Case Study: Cyber Security Consultancy in the Oil and Gas Industry

Ensuring cyber preparedness and compliance at sea.

Cargo ship at sea with binary code overlaid

Executive summary

Due to the revision of the Tanker Management Self-Assessment (TMSA3) programme, new security elements have been added around Maritime Security. In support of organisations becoming cyber resilient as a key business differentiator in a highly competitive market, we help customers gain an understanding of their cyber security risks and assist them identify business-driven remediation actions. We have developed a number of cyber security service offerings specifically to aid compliance with the TMSA3 Maritime Security guidelines. Services include security consultancy, vulnerability scanning, technical testing, and a range of shore and vessel based assessments.

The brief

The customer, a small to medium sized Liquid Natural Gas (LNG) Italian shipping operator, was required by its key clients in the oil and gas industry to demonstrate cyber preparedness and compliance. This needed to be in line with new security elements under the revised TMSA3 programme, specifically Element 13, which includes a new and important section titled ‘Maritime Security’. As a company that transports LNG on behalf of its clients, this shipping operator was required to pass audits and inspections undertaken by these clients. The customer had already undertaken a number of internal security activities to support these revised guidelines. However, it required additional expert guidance on interpreting and recommending security enhancements specific to its needs to make best use of time and resources.

Ship in the sea with binary code in the waves
Our solution

Our approach was to first provide a questionnaire to the customer that enabled us to select and arrange the appropriate resources and information. We then undertook a series of workshops with the customer to explore the perceived and actual levels (based on evidence presented) of their cyber maturity. After this assessment, we delivered a second phase of tailored cyber security support packages suitable for immediate customer use. Throughout the workshop sessions, regular discussion and interaction was encouraged, not only to ensure a positive experience, but also to capture important details from discussions.

We analysed the questionnaire responses and information gathered during both phases of the workshops to provide an assessment of compliance and potential blockers to achieving higher levels of cyber maturity. After specific gaps were identified during the cyber maturity assessment phase, we offered various support packages to the customer, including tailored threat and information security risk assessments, security policies and plans, and a TMSA3 Element 13 Roadmap to aid future planning activities. 

The customer now has a sound understanding of cyber security 
Outcomes and benefits

From a business perspective, the customer now has a sound understanding of cyber security. Its continued commitment is also reflected by working towards an ISO 27001 information security management system certification for both vessel and shore-based operations.

Our engagement has enabled the customer to understand cyber maturity metrics within its organisation, and evidence potential gaps, risks, and threats which could potentially act as blockers to achieving higher levels of cyber security maturity and TMSA3 Element 13 compliance in the future.

  • Future proofing – a deeper understanding of cyber security for the customer
  • Instilled a robust cyber security culture throughout its organisation
  • Informed decision making due to understanding of cyber security metrics within its organisation

For more information contact: customercontact@QinetiQ.com.

Download this case study as a PDF (3.25MB)