Offshore Oil and Gas Platform Security | CloseProtectionHire

An offshore oil and gas platform is among the most operationally demanding security environments in the civilian sector. Geographic isolation from law enforcement and emergency services, critical national infrastructure status, a confined environment with limited evacuation options, a rotating workforce with significant contractor component, and exposure to maritime threats specific to the producing region all create a security framework that differs materially from onshore corporate security.

The principals and executives visiting offshore installations – operator management, contractor leadership, investor representatives, regulatory inspectors – require security planning tailored to this environment. The operational context shapes every decision, from crew vetting standards to MEDEVAC pre-planning to piracy threat assessment.

The Regulatory and Operational Framework

In the UK, offshore oil and gas installations are regulated under a distinct framework from the ISPS Code that governs merchant shipping. The Offshore Installations (Safety Case) Regulations 2005 require operators to maintain a Safety Case demonstrating that major accident risks have been reduced to as low as reasonably practicable (ALARP). The Energy Act 2008 and its implementing regulations establish OPRED (Offshore Petroleum Regulator for Environment and Decommissioning) as the regulator for offshore safety and security.

The Offshore Installation Manager (OIM) is the designated legal authority aboard the installation. The OIM carries responsibility for safety, security and emergency response – an authority analogous to the master of a ship. All security arrangements aboard an offshore installation operate within the OIM’s authority structure.

The 500-metre safety zone around UK offshore installations is established under the Petroleum Act 1998 and enforced by the Royal Navy and Maritime and Coastguard Agency. Entry by unauthorised vessels is a criminal offence.

For FPSOs (Floating Production Storage and Offloading vessels) and mobile offshore drilling units (MODUs), the applicable framework depends on whether the vessel is in transit (merchant shipping/ISPS framework may apply) or on station (offshore installation framework applies). This distinction has practical implications for the security planning approach.

Gulf of Guinea: The Primary Maritime Threat Context

The Gulf of Guinea stretching from the Ivory Coast to Cameroon and Equatorial Guinea, with the Nigerian offshore sector at its centre, has been the most significant piracy threat environment outside the Indian Ocean/Gulf of Aden corridor over the past decade. MEND (Movement for the Emancipation of the Niger Delta) and associated Niger Delta militant groups, whose grievances are rooted in environmental damage and revenue distribution disputes, have conducted attacks on offshore installations, FPSO boarding operations and crew abductions.

IMB Annual Report 2024 records a significant reduction in Gulf of Guinea incidents since 2021. The Nigerian Navy’s VAAST programme, enhanced NIMASA maritime security coordination, and the deployment of armed escorts for vessels in higher-risk areas collectively contributed to the reduction. From a peak of 130 incidents in 2020, the count has fallen materially.

The risk has not been eliminated. Crew abduction incidents – where piracy gangs board vessels to seize crew members for ransom – continue in the offshore incident record. UKMTO, NIMASA, and IMB all maintain current incident tracking for the region. Pre-deployment threat assessment should draw on all three sources, not assume that the headline reduction means the threat is resolved.

For offshore operators, the specific risk assessment varies significantly by block location. Deep offshore positions (beyond 200 nautical miles) carry a different risk profile from nearshore operations in the Niger Delta estuary or the Bonny Light corridor. Community liaison – engagement with host communities in producing areas – remains the primary strategic mitigation for MEND-affiliated attacks. Operators who have invested in community development and maintained genuine dialogue have consistently experienced fewer incidents than those operating purely on enforcement.

North Sea: Infrastructure Targeting and Drone Threat

The North Sea presents a categorically different threat picture from the Gulf of Guinea. Physical piracy is not the concern. The threats are: critical infrastructure targeting by state or state-proxied actors, drone overflight and potential sabotage, and the occasional activist direct action.

The October 2022 sabotage of the Nord Stream 1 and 2 gas pipelines in the Baltic Sea – attributed by multiple intelligence assessments to deliberate state or state-proxied action – confirmed that European offshore energy infrastructure is a credible target for hostile state disruption operations. The NCSC-CISA joint advisory on critical infrastructure threats (2024) explicitly includes offshore energy infrastructure in the CNI target set.

Drone threats to North Sea installations have been documented and reported to OPRED. Commercially available drones have a detection-to-intercept challenge that legacy offshore security frameworks were not designed to address. Updated Security Cases should incorporate drone threat assessment, detection capability (radar and acoustic) and a defined response protocol for unauthorised UAS overflight. Counter-UAS capability aboard offshore installations is an emerging requirement, not a future consideration.

Environmental activist direct action – Greenpeace boarding actions on North Sea installations – has a documented history and requires both physical security provisions and legal framework preparedness. The Energy Security and Net Zero Bill and established case law govern the legal response to boarding actions by environmental protesters.

Helicopter Transfer Security

Helicopter transfer to and from offshore installations is the standard personnel movement method in the North Sea and increasingly in other offshore regions. It creates a predictable movement pattern with a concentrated vulnerable period at the heliport and on approach to the installation helideck.

