Case Study: Cyber Security Consultancy in the Oil and Gas Industry
Due to the revision of the Tanker Management Self-Assessment (TMSA3) programme, new security elements have been added around Maritime Security. In support of organisations becoming cyber resilient as a key business differentiator in a highly competitive market, we help customers gain an understanding of their cyber security risks and assist them identify business-driven remediation actions. We have developed a number of cyber security service offerings specifically to aid compliance with the TMSA3 Maritime Security guidelines. Services include security consultancy, vulnerability scanning, technical testing, and a range of shore and vessel based assessments.
The customer, a small to medium sized Liquid Natural Gas (LNG) Italian shipping operator, was required by its key clients in the oil and gas industry to demonstrate cyber preparedness and compliance. This needed to be in line with new security elements under the revised TMSA3 programme, specifically Element 13, which includes a new and important section titled ‘Maritime Security’. As a company that transports LNG on behalf of its clients, this shipping operator was required to pass audits and inspections undertaken by these clients. The customer had already undertaken a number of internal security activities to support these revised guidelines. However, it required additional expert guidance on interpreting and recommending security enhancements specific to its needs to make best use of time and resources.
Our solutionOur approach was to first provide a questionnaire to the customer that enabled us to select and arrange the appropriate resources and information. We then undertook a series of workshops with the customer to explore the perceived and actual levels (based on evidence presented) of their cyber maturity. After this assessment, we delivered a second phase of tailored cyber security support packages suitable for immediate customer use. Throughout the workshop sessions, regular discussion and interaction was encouraged, not only to ensure a positive experience, but also to capture important details from discussions.
We analysed the questionnaire responses and information gathered during both phases of the workshops to provide an assessment of compliance and potential blockers to achieving higher levels of cyber maturity. After specific gaps were identified during the cyber maturity assessment phase, we offered various support packages to the customer, including tailored threat and information security risk assessments, security policies and plans, and a TMSA3 Element 13 Roadmap to aid future planning activities.
The customer now has a sound understanding of cyber security
Outcomes and benefits
From a business perspective, the customer now has a sound understanding of cyber security. Its continued commitment is also reflected by working towards an ISO 27001 information security management system certification for both vessel and shore-based operations.
Our engagement has enabled the customer to understand cyber maturity metrics within its organisation, and evidence potential gaps, risks, and threats which could potentially act as blockers to achieving higher levels of cyber security maturity and TMSA3 Element 13 compliance in the future.
- Future proofing – a deeper understanding of cyber security for the customer
- Instilled a robust cyber security culture throughout its organisation
- Informed decision making due to understanding of cyber security metrics within its organisation
Welcome to CES 2023: Tech trends to watch out for
06 Jan 2023
EDP Provider Network come together after three years away
08 Dec 2022
Celebrating International Volunteer Day
02 Dec 2022
QinetiQ Target Systems joins Royal Netherlands Army units in a bi-national Tactical Firing with Germany at the NATO Missile Firing Installation on Crete
22 Nov 2022
Caring for our people
18 Nov 2022