performing-oil-gas-cybersecurity-assessment
Installation
SKILL.md
Performing Oil & Gas Cybersecurity Assessment
When to Use
- When conducting a cybersecurity assessment of a refinery, pipeline, or production facility
- When preparing for TSA Pipeline Security Directive compliance (SD-01, SD-02)
- When assessing cybersecurity posture against API Standard 1164 (Pipeline SCADA Security)
- When evaluating the security of remote wellhead SCADA systems and satellite communications
- When a merger, acquisition, or regulatory audit requires a comprehensive OT security evaluation
Do not use for IT-only corporate network assessments of oil and gas companies, for physical security assessments without a cyber component, or for environmental compliance assessments.
Prerequisites
- Written authorization from facility management and operations team
- Understanding of oil and gas operations (upstream, midstream, downstream processes)
- Familiarity with API 1164, TSA SD-01/SD-02, IEC 62443, and NIST CSF
- Passive monitoring tools for OT network traffic capture
- Access to network diagrams, SCADA architecture documentation, and safety studies (HAZOP)