Guideline for use of IEC 62443 in the oil and gas industry

This joint industry project (JIP) will produce a cyber security guideline to simplify and clarify the use of IEC 62443 for the FEED, projects and operations. The IEC 62443 standard defines what to do - the guideline will define how to do it.

Contact us:

Pål Børre Kristoffersen Pål Børre Kristoffersen
Principal Consultant
Petter Myrvang Petter Myrvang
Head of Section Information Risk Management

The result of this JIP - DNVGL-RP-G108 Cyber security in the oil and gas industry based on IEC 62443 - can now be downloaded here.


Cyber security is a growing issue in the oil and gas sector since critical network segments in production sites, which used to be kept isolated, are now connected to networks. The trend is towards remote operations, remote maintenance and tighter inter-operability with centralized process data and plant information. Old and outdated installations are at particular risk and require risk mitigation actions.  


Develop a Recommended Practice (RP) for protecting oil and gas installations against cyber security threats. The IEC 62443 standard will be used, but will be tailored to the oil and gas industry.


  • Reduced risk of cyber-security incidents
  • Cost-savings for operators by reducing the resources needed to define requirements and follow up
  • Cost-savings for contractors and vendors based on identical requirements from operators
  • Simplified audits for authorities and auditors due to common requirements and common conformance claims.


The JIP will have a duration of twelve months.

JIP participants

Currently we are collaborating with Shell, Statoil, Lundin, Siemens, Honeywell, ABB, Emerson and Kongsberg Maritime to develop best practice in addressing this threat. In addition, the Norwegian Petroleum Safety Authority will take part as an observer. 

Data chip