Digital Feature (sponsored): Refiner improves OT cyber risk measurement and management: A Case Study on achieving visibility into OT cybersecurity policy compliance
In the oil and gas industry, cybersecurity continues to be a critical focus as digital transformation accelerates across global operations. With increased connectivity and automation, industrial control systems are more vulnerable to cyber threats than ever before. Cyberattacks on these systems can disrupt production, compromise safety and lead to significant financial losses. As attackers grow more sophisticated, the need for robust operational technology (OT) cybersecurity programs has never been greater.
This case study details one Fortune 50 company’s decision to address growing security threats with a structured approach to OT cybersecurity.
About the company. This U.S.-based company is an independent petroleum refiner focused on maintaining safe, reliable and environmentally responsible operations while achieving strong financial results. Operating numerous facilities across the United States, Canada and the United Kingdom, the company is an industry leader in petroleum refining.
The challenge. As energy companies increasingly integrate connected technology into their operations, the risks of cybersecurity breaches grow. This refiner, like many others, uses process automation technologies to enhance operational efficiency. Yet, such advancements can introduce new vulnerabilities. Devices that monitor and control essential functions, such as pressure valves and safety procedures, are often linked to broader computer networks, and in some cases, to the internet. This connectivity makes refineries attractive targets for sophisticated cybercriminals seeking weaknesses to exploit.
In 2014, the company recognized the need for a more structured approach to OT cybersecurity. To address growing threats to its critical infrastructure, it formed an internal team dedicated to improving control system security. The team researched security standards from the IT and automation industries and developed internal OT cybersecurity control policies. However, to ensure compliance and mitigate risks, the company required better visibility into its existing OT security risk landscape and sought to reduce manual processes related to asset inventory and risk assessments.
The solution. The company chose PAS Cyber Integrity® as the foundation for its new OT cybersecurity program. Cyber Integrity provided an automated, comprehensive inventory of all OT assets, including hardware, software, I/O (or interface) cards, firmware, configurations and control strategies. This system covered the company’s multi-vendor control system assets operating across various process control networks (PCNs). By creating this evergreen inventory, the refiner achieved deep visibility into its OT assets, a critical first step in securing them.
Next, the company deployed Cyber Integrity’s vulnerability assessment tools. Prior to this deployment, assessing whether OT assets were at risk from a high-severity vulnerability reported by ICS-CERT could take months and often lead to incomplete or inaccurate results. With Cyber Integrity, the company could now evaluate potential vulnerabilities across all its refineries within minutes, significantly reducing the time needed for remediation.
Over the past five years, Cyber Integrity has enabled the company to not only improve its OT cybersecurity posture but also save millions of dollars by eliminating manual processes for asset inventory, vulnerability assessment and compliance audits.
FIG. 1. PAS Cyber Integrity hardens security for the most critical assets in a plant – the OT industrial control system endpoints.
Business Benefits:
- Comprehensive view of OT cyber risks across the enterprise.
- Identification of vulnerabilities and their potential impact on OT assets.
- Improved production safety through better configuration management.
- Reduced documentation efforts for inventory, vulnerability and compliance by over 70%.
Protecting vital infrastructure and ensuring the integrity of control systems is essential for maintaining operational efficiency, safety and profitability in this highly complex and interconnected industry.
By implementing Cyber Integrity, this petroleum refiner significantly enhanced its OT cybersecurity risk management capabilities. The solution provided real-time visibility into critical OT assets, enabling rapid vulnerability assessments and compliance tracking. As a result, the company improved safety, reduced cyber risk and realized substantial cost savings by automating previously manual processes.
View similar industry success stories here to discover how we’ve helped organizations like yours unlock data, accelerate industrial project modernization and improve digital maturity.
About Hexagon
Hexagon is a global leader in digital reality solutions, combining sensor, software and autonomous technologies.
Hexagon’s Asset Lifecycle Intelligence division helps clients design, construct, and operate more profitable, safe, and sustainable industrial facilities. We empower customers to unlock data, accelerate industrial project modernization and digital maturity, increase productivity, and move the sustainability needle.
Our technologies help produce actionable insights that enable better decision-making and intelligence across the asset lifecycle of industrial projects, leading to improvements in safety, quality, efficiency, and productivity, which contribute to Economic and Environmental Sustainability.
Hexagon (Nasdaq Stockholm: HEXA B) has approximately 24,500 employees in 50 countries and net sales of approximately 5.4bn EUR. Learn more at hexagon.com and follow us @HexagonAB.
Comments