Digital Feature: Refiner improves operational technology risk measurement and management: A Case Study on addressing the cyber risks in the oil and gas industry
This case study details how a U.S.-based Fortune 50 petroleum refiner used Hexagon’s PAS Cyber Integrity™ to improve operational technology (OT) cybersecurity. By automating asset inventory and vulnerability assessments, the company reduced manual processes, enhanced visibility into cyber risks and improved safety, ultimately saving millions of dollars in program costs.
Cyber threats. In the oil and gas industry, cybersecurity continues to be a critical focus as digital transformation accelerates across global operations. With increased connectivity and automation, industrial control systems are more vulnerable to cyber threats than ever before. Cyberattacks on these systems can disrupt production, compromise safety and lead to significant financial losses. As attackers grow more sophisticated, the need for robust OT cybersecurity programs has never been greater.
This case study details one Fortune 50 company’s decision to address growing security threats with a structured approach to OT cybersecurity.
About the company. This U.S.-based company is an independent petroleum refiner focused on maintaining safe, reliable and environmentally responsible operations while achieving strong financial results. Operating numerous facilities across the U.S., Canada and the UK, the company is an industry leader in petroleum refining.
The challenge. As energy companies increasingly integrate connected technology into their operations, the risks of cybersecurity breaches grow. This refiner, like many others, uses process automation technologies to enhance operational efficiency. Yet, such advancements can introduce new vulnerabilities. Devices that monitor and control essential functions, such as pressure valves and safety procedures, are often linked to broader computer networks, and in some cases, to the internet. This connectivity makes refineries attractive targets for sophisticated cybercriminals seeking weaknesses to exploit.
In 2014, the company recognized the need for a more structured approach to OT cybersecurity. To address growing threats to its critical infrastructure, it formed an internal team dedicated to improving control system security. The team researched security standards from the information technology (IT) and automation industries and developed internal OT cybersecurity control policies. However, to ensure compliance and mitigate risks, the company required better visibility into its existing OT security risk landscape and sought to reduce manual processes related to asset inventory and risk assessments.
The solution. The company chose PAS Cyber Integrity™ as the foundation of its new OT cybersecurity program. Cyber Integrity provided an automated, comprehensive inventory of all OT assets, including hardware, software, I/O (or interface) cards, firmware, configurations and control strategies. This system covered the company’s multi-vendor control system assets operating across various process control networks (PCNs). By creating this evergreen inventory, the refiner achieved deep visibility into its OT assets, a critical first step in securing them.
Next, the company deployed Cyber Integrity’s vulnerability assessment tools. Prior to this deployment, assessing whether OT assets were at risk from a high-severity vulnerability reported by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) could take months and often led to incomplete or inaccurate results. With Cyber Integrity, the company could now evaluate potential vulnerabilities across all its refineries within minutes, significantly reducing the time needed for remediation.
Over the past five years, Cyber Integrity has enabled the company to not only improve its OT cybersecurity posture but also save millions of dollars by eliminating manual processes for asset inventory, vulnerability assessment and compliance audits.
Business benefits. Cyber Integrity provides the following benefits:
- A comprehensive view of OT cyber risks across the enterprise
- Identification of vulnerabilities and their potential impact on OT assets
- Improved production safety through better configuration management
- Reduced documentation efforts for inventory, vulnerability and compliance by over 70%.
Protecting vital infrastructure and ensuring the integrity of control systems are essential for maintaining operational efficiency, safety and profitability in this highly complex and interconnected industry.
By implementing Cyber Integrity, this petroleum refiner significantly enhanced its OT cybersecurity risk management capabilities. The solution provided real-time visibility into critical OT assets, enabling rapid vulnerability assessments and compliance tracking. As a result, the company improved safety, reduced cyber risk and realized substantial cost savings by automating previously manual processes.
Additional case studies. View similar industry success stories here to discover how Hexagon helped organizations unlock data, accelerate industrial project modernization and improve digital maturity.
About Hexagon. Hexagon is a global leader in digital reality solutions, combining sensor, software and autonomous technologies.
Hexagon’s Asset Lifecycle Intelligence division helps clients design, construct and operate more profitable, safe and sustainable industrial facilities. We empower customers to unlock data, accelerate industrial project modernization and digital maturity, increase productivity, and move the sustainability needle.
Hexagon’s technologies help produce actionable insights that enable better decision-making and intelligence across the asset lifecycle of industrial projects, leading to improvements in safety, quality, efficiency and productivity, which contribute to economic and environmental sustainability.
Hexagon has approximately 24,500 employees in 50 countries, and net sales of approximately €5.4 B. Learn more at www.hexagon.com, and follow us @HexagonAB.
Comments