TÜV Rheinland Blog - Insights from Asia and Africa

Case Study: Industrial Control Systems (ICS) in the Oil & Gas Sector

Posted by TUV Rheinland on Nov 29, 2019 5:56:18 PM
TUV Rheinland


There has been an exponential rise in Industrial Control System and Operational Technology (OT) vulnerabilities around the globe. The top 5 industries that have seen their operations affected are manufacturing, power & utilities, transportation, telecommunications, and oil & gas.

These vulnerabilities have risen due to the adoption of digitization and inter-connectivity, as industries seek to continually optimize their processes and remain cost-efficient.

Our client is a leading gas transportation company in the Middle East requiring a cybersecurity assessment and a risk review of security gaps in OT environment critical sites.

Client situation:

A security audit was performed at critical sites to identify and assess security risks in clients operational technology (OT) environment. With regards to security gaps, the audit review team highlighted a number of observations in design, administrative, technical and physical security areas.

We found that there was a lack in 1) written customised OT security policy 2) Security Hardening Guidelines 3) Cybersecurity Framework.

Our solution:

We came up with a proposal to fix what was observed lacking, and implemented it. This included:

- Design of customized OT security policy for the client
- Design of procedure documents
- Design of security hardening guidelines
- Design of FAT/ SAT procedure manual

We also prepared a customised OT Cybersecurity Framework by combining our understanding of the client environment along with OT standards and industry best practices.

Client benefits:

From our proposal and implementations, the client found that the comprehensive security strategy was explicitly linked with business and IT objectives. They were also pleased to see a process to ensure continued evaluation and updates in security policies, standards, procedures, and risks. With that, they can be sure to achieve quicker compliance to regulatory standards, when needed.

*Anonymity of client is intentional

For more information, or to contact one of our experts, click below:

Contact us now

Topics: AA19_D01_OTSecurity, Case Study