Case Study 4 - Petrochemical Industry
The Client - A top 20 national oil provider (NOC).
The Brief - In 2019 Serbus were approached by a top 20 national oil company (NOC) to assist them in improving their cyber security and communications in their upstream, midstream and downstream areas of operation.
As one of the major NOCs in the petroleum industry, the client was concerned about the ever-growing security threats to their refining and transportation operations.
They contacted Serbus to find a way to ensure that their planning and communications during the transit of oil consignments would remain safe and secure.
Serbus travelled to meet the client at one of their refining facilities to spend a day understanding how the client’s upstream, midstream and downstream operations function and coalesce. This gave the project management team clear-cut insight into the most vulnerable areas within the client's communications infrastructure. This evaluation allowed for the team to then design, propose and build a solution that best fitted the current and predicted future cyber security requirements.
It was established that the three main areas of the business that relied on the need to communicate securely amongst each other were the drilling site, the refinery, and transport operation. It was identified that the transportation of crude oil to the refinery and the refined products leaving the site were the most high-risk areas of operation, due to the geography of the sites. It was also understood that piracy around those locations constituted a major threat, with rival companies previously suffering losses in transit.
Due to the operational size of our client, the consultation period was a little longer than the usual half day. With 3 distinct and crucial elements of the business, it was paramount for the project management team to gather as much information as possible to ensure the client’s security needs would be met.
The upstream area of the operation required a fleet of Serbus Secure equipped mobile phones and ruggedised tablets. At the core of the Serbus Secure suite was a secure voice and messaging application, to provide the drilling operation teams with the ability to transmit data and discuss highly sensitive information without fear of intercept. The devices were enrolled into an MDM that included, Mobile Threat Defence (MTD), mapping and a highly secure VPN for added measures of security, data sharing with the fixed infrastructure and operational efficiency. The MDM was configured with a whitelist to only allow essential applications required for the drilling and extraction teams to conduct their work efficiently, and to eliminate the risk posed by unapproved applications.
The midstream area of the business required fewer mobile devices, but needed the ability to make and receive secure calls between the upstream and downstream operations. Serbus built a secure gateway at their telephone exchange that enabled the refinery’s operations and production teams to communicate securely with all field and transport team members. This was crucial when it came to receiving shipments of crude oil and in the distribution process of the refined petroleum-based products. The client had witnessed similar sized NOCs subjected to sabotage and shipment piracy in recent years, due to the malicious breach of insecure communications networks.
The client’s downstream operation was the area that demanded the most attention. Once refined, a diverse range of products had to travel often vast distances across continents via various transportation methods (rail, road, sea and pipeline). Serbus installed communications gateways at all of the client’s main transportation hubs, to enable secure logistical support; all distribution staff, freight drivers and security staff were also equipped with Serbus Secure enabled IOS devices. The devices fell under a centrally managed MDM, equipped with the same MTD, VPN and mapping features seen in the upstream operation. Whitelisted applications were restricted to key applications required for essential business purposes only.
A further federation of the three core areas was created in order to allow seamless and unified secure communication across the entire business. This feature was crucial to ensure that the entire team were able to communicate across the company with anybody also running Serbus Secure, or at a location with a secure telephone gateway. This system meant that employees were no longer required to communicate using third party apps that were vulnerable to security threats from cyber criminals or APT actors outside of the organisation.
Serbus also provided on-site training for all key stakeholders and team leads within the company. Serbus worked with the client's existing IT and security teams to help integrate and transition the new technology smoothly into everyday working procedures.
Serbus subsequently extended the system to equip the exploration teams working at potential new drill sites. Previously the client’s exploration team would use sat-phones or instant messaging platforms to communicate details of the new sites back to their HQ. The sites were often found in areas of high competition or oppressive state control, which rendered communications open to attack, exploitation and a real danger to life.
Our project management team revisited the client 4 weeks after initial implementation and received this feedback.
“We have been amazed at how the Serbus team have taken the time to better understand our industry and our business in order to create the best way for us to implement a secure communication system.
It’s frightening to think that before we started using Serbus Secure, we were all still using Whatsapp and FaceTime, for the logistics of moving millions of tonnes of product around the world. Our new communications strategy gives us, our clients, and investors the peace of mind required.
The level of detail the Serbus team have gone to in designing and implementing this secure network has surpassed my expectations as somebody with over 20 years’ experience in information security.
The management team have been so easy to work with throughout our time with Serbus. In the circumstance we need a fix, alteration or update, the team are on hand and give us the level of service we need to run a productive business.”
A UK industry leader in commercial insurance
In 2018 our client came to us after their compliance and information security teams identified potential security weaknesses across particular job functions, in relation to the storage and transfer of customer data within the business.
With the GDPR deadline fast-approaching, they enlisted Serbus to present a solution that would ensure full-compliancy when it came to their employees use of mobile devices throughout the business.
A VC backed FinTech provider
In early 2020, one of the UK’s fastest-growing, London-based, FinTech companies approached us to assist in strengthening the safety of their information security.
In a highly-regulated industry, it was vital to our client that they ensure security and compliance when handling data within their organisation. They also wanted to ensure that their mobile workforce were given the tools to communicate and transfer sensitive data securely when working remotely and from their mobile devices.
A fast-growing, innovative, UK pharmaceuticals company
In the Summer of 2019, our client came to us for assistance at the same time that they were bringing a new product to market.
The product itself was set to provide a radical and innovative edge to the industry. Having been beaten to market with previous products, due to lapses in their company information security, they were keen to prevent further IP losses by tightening their communication systems and process.