PZ (IT CySec & Oilfields Trainings)

“Cybersecurity Vulnerability Assessment”

“Petroleum Zones services the Global oil and gas industry”

CYBERSECURITY

Vulnerability Assessment/Management for the Oil & Gas Infrastructure

We Offer Vulnerability Assessment.

Inquire, Now!

Asset Management

As a part of the CIS Critical Controls and NIST Cybersecurity Framework, identifying and managing assets is an integral of a successful vulnerability assessment.

Vulnerability Assessment

Here, the vulnerability results of clients are analyzed.

Threats Detection & Prioritization

The vulnerability findings are prioritized by the risks that are associated with their known threats.

Report (Scanned Result)

A detailed scanned result is generated, here. A copy is sent to the client – especially the client’s IT department. The report includes a possible solution to remedy the vulnerabilities found.

Remediation Process

Response, in the form of fixing the vulnerability weaknesses, is carried out here.

Important References: Cybersecurity Compliance for the Oil & Gas Industry

What is Ransomware?

Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid. Ransomware, a malware, uses encryption to hold a victim’s information in order to demand ransom. Once a user or organization’s critical data is encrypted, the data >les, databases, or applications cannot be accessed. In order to access the encrypted database, ransom is demanded. Ransomware can be aimed at individuals, or targeting businesses.

Ransomware: An Example

Ransomware Attack on US Colonial Pipeline - 2021

Hackers Breached Colonial Pipeline Using Compromised Password

The ransomware attack on Colonial Pipeline, for now, is the most well-known of all the recent cyberattacks in the oil & natural gas industry.

Due to the concerns of the vulnerability of the physical infrastructure in view of the attack, and in response to the breach, Colonial shut down 5,500 miles of pipeline that carrying 45% of fuel supplies on the East Coast.

The reason for the pipeline shutdown? Colonial said that the hackers targeted the company’s billing systems, as such customers could not be billed.

As a result of this shutdown, there was fuel shortages and panic buying in multiple US states.

This incident gives a clear picture of how IT network systems are interwoven with the daily operation of the oil and natural gas businesses.

Cyberattack prevention must be a part of the day to day functioning of the oil & natural gas operation.

Cybersecurity must be boost at critical energy infrastructure.

DHS - TSA Cybersecurity Compliance Requirements: Oil & Gas Infrastructure

DHS Cybersecurity Requirements for Critical Pipeline Owners and Operators. Oil & Natural Gas Cybersecurity Requirements and Compliance.

DHS-TSA Pipeline Security Guidelines and Corporate Security Program Overview

MEMORANDUM - DHS-TSA – February 16, 2022

MEMORANDUM - DHS-TSA – July 21, 2022

National Institute of Standards and Technology (NIST)

Ransomware Response (CISA Recommendations)

*{Cybersecurity and Infrastructure Security Agency (CISA)}

If your company experiences ransomware attack, CISA strongly recommends using the this checklist to respond. This information will take you through the response process from detection to containment and eradication.

Detection and Analysis

Determine which systems were impacted, and immediately isolate them.

Only in the event you are unable to disconnect devices from the network, power them down to avoid further spread of the ransomware infection.

Triage impacted systems for restoration and recovery.

Consult with your incident response team to develop and document an initial understanding of what has occurred based on initial analysis.

Engage your internal and external teams and stakeholders with an understanding of what they can provide to help you mitigate, respond to, and recover from the incident.

CONTAINMENT AND ERADICATION

Take a system image and memory capture of a sample of affected devices (e.g., workstations and servers).

Additionally, collect any relevant logs as well as samples of any “precursor” malware binaries and associated observables or indicators of compromise (e.g., suspected command and control IP addresses, suspicious registry entries, or other relevant files detected)

Consult federal law enforcement regarding possible decryptors available, as security researchers have already broken the encryption algorithms for some ransomware variants.