OIL AND GAS
The oil and gas industry or also called the hydrocarbons sector chain corresponds to the set of economic activities related to exploration, production, transport, refining or processing and marketing of non-renewable natural resources known as hydrocarbons (organic material composed mainly of hydrogen and carbon), this set is also made up of the regulation and administration of these activities.
The value chain typically consists of three major areas; (a) exploration and production – upstream, (b) Transport – midstream, and (c) Refining and Marketing – downstream.
Also known as exploration and production (E&P), this sector includes the search for potential crude oil and natural gas deposits, both underground and underwater, the drilling of exploratory wells, and subsequently the drilling and exploitation of wells that bring crude oil or natural gas to the surface.
It consists of transporting them from the wellhead to storage and processing sites, such as pumping stations, refineries and marketing centers (ports). Hydrocarbons are transported through oil (petroleum), gas pipelines (gas), tank cars (oil) and ships (oil).
It commonly refers to the tasks of refining crude oil and the processing and purification of natural gas, as well as the marketing and distribution of products derived from crude oil and natural gas. Refining consists of transforming oil by subjecting it to high temperatures, which reach 400 degrees Celsius, to obtain derived products. Process by which a wide variety of derived products are transformed, mainly fuels (ACPM and gasoline) and petrochemicals (petroleum jelly, brushes, tires, plastics).
In this link all those activities of a commercial nature are carried out, to make the products available to users. Typically, wholesale or retail distributors are used. Petroleum and gas derivatives are usually gasoline, lubricants, poison, kerosene, tires, paraffin, detergents, polyethylene, solvents, and others.
The hydrocarbon industry is generally highly regulated, often with price controls and is often the government of ownership and operation. Typically, many of the facilities involved in each of the industry’s processes can come to be considered critical infrastructure and therefore of national interest. This classification should be determined as a result of the criticality assessment using appropriate assessment methods, techniques and models. Suppliers of industrial automation, security, and service systems in conjunction with hydrocarbon operators must ensure compliance with security and cybersecurity standards, such as ISA/IEC-62443, NIST 800-53/82, IEC-61511, API, NPFA, and others. Keeping up with rules and regulations is a challenge.
SECURITY AND COMPLIANCE
Strategies and solutions based on information security technologies and perimeters are not enough to protect against all modern threats against electrical infrastructures. Industrial cybersecurity requires the protection of physical assets, i.e. the domain of physical security. Many programmable logic controllers (PLCs) and controllers for feed water pumps, feed water, valves, furnaces, boilers, turbines, generators, and capacitors are vulnerable due to the lack of built-in cryptographic controls, including: multi-factor authentication, secure boot, secure update, and encrypted secure communications.
In operational technology (OT) environments, risk is measured in terms of industrial safety and system availability. While data privacy is important, often human physical security, industrial process safety, environmental stewardship, and uptime drive the security needs of plants and large SCADA systems.
Our Solution for Security and Risk Management
ZCM is a system specially designed for industrial cyber risk management that allows organizations in the hydrocarbons sector to assess cyber risk in their industrial infrastructures and make the best mitigation decisions that really work.
Once the industrial cyber risk has been realized, the ZCM system gives you the necessary tools to create resilient and robust industrial infrastructures to all types of threats, and at the same time comply with international standards (ISA/IEC-62443) and other popular regulations, such as those defined by organizations such as NIST and C2M2.
Design and implement appropriate countermeasures that will actually mitigate intolerable risk.
Operate and maintain industrial infrastructures resilient to all types of threats.