The manifest confidentiality risk is specific: a helicopter transfer manifest documents exactly who is aboard the installation, when they arrived and departed, their employer and their role. Any individual with access to manifest documentation has a complete personnel intelligence picture. Manifest confidentiality – limiting access to named individuals with a defined need-to-know, secure transmission to the aviation operator, and restriction of verbal disclosure at the heliport – is a basic operational security measure.

Heliport security arrangements – access control to the departure lounge and airside apron, baggage screening, passenger identity verification – should be audited as part of offshore security planning. Third-party aviation operator vetting – confirming that the contracted helicopter company’s security provisions meet operator requirements – is a due diligence step that should be documented.

The MAIB (Marine Accident Investigation Branch) maintains a historical dataset of North Sea helicopter incidents. The UK CAA oversees offshore helicopter operations under Air Operator Certificate requirements. Helicopter maintenance standards and the regulatory oversight of the aviation operator are relevant to the security risk assessment because aviation incidents during transfer are a documented mechanism of harm.

Nigeria: Operational Framework for the Niger Delta

Nigeria’s offshore hydrocarbon sector – operated by Shell, Eni, Chevron, TotalEnergies and Nigerian independents under NNPC joint ventures – is the largest offshore production environment in sub-Saharan Africa. The operational security framework for Nigeria offshore operations involves:

Armed escort vessels for shuttle tanker operations in higher-risk areas, coordinated with NIMASA. Community liaison as the primary strategic mitigation for militant group activity. NSCDC (Nigeria Security and Civil Defence Corps) and Nigerian Navy support for high-security visits to nearshore installations. Vetted local security companies for any onshore logistics in Port Harcourt, Warri or other Niger Delta hubs. OSAC Nigeria 2024 and InSight Crime Niger Delta coverage provide the current threat intelligence baseline.

Personnel security clearances for all staff and contractors working at Nigerian offshore sites are administered by NNPC and the DPR (Department of Petroleum Resources) regulatory framework. Foreign visitors should coordinate access documentation well in advance of planned visits – regulatory access requirements are not waived for seniority.

Philippines: Service Contract Areas and Security

Philippine offshore oil and gas operations – primarily in the Malampaya field off Palawan, with emerging exploration in the disputed South China Sea service contract areas – involve a distinct security challenge: the territorial dispute with China over the West Philippine Sea. Service contract areas in disputed territory require a specific diplomatic and legal risk assessment before deployment of any foreign personnel.

The NPA (New People’s Army) communist insurgency, active in parts of Mindanao and some Palawan upland areas, does not directly threaten offshore installation operations but creates a security context for any onshore logistics chain. OSAC Philippines 2024 provides the current threat assessment. Abu Sayyaf Group maritime kidnapping in the Sulu Sea is relevant to any vessel-based transit in the southern Philippine maritime zone.

MEDEVAC: The Offshore Medical Evacuation Framework

The offshore MEDEVAC challenge is defined by the 2-hour surgical window. Most surgical emergencies – tension pneumothorax, major haemorrhage, cardiac event with surgical intervention required – have a 2-hour window from injury to operating table as a guideline for survival without irreversible harm.

At 100 nautical miles from shore in the North Sea, a helicopter response from the nearest SAR base takes approximately 30-40 minutes in good weather. Transit to a shore hospital takes an additional 20-30 minutes. This is within the 2-hour window for air ambulance transport to a trauma centre with surgical capability. At 200+ nautical miles – as for some deepwater Atlantic or West African operations – the arithmetic changes materially.

For installations beyond helicopter MEDEVAC range, the framework requires: an Advanced Medical Life Support (AMLS) trained offshore medic on the installation; a medical bay with surgical stabilisation capability (chest drain, tourniquet application, IV access, airway management); a pre-planned diversion protocol to the nearest port with surgical facility; and a standing arrangement with a fixed-wing medical evacuation provider (International SOS, Global Rescue, AXA Assistance).

Post-incident psychological support for crew following violent incidents – crew abductions, armed boarding, witnessed fatalities – is a documented welfare gap in offshore operations. ISWAN (International Seafarers’ Welfare and Assistance Network) and ICAS (International Critical Incident Stress Foundation) both provide offshore-relevant post-incident support frameworks.

For broader oil and gas security planning, see our guide to oil and gas sector security. For security in remote and off-grid operational environments, see security for remote and off-grid operations.

James Whitfield is a Senior Security Consultant with experience in offshore and extractive industry security. This article draws on IMB Annual Report 2024, NIMASA 2024, OSAC Nigeria/Philippines 2024, UK Energy Act 2008, Offshore Installations (Safety Case) Regulations 2005, OPRED 2024, MAIB Annual Report 2024, Control Risks Maritime Intelligence 2025, CISA-NCSC infrastructure advisory 2024, InSight Crime Niger Delta 2024, Kroll 2024, UK HSE Offshore Statistics 2023-24, UKMTO advisories 2025, and ISO 31030:2021.