Oil and Gas

Eradicate Vulnerability. Fortify Infrastructure. Operate Securely.

As an oil and gas company, you must remain vigilant in the face of the industry’s persistent cyber threats.

Owners/operators of TSA-designated critical pipeline and natural gas facilities were required to create and submit a Cybersecurity Implementation Plan by October 25, 2022.  Your plan must include in-depth details on how your organization will approach malicious attacks and proactively take action to prevent disruption and degradation to critical infrastructure in the event of a cyber-attack. You are also required to develop and maintain an up-to-date cybersecurity incident response plan and cybersecurity assessment program.  Until the TSA approves your plan, apply the requirements in SD 2021-02B. Plans must be updated and submitted annually.  

Are you ready?  Do you still need help?  Are you unsure and you have questions?

The recent high-profile attacks on Colonial Pipeline and Petroleos Mexicanos (Pemex) are stark reminders of the potential consequences of insufficient cybersecurity measures. The Colonial Pipeline incident, which occurred in May 2021, resulted in a ransomware attack that temporarily shut down the pipeline, causing fuel shortages and significant disruptions to the fuel supply along the East Coast of the United States. Similarly, Mexico’s state-owned oil company, Pemex, encountered multiple cyber-attacks, including ransomware attacks that impacted their administrative and payment systems.

Understanding the unique challenges faced by oil and gas companies, we are here to offer our specialized expertise in cybersecurity to protect your operations. At Colombia Advisory Group, we are a trusted cybersecurity and IT firm that provides tailored managed services to companies like yours. Our Security Practice Group can help evaluate and navigate your security operations, address regulatory requirements, optimize business processes, and enhance your IT decision-making.

We recognize the criticality of protecting your infrastructure, data, reputation, and brand. By collaborating closely with your team, we will access and develop a comprehensive cybersecurity compliance program and risk register explicitly designed for your oil and gas company.

Our team of experts will thoroughly assessment of your IT systems, identify vulnerabilities, and recommend policy standards and procedures aligned with industry-leading security frameworks. Whether you require a hands-on approach or prefer us to lead in project resourcing, our goal remains:  safeguarding your valuable resources by identifying risks, strengthening your IT governance and cybersecurity programs, and implementing solutions that align with your business objectives.

By engaging our services, you gain access to our deep expertise, allowing you to focus on your core operations. We offer a range of Managed Services and Managed Security Services tailored for the energy sector, including:

Our Managed Services and Managed Security Services for Banking, Insurance and Private Equity Firms focus includes:

  • Strategy, Governance, Risk & Regulatory Compliance
  • Managed Cybersecurity Operations
  • Data Governance
  • Fractional CISO and Fractional Data Management Officers
  • Managed Detection and Response

By entrusting us with your technology, infrastructure, and compliance responsibilities, you can achieve greater operational efficiencies, cost savings, and improved security posture. Our team is committed to providing the right blend of experience and expertise to meet the unique needs of your small oil and gas company. Together, we will ensure the security and resilience of your operations in the face of evolving cyber threats.

Cybersecurity

Our cybersecurity team begins by developing your customized security programs, plans, risk registers, and policy standards based on your industry’s security frameworks and regulatory environment.

Managed Information Technology

CAG provides managed services tailored to your specific needs, we accomplish your business goals even in the most challenging economic or change environments. We advice the latest technologies & service approaches scaled to your specific requirements and budget.

IT Leadership & Advisory

More than just a consultant, our virtual and interim leaders become your strategic partners, helping you lower operation costs while building, managing, protecting and securing your information technology and cybersecurity footing. Ask us about Chief Information Officer, Chief Information Security Officer and Data Protection Officer services.

TSA Security Directive

The TSA Security Directive Pipeline focuses on protecting our critical infrastructure against emerging cyber threats. As an industry leader, it is vital to take proactive steps to fortify your cybersecurity defenses and adhere to the strict guidelines outlined in the directive.
Our dedicated team of cybersecurity professionals is equipped with the knowledge and experience necessary to guide you through the compliance process seamlessly. We specialize in understanding the unique challenges faced by the oil and gas sector, and we have a proven track record of successfully assisting companies like yours.

PCI Compliance

Owners/operators of TSA-designated critical pipeline and natural gas facilities were required to create and submit a Cybersecurity Implementation Plan by October 25, 2022. Your plan should have included in-depth details on how the organization will approach malicious attacks and proactively take action to prevent disruption and degradation to critical infrastructure in the event of a cyber attack. You were also required to develop and maintain an up-to-date cybersecurity incident response plan and cybersecurity assessment program.

Security Directive Pipeline-2021-02C Requirements

Create a Cybersecurity Implementation Plan that details an in-depth approach to malicious attacks.
III.A:  Identify critical cyber systems
III.B:  Implement network segmentation policies and controls
III.C:  Implement access control measures to secure and prevent unauthorized access
III.D:  Implement continuous real-time monitoring and detection policies and procedures to prevent, detect, and respond to cyber      threats and anomalies affecting critical cyber systems
III.E:  Apply security patches and updates for operating systems, applications, drivers, and firmware on critical cyber systems consistent with the owner/operator’s risk-based methodology.
Develop a Cybersecurity Incident Response Plan that demonstrates how you will reduce the risk of operational disruption in the event of a cybersecurity incident. This is covered in Section III.F
Create a Cybersecurity Assessment Program and submit an annual plan detailing how you will proactively and regularly assess the effectiveness of cybersecurity measures, as well as identify and resolve vulnerabilities.

Time Has Run Out

The Transportation Security Administration (TSA) has issued a critical Security Directive Pipeline that demands immediate compliance from all oil and gas companies operating in this sector. Failure to meet the deadline could have severe consequences for your business.
At Columbia Advisory, we understand the urgency and complexity of this directive. Our expertise lies in providing tailored cybersecurity solutions to the oil and gas industry, and we are here to help you navigate this crucial compliance journey.

Ready to Talk with an Expert?

Learn how we align our exceptional experience as a leading IT Managed Service Provider to bring measurable benefits to your organization