presence in socio-political sensitive areas, their economic significance, and the high impact of scenarios that can be triggered by the mismanagement of the hazardous substances handled (e.g., crude oil, natural gas, etc.). In the present study, a new dataset including 112 past security-related incidents that affected the offshore Oil&Gas sector in the last decades was developed and analyzed using Exploratory Data Analysis (EDA), Root Cause Analysis (RCA), and Attack Tree Analysis (ATA). Significant differences were found in the types of threats and attack modes, with terrorism identified as the primary threat, followed by robbery and kidnapping. The identified scenarios caused fatalities, injuries, and asset damages at the targeted facilities, underscoring their potential to cause severe impacts, comparable to the outcomes of safety-related accidents. Tables linking the specific contribution of the identified attack modes, scenarios, and consequences to the SVA workflow proposed by the API Recommended Practices 70 and 70I were obtained. Overall, the results obtained support the application of suitable Security Vulnerability/Risk Assessment (SVA/SRA) methodologies concerning the identification and characterization of adversaries, the definition of attack modes, the evaluation of effectiveness of existing security barriers, and the assessment of consequences.