Our client had recently acquired an offshore oil and gas asset that was critical to their production operations. As with many assets of this type, it relies heavily on industrial control systems (ICS) to provide control and monitoring of remote equipment.
In recent years, the increased connectivity of ICS systems has made them more vulnerable to cyber security attacks. Recognising this, the client wanted to identify and manage any security threats to both the asset the wider business. PA was approached to carry out an Industrial Control Systems Security Health Check based on our leading role in developing the UK’s national guidance on ICS security.
First we visited the offshore asset to perform the Health Check, including physical audits of systems, interviews with personnel and a review of technical documentation. From this we were able identify the risks facing the operations, the gaps against the ICS best practice guidelines, interim security improvements, and provide a detailed list of recommended actions to reduce the risk to the asset.
Then, to safeguard ICSs across the organisation, we designed a business-wide ICS security framework that could be applied to both existing and new assets. This included recommendations on cyber security management systems, changes to business process, technical security controls, remote connectivity for remote support and real-time data and management of third parties.
As well as reducing the risk of a potentially devastating cyber-attack, our work has given the business confidence in their ability to manage the risks around ICS – so they can continue to realise the benefits of this exciting technology.
To learn more about PA's work in this area or to speak to one of our experts in this industry, please contact us now.