The Connected Rig

The Scenario Is Just the Vehicle

A field team force-onboards a vendor to fix an automated rig, and proprietary data crosses a border it never should have.

What This Lab Is Really About

Whether a company built on centralized, real-time data control actually knows where its data is allowed to live — and who has the authority to stop the business when the law and the contract collide with the day rate.

The real discussion is not about a single rig or a single vendor. It is about the workarounds that survive every acquisition, the borders that bits cross faster than steel, and the moment someone has to choose between a contractual penalty and a sovereign violation — before anyone has decided who gets to make that call.

This Is Not a Debate About the Workaround

The Lab assumes the workaround has already been implemented. It never reiterates whether the field team was wrong.

Everyone in the room already knows force-onboarding a vendor was a mistake. If the lab argues that, it becomes a blame session, and no one is tested. The pressure lives in what they do now: contain or keep drilling, who has the authority to pull a live rig’s network connection, what they owe the regulator and the SOE, and the quiet truth that the centralized “everything-to-Houston” model was a sovereignty exposure long before any vendor showed up.

Inject 1 · The Field Fix

The control system fails mid-mobilization; the $150K/day penalty clock starts. The local team patches it quickly by force-onboarding a subcontractor under the inherited Andicor entity via a local agent to skip the three-week queue. The rig is turning again. The room’s first instinct: good catch, crisis averted.

Inject 2 · The Anomaly

Houston’s analyst flags it: an unverified in-country IP has pulled 48 hours of unencrypted automation data and subsurface telemetry off the network. An unvetted foreign vendor had direct access to the crown-jewel drilling software. The CISO sees a trade-secret exposure; Operations wants to finish the campaign first and “sort the paperwork after.” This is the trap closing. The room is meant to drift toward “let them finish.”

Inject 3 · The Veto (the detonator)

The host nation’s cyber-regulator formally accuses Halcomb of unlawfully exporting in-country data and breaching residency rules — and the SOE contract’s own data-residency and confidentiality clauses are now in play, with the fleet’s operating standing at risk. The CCO demands an immediate shutdown of the rig’s network connection to contain it.

Everything inverts. Shutting down instantly triggers millions in contractual penalties and enrages the SOE; leaving it connected deepens a sovereign violation that the regulator is already watching. The GC moves to the center; the CFO has two terrible numbers to weigh. And the realization that stings: the “centralized intelligence” model the company is proud of was the exposure all along — data controllable from Houston can violate sovereignty even when it’s stored in-country.

“We’d never hand our crown jewels to an unvetted foreign vendor.”

No one in the room would ever approve that — and that’s exactly why this Lab works. Nobody decides to leak the automation stack. The $150K/day penalty, the three-week onboarding queue, and a leftover acquisition workaround decide it for them — one reasonable-sounding shortcut at a time. Good people, good intentions, structural outcome.

VP of International Operations — owns the rig, the day rate, and the SOE relationship. “The rig is turning to the right, and we avoided the penalty.” Not the villain — this is the job.

CIO / CISO — just watched an unvetted foreign vendor get unfettered access to the automation crown jewels. Sees a trade-secret leak and a cyber breach.

CCO / General Counsel — staring at a stack: an unvetted agent (anti-corruption exposure), a trade-secret breach, and a host-nation data-sovereignty violation that could threaten the fleet’s standing.

CFO — weighs the penalty for shutting the rig down against the cost of a regulatory action, a damaged SOE relationship, and the fleet itself.

CEO — makes the call between the CCO and Operations, and owns what it signals about whether speed or standing wins under pressure.

The Integration Blindspot

Who in Houston is actually auditing whether international divisions — especially recently acquired ones — are using legacy workarounds to bypass corporate vendor onboarding?

The Digital Borders

Does the executive team know the exact legal boundaries of where rig telemetry can be stored, viewed, and patched — or is “everything to Houston” an assumption no one has tested against the law and the contract?

The Contractual Veto

Who actually has the authority to shut down a live rig’s connection over a compliance breach — and has that been decided before the crisis, or do we decide it under penalty pressure with the client on the phone?

The Cost of Speed

At what point does saving a day of rig downtime cost us our standing with a regulator, a client, and our own crown-jewel technology?

0–10 min — Frame. Set the rule of the room: the workaround already happened. We are deciding what we do now, who has the authority to do it, and what it costs.

10–30 min — Inject 1. The field fix and the penalty avoided. First read of the situation; the “crisis averted” instinct surfaces.

30–50 min — Inject 2. The anomaly. Let the room work the options and start drifting toward “let them finish, sort the paperwork after.”

50–70 min — Inject 3. The regulator’s accusation and the shutdown demand. The reckoning — contain versus keep drilling, and who has the authority to decide.

70–90 min — Reframe & commit. The surfacing questions, then the decisions the room will actually carry out — authority, data borders, and the integration audit.

Facilitator’s guide — full run-of-show, timing, the rule of the room, and how to hold the line against the blame-session drift.

The three inject cards — sequenced for timed reveal, with Inject 3 (the regulator’s veto) held as the detonator.

Role briefs — one per seat (International Ops, CIO/CISO, CCO/GC, CFO, CEO), each with the pressure that seat carries.

Reframe & surfacing-question set — the “we’d never hand over the crown jewels” turn and the four questions to leave open.

Legal-context primer — a plain-language, counsel-hedged page on data residency and sovereignty: what privacy law covers, what the SOE contract and national-security rules cover, and why “stored in-country” isn’t the same as compliant.

Commitments template — who holds the authority to pull a live rig’s connection, the written data-residency position, and the integration audit for legacy onboarding workarounds.

Debrief one-pager — the takeaways and the homework, sized for a follow-up email to the room.

Part of the Executive Decision Lab™ line. Each Lab puts a leadership team inside a high-pressure decision where the right answer is obvious in principle and hard in practice. Explore the full line of Executive Decision Labs.