In the dynamic landscape of energy production, ensuring operational resilience and cybersecurity is paramount. True North Solutions is proud to demonstrate our expertise in operational technology (OT) and digital infrastructure, showcased by a recent project with a leading privately held energy company. This project profile will delve into the successful collaboration between True North and our client and highlight how True North helped the client de-risk its assets through cyber audits.

CLIENT PROFILE: ENERGY PROVIDER

Our client is a privately held low-cost energy producer and operator, focused on scalable, responsible, and long-term profitability. True North completed industrial control system security assessments at the client’s facilities in 2022 to protect and de-risk company assets and reputation and support financial stability.

TRUE NORTH SOLUTIONS’ APPROACH

In 2023, following the acquisition of additional assets, the client needed to provide its key stakeholders visibility into operations while operating and maintaining a defensible architecture and adhering to industry standards and best practices. True North specializes in tailoring automation solutions to meet the unique needs of our clients. In this case, our Digital Infrastructure team was tasked with performing an on-site OT cyber audit at four of the client’s facilities to allow a better view of their operations and supply the information required to de-risk their assets.

PROJECT HIGHLIGHTS

True North’s Digital Infrastructure team engaged with the client’s local OT subject matter experts (SMEs) to audit select area facilities and collect OT and technical information. We performed a site walkthrough of each facility to collect details on network and control system hardware, installed software, third-party vendor systems, and the interconnectivity of each facility’s OT system. We also interviewed key site personnel to gather and understand the policies and procedures in place for daily operations. True North’s high-level scope entailed:

• Network scan and site walkthrough
• Facility operations discussions/interviews
• Cybersecurity policy and procedure overview and on-site discussions
• Cyber maturity interviews
• Report development with detailed findings and prioritized recommendations

After reviewing the findings, True North calculated an overall cyber maturity score, aligned with NIST SP 800 53 and IEC-62443 scales of maturity, and provided the client with a detailed report of findings and prioritized recommendations related to:

• System architecture/control network, including network infrastructure and devices, network segmentation for the control network, supervisory control and data acquisition (SCADA) network, radio, business, and enterprise networks, and Internet security and VPNs
• Cybersecurity and system backups/recovery policies and procedures
• Patch management
• Endpoint protection
• Physical and remote access
• Asset management and lifecycle

CONCLUSION

This project offered the client’s stakeholders visibility into operations and the information required to de-risk their assets. These findings helped:

• Identify vulnerabilities and potential threats, and understand their potential impact on critical processes and systems
• Ensure compliance with internationally recognized cybersecurity standards for industrial control systems in the oil and gas sector, which is crucial for meeting regulatory requirements and demonstrating a commitment to cybersecurity best practices
• Prioritize areas for improvement and allocate resources effectively to enhance their cybersecurity posture
• Create plans for implementing robust access controls, network segmentation, intrusion detection systems, and incident response protocols, ultimately safeguarding critical operations, minimizing the risk of disruptions due to cyber incidents, and providing added assurance for production continuity and data protection
• Demonstrate a high level of cyber maturity and a proactive approach to cybersecurity to enhance the client’s reputation and foster trust among its key clients and stakeholders

In conclusion, True North’s OT cyber audit was essential for the client to assess, improve, and maintain a robust cybersecurity posture, thereby safeguarding their operational assets, ensuring regulatory compliance, and gaining a competitive edge in the industry.