Cyber Security Fundamentals for Oil and Gas Professionals

September 11-12, 2024 | Online

If you are unable to attend at the scheduled date and time, we make recordings available to all registrants for seven days after the event

The EUCI Cyber Security Fundamentals for Oil and Gas Professionals course is designed to provide oil and gas professionals with a fundamental understanding of cyber security, including:

Threats

Vulnerabilities

Risks unique to the industry

Participants will learn how to identify, assess, and mitigate cyber security risks in upstream, midstream, and downstream operations. Join the EUCI Cyber Security Fundamentals for Oil and Gas course to gain insights on IT and OT networks, oil and gas industry standards and regulations (e.g., NIST, IEC 62443, ISO 27001), TSA Security Directives for critical pipeline operators, and more.

Course Learning Outcomes

Identify the unique vulnerabilities of oil and gas systems and how they can be exploited by attackers

Identify and assess cyber security risks in an oil and gas environment

Review the differences between IT and OT networks and the unique challenges of securing OT networks

Identify relevant industry standards and regulations (e.g., NIST, IEC 62443, ISO 27001) and apply them to oil and gas cyber security

Review TSA Security Directives for critical pipeline operators

Discuss the risk management process and how it applies to cyber security

Develop and implement a comprehensive cyber security program for an oil and gas company

Explain the importance of employee training and awareness in maintaining cyber security

Recognize the key components of incident response and business continuity planning

Agenda

WEDNESDAY, SEPTEMBER 11, 2024

9:00 a.m. – 4:00 p.m. Central Time

Introduction to Cyber Security in the Oil and Gas Industry

Current cyber security landscape and its impact on the oil and gas industry

Upstream exploration and production facilities

Midstream transportation and storage infrastructure

Downstream refining and petrochemical facilities

Renewable energy facilities

Natural gas processing facilities

Control systems and industrial automation networks

Anatomy of Colonial Pipeline attack

Differences between IT and OT networks

Securing OT networks

Standards and regulations

NIST

IEC 62443

ISO 27001

Risk management process and how it applies to cyber security

Cyber Threats and Vulnerabilities in the Oil and Gas Industry

Common cyber threats and attack vectors in the oil and gas industry

Ransomware

Phishing

Advanced persistent threats

Insider threats

Vulnerabilities of oil and gas systems

Legacy systems

Remote locations

Supply chain risks

Security controls and their effectiveness in mitigating cyber risks

Physical ramifications

Production disruption

Equipment failure

Environmental damage

Hands-on exercises to identify and assess cyber security risks in a simulated oil and gas environment

THURSDAY