Home / Experience / Case Studies / Oil & Gas

Industrial cyber security for Oil & Gas

Technical Vulnerability & Risk Assessment

Overview

Via a technical vulnerability and risk assessment of OT infrastructure for a gas pipeline company, SIS successfully assisted the gas pipeline company to understand their current-state risk posture in order to determine what an appropriate risk appetite (risk level) is, and the prioritisation of mitigation actions in order to reduce the level of risk exposure to cyber threats

Challenge

In light of the emerging threat landscape, with increasing cyber security attacks on the oil and gas industry, the need to safeguard OT systems is paramount to operational continuity. A gas pipeline company in the Middle East wanted to understand their exposure to potential attack and how to improve the resilience of their critical infrastructure. The first step for towards improving the security posture of their OT environment was to gain a thorough understanding of the organisation’s risk, in the context of cyber security. 

Risk is a function of threats, impacts and vulnerabilities.  Only with a good knowledge of the cyber security risk can the organisation make informed decisions on what should be the appropriate level of security protection. An understanding of cyber security risk is therefore a key driver towards determining where efforts should be focused to protect gas pipeline operations.

Solution

Via execution of a technical vulnerability and risk assessment of OT infrastructure, SIS successfully assisted the gas pipeline company to understand their current-state risk posture in order to determine what an appropriate risk appetite (risk level) is, and the prioritisation of mitigation actions in order to reduce the level of risk exposure to cyber threats.

Vulnerability identification was determined by both automated and manual techniques.

SIS assessed the potential impacts and consequences to OT assets should a vulnerability be exploited.  From this SIS developed a comprehensive industrial cyber security program for risk mitigation, and to ensure compliance to applicable industry regulations.

If you’d like to know more about our many years of experience in providing industrial cyber security solutions,

Get in touch >

More Case Studies

Sector Scope
Power

SIS’ bespoke approach towards the assessment of critical infrastructure enabled a UK power company to determine compliance to the EU NIS Directive, and to develop an improvement plan towards strengthening resilience to cyber threats.

View Case Study

Oil & gas

Via a technical vulnerability and risk assessment of OT infrastructure for a gas pipeline company, SIS successfully assisted the gas pipeline company to understand their current-state risk posture in order to determine what an appropriate risk appetite (risk level) is, and the prioritisation of mitigation actions in order to reduce the level of risk exposure to cyber threats

View Case Study

Transport

SIS’ industrial cyber security audit services enabled a government statutory authority to benchmark the security posture of state transport agencies, identifying cyber security risks and prioritisation of key actions for risk mitigation.

View Case Study

Water

As a result of SIS’ Operate and Maintain services, a regional water agency in Australia was able to implement a Cyber Security Management System (CSMS) provides the organisational rigour to ensure infrastructure is resilient to escalating cyber threats, and ensuring the right security controls are in place to mitigate risk.

View Case Study

Mining

SIS adopted a top-down, risk-driven approach to develop an enterprise-wide security architecture for a resources company, driven by, and integrated with the organisation’s broader business strategy, focused on technology optimisation to deliver secure mine operations.

View Case Study

Critical Manufacturing

SIS’ industry-leading industrial cyber security training was able to help a metals manufacturer create a stronger culture of security, harmonising with the organisation’s rigorous safety culture, fostering a commitment to industrial cyber security from plant operators and administrators, encouraging users to act responsibly and thus operate more securely

View Case Study

Health

SIS’ specialist industrial cyber security testers applied the latest exploit tools and techniques to perform stress and penetration testing of network connected  medical device technologies, to assess risks to the reliability of devices, and ultimately the safety of patients.

View Case Study