Offshore Oil & Gas SCADA Security: BSEE Requirements and IEC 62443 in Maritime Environments

NTL 2023-N06

BSEE Notice to Lessees â€” 12-hour cybersecurity incident reporting for offshore OCS facilities

Offshore oil and gas platforms operate SCADA and process control systems in an environment that differs substantially from onshore industrial sites. BSEE (Bureau of Safety and Environmental Enforcement) issued Notice to Lessees NTL 2023-N06 establishing cybersecurity requirements for OCS (Outer Continental Shelf) facilities, including 12-hour incident reporting. IEC 62443 provides the applicable standard framework, but the maritime environment â€” ATEX-rated explosion-proof equipment, satcom connectivity with 500â€“900ms latency, limited physical access for patching, and IMO Maritime Cyber Risk Management guidance under MSC-FAL.1/Circ.3 â€” requires significant adaptation of the standard zone-and-conduit model. The satcom connectivity security architecture is particularly complex: the link between an offshore platform and shore-based monitoring systems is both a critical operational necessity and the primary attack vector.

Full article content coming soon.

Compliance Engineering

The engineering behind this article is available as a service.

We have done this work — not advised on it, not reviewed documentation about it. If the problem in this article is your problem, the first call is with a senior engineer who has solved it.

Talk to an Engineer See Case Studies →

Offshore Oil & Gas SCADA Security: BSEE Requirements and IEC 62443 in Maritime Environments

EU AI Act: What CTOs Actually Need to Do Before August 2026

DORA Is Live. Here's What 'Operational Resilience' Means for Your Codebase

FedRAMP Rev 5: What Changed and Why Most Current ATO Holders Are Already Non-Compliant

The engineering behind this article is available as a service.