Technical Vulnerability & Risk Assessment

Industrial Cyber Security for Oil & Gas

Technical Vulnerability & Risk Assessment

Overview

Via a technical vulnerability and risk assessment of OT infrastructure, SIS successfully assisted a gas operator to understand their current-state risk posture, in order to determine what an appropriate risk appetite (level) was for the organisation, and the prioritisation of mitigation actions, in order to reduce the level of risk exposure to cyber threats.

Challenge

In light of the emerging threat landscape, with increasing cyber security attacks targeting the oil and gas sector, the need to safeguard OT systems is paramount to operational continuity. A gas pipeline operator in the Middle East wanted to understand their exposure to potential attack, and how to improve the resilience of their critical infrastructure. The first step towards improving the security posture of their OT environment was to gain a thorough understanding of the organisation’s risk, in the context of cyber security. 

Risk is a function of threats, impacts and vulnerabilities.  Only with a good knowledge of the cyber security risk can the organisation make informed decisions on what should be the appropriate level of security protection. An understanding of cyber security risk is therefore a key driver towards determining where efforts should be focused to protect gas pipeline operations.

Solution

Via execution of a technical vulnerability and risk assessment of OT infrastructure, SIS successfully assisted the gas pipeline operator to understand their current-state risk posture in order to determine what an appropriate risk appetite (risk level) is, and the prioritisation of mitigation actions in order to reduce the level of risk exposure to cyber threats.

Vulnerability identification was determined by both automated and manual techniques.

SIS assessed the potential impacts and consequences to OT assets, should a vulnerability be exploited.  From this, SIS developed a comprehensive industrial cyber security program for risk mitigation, and to ensure compliance to applicable industry regulations.

If you’d like to know more about our many years of experience in providing industrial cyber security solutions,

Get in touch >

More Success Stories
Power

Meeting European Union
NIS Directive obligations

SIS’ bespoke approach towards the assessment
of critical infrastructure enabled a UK power
company to determine compliance to the EU NIS
Directive, and to develop an improvement plan
towards strengthening resilience to cyber
threats.

View Case Study >

Oil & Gas

Technical vulnerability
and risk assessment of
OT infrastructure

Via a technical vulnerability and risk
assessment of OT infrastructure for a gas
pipeline company, SIS successfully assisted
the gas pipeline company to understand their
current-state risk posture in order to
determine what an appropriate risk appetite
(risk level) is, and the prioritisation of
mitigation actions in order to reduce the
level of risk exposure to cyber threats.

View Case Study >

Mining

Top-down, enterprise wide
security architecture

SIS adopted a top-down, risk-driven approach
to develop an enterprise-wide security
architecture for a resources company, driven
by, and integrated with the organisation’s
broader business strategy, focused on
technology optimisation to deliver secure mine operations.

View Case Study >

Health

Stress & penetration
testing network connected
medical devices

SIS’ specialist industrial cyber security
testers applied the latest exploit tools and
techniques to perform stress and penetration
testing of network connected medical device
technologies, to assess risks to the
reliability of devices, and ultimately the
safety of patients.

View Case Study >

Water

Implementing a Cyber
Security Management
System (CSMS)

As a result of SIS’ Operate and Maintain services, a regional water agency in Australia was able to implement a Cyber Security Management System (CSMS) provides the organisational rigour to ensure
infrastructure is resilient to escalating cyber threats, and ensuring the right security controls are in place to mitigate risk.

View Case Study >

Transport

Audit identifies
Security high-risk areas of focus and remedial priorities

SIS’ industrial cyber security audit services
enabled a government statutory authority to
benchmark the security posture of state
transport agencies, identifying cyber
security risks and prioritisation of key
actions for risk mitigation.

View Case Study >

Critical Manufacturing

Training helps metals
manufacturer create a
stronger security culture

SIS’ industry-leading industrial cyber
security training was able to help a metals
manufacturer create a stronger culture of
security, harmonising with the organisation’s
rigorous safety culture, fostering a
commitment to industrial cyber security from
plant operators and administrators,
encouraging users to act responsibly and thus
operate more securely.

View Case Study >

Neutralising

the threat

Protect your critical assets from the threat of cyber attack.

Get in touch with our industrial cyber security specialists.

Contact SIS