We understand the language of the industry. We understand digital technologies. We bridge the gap between your needs and the paradigm shift, digitalization solutions can bring to your business.
Are you interested in our Industrial Automation Solutions?
Explore
This O&G upstream facility’s OT network faced challenges in meeting client’s global IT/OT security standards. The existing Process Control Network (PCN) lacked centralized visibility of OT assets, and real-time threat monitoring was not in place, which exposed the network to potential security vulnerabilities and operational risks.
To mitigate these risks, an OT cybersecurity solution was deployed that included VLAN-based segmentation, role-based access control, anomaly detection, and enhanced system hardening. Additionally, centralised backup and patch management were implemented to ensure robust and secure maintenance, while keeping the OT network isolated from corporate systems in accordance with the Client’s strict cybersecurity policies.
The OT network was divided into VLANs based on function—SCADA, PLC, VMS, etc.—with Access Control Lists (ACLs) set to control communication between VLANs. This segmentation reduced lateral movement within the network, significantly improving overall security.
A secure air-gapped patch management system was set up. WSUS and EPO signature updates were performed offline, ensuring endpoint security while maintaining compliance with air-gap protocols.
Continuous Threat Detection solution was integrated to continuously monitor OT assets and network traffic for any unauthorized changes, protocol anomalies, or vulnerabilities, alerting the team before any critical operational impacts could occur.
A 3-node VMware cluster, coupled with a QNAP-based NAS and backup solutions, ensured high availability and disaster recovery capabilities for the virtualized OT systems, safeguarding against potential data loss and ensuring system uptime.
To strengthen system integrity, all servers, workstations, firewalls, and network switches were hardened according to CIS benchmarks. Network Access Control solution was deployed for identity-based access control, limiting network access exclusively to authorized devices and users.
The cybersecurity solution implemented by CONSYST focused on creating a secure and scalable OT infrastructure that aligned with Client’s cybersecurity standards. This involved segmenting the OT network into isolated zones, each with specific security measures tailored to its function, ensuring restricted communication between different areas. The system included a virtualized platform for critical applications and backup systems, providing high availability and disaster recovery capabilities. Firewalls were strategically deployed to protect the network perimeter and ensure secure communication between the OT and external systems.
A secure offline method for patch management and system updates was introduced, ensuring that updates were applied without compromising the air-gapped environment. To enhance operational visibility and security, an asset monitoring and anomaly detection system was integrated to provide real-time insights into network activity, identifying potential threats or vulnerabilities before they could impact operations. Backup systems were centralized for efficient management, and time synchronization across the network was ensured to maintain accuracy. Custom dashboards were developed to provide intuitive monitoring, allowing for easier asset management, real-time alerts, and improved audit readiness for the facility.
