Performing Oil & Gas Cybersecurity Assessment

When to Use

• When conducting a cybersecurity assessment of a refinery, pipeline, or production facility
• When preparing for TSA Pipeline Security Directive compliance (SD-01, SD-02)
• When assessing cybersecurity posture against API Standard 1164 (Pipeline SCADA Security)
• When evaluating the security of remote wellhead SCADA systems and satellite communications
• When a merger, acquisition, or regulatory audit requires a comprehensive OT security evaluation

Do not use for IT-only corporate network assessments of oil and gas companies, for physical security assessments without a cyber component, or for environmental compliance assessments.

Prerequisites

• Written authorization from facility management and operations team
• Understanding of oil and gas operations (upstream, midstream, downstream processes)
• Familiarity with API 1164, TSA SD-01/SD-02, IEC 62443, and NIST CSF
• Passive monitoring tools for OT network traffic capture
• Access to network diagrams, SCADA architecture documentation, and safety studies (HAZOP)