Case Study 4 - Petrochemical Industry

The Client

A top 20 national oil provider (NOC).

The Brief

In 2019 Serbus were approached by a top 20 national oil company (NOC) to assist them in improving their cyber security and communications in their upstream, midstream and downstream areas of operation.

As one of the major NOCs in the petroleum industry, the client was concerned about the ever-growing security threats to their refining and transportation operations.

They contacted Serbus to find a way to ensure that their planning and communications during the transit of oil consignments would remain safe and secure.

Cyber Security Tools in the Petrochemical Industry

The Consultation

Serbus travelled to meet the client at one of their refining facilities to spend a day understanding how the client’s upstream, midstream and downstream operations function and coalesce. This gave the project management team clear-cut insight into the most vulnerable areas within the client's communications infrastructure. This evaluation allowed for the team to then design, propose and build a solution that best fitted the current and predicted future cyber security requirements.

It was established that the three main areas of the business that relied on the need to communicate securely amongst each other were the drilling site, the refinery, and transport operation. It was identified that the transportation of crude oil to the refinery and the refined products leaving the site were the most high-risk areas of operation, due to the geography of the sites. It was also understood that piracy around those locations constituted a major threat, with rival companies previously suffering losses in transit.

Due to the operational size of our client, the consultation period was a little longer than the usual half day. With 3 distinct and crucial elements of the business, it was paramount for the project management team to gather as much information as possible to ensure the client’s security needs would be met.

The Implementation

The upstream area of the operation required a fleet of Serbus Secure equipped mobile phones and ruggedised tablets. At the core of the Serbus Secure suite was a secure voice and messaging application, to provide the drilling operation teams with the ability to transmit data and discuss highly sensitive information without fear of intercept. The devices were enrolled into an MDM that included, Mobile Threat Defence (MTD), mapping and a highly secure VPN for added measures of security, data sharing with the fixed infrastructure and operational efficiency. The MDM was configured with a whitelist to only allow essential applications required for the drilling and extraction teams to conduct their work efficiently, and to eliminate the risk posed by unapproved applications.

The midstream area of the business required fewer mobile devices, but needed the ability to make and receive secure calls between the upstream and downstream operations. Serbus built a secure gateway at their telephone exchange that enabled the refinery’s operations and production teams to communicate securely with all field and transport team members. This was crucial when it came to receiving shipments of crude oil and in the distribution process of the refined petroleum-based products. The client had witnessed similar sized NOCs subjected to sabotage and shipment piracy in recent years, due to the malicious breach of insecure communications networks.

The client’s downstream operation was the area that demanded the most attention. Once refined, a diverse range of products had to travel often vast distances across continents via various transportation methods (rail, road, sea and pipeline). Serbus installed communications gateways at all of the client’s main transportation hubs, to enable secure logistical support; all distribution staff, freight drivers and security staff were also equipped with Serbus Secure enabled IOS devices. The devices fell under a centrally managed MDM, equipped with the same MTD, VPN and mapping features seen in the upstream operation. Whitelisted applications were restricted to key applications required for essential business purposes only.

A further federation of the three core areas was created in order to allow seamless and unified secure communication across the entire business. This feature was crucial to ensure that the entire team were able to communicate across the company with anybody also running Serbus Secure, or at a location with a secure telephone gateway. This system meant that employees were no longer required to communicate using third party apps that were vulnerable to security threats  from cyber criminals or APT actors outside of the organisation.

Serbus also provided on-site training for all key stakeholders and team leads within the company. Serbus worked with the client's existing IT and security teams to help integrate and transition the new technology smoothly into everyday working procedures.

Serbus subsequently extended the system to equip the exploration teams working at potential new drill sites.  Previously the client’s exploration team would use sat-phones or instant messaging platforms to communicate details of the new sites back to their HQ. The sites were often found in areas of high competition or oppressive state control, which rendered communications open to attack, exploitation and a real danger to life.

The Feedback

Our project management team revisited the client 4 weeks after initial implementation and received this feedback.

“We have been amazed at how the Serbus team have taken the time to better understand our industry and our business in order to create the best way for us to implement a secure communication system.

It’s frightening to think that before we started using Serbus Secure, we were all still using Whatsapp and FaceTime, for the logistics of moving millions of tonnes of product around the world. Our new communications strategy gives us, our clients, and investors the peace of mind required.

The level of detail the Serbus team have gone to in designing and implementing this secure network has surpassed my expectations as somebody with over 20 years’ experience in information security.

The management team have been so easy to work with throughout our time with Serbus. In the circumstance we need a fix, alteration or update, the team are on hand and give us the level of service we need to run a productive business.”