System archetypes and dynamic stories on information security risks in the transition to integrated operations in the oil and gas industry

Abstract

From a situation where the drilling and production platforms were solely run on site (offshore), the industry is now working on establishing land based control systems to decrease production costs, and consequently increase income. The ongoing project Integrated Operations (IO) (http://www.olf.no/io/) expects to yield up to 30% cost reduction and a 10% increase in production. One of the key factors to achieve these goals is reliable and secure information technology between offshore and onshore installations. Information security incidents can cause serious damage on personnel, production and installations. To address this, a project named AMBASEC (A Model Based Approach to Security Culture) has been launched from Agder University College (AUC) in collaboration with SINTEF, www.sintef.no, The Norwegian Oil Industry Foundation (www.olf.no/english/about/ ) and the State University of New York University at Albany. A System Dynamic simulation model has been created by the AMBASEC design team to address information security risks emerging from the IO project. System Dynamics (SD) thinking and modeling may be excellent tools for this, the complexity of the models often makes the communication of the results and policies difficult to understand for persons untrained in SD, in this case managers and strategic decision makers. E. Wolstenholme (2002) has with his award winning paper “Towards the definition and use of a core set of archetypal structures in system dynamics”(Wolstenholme 2002) proposed a core set of four System Dynamic Archetypes, which can be thought of as collapsed system dynamic models. The System Dynamic Archetypes, with their simpler structure, may be more suited to communicate results and effects of various policies. In this thesis I will try to identify System Archetypes hidden in the model (IO version 1.95) developed by the design team, create System Dynamic Stories to accompany and explain the System Archetypes, and in the end suggest policies to counteract the unintended consequences. After testing the model provided the conclusion is to put focus on maturing processes, knowledge and technology by using extra resources on maturing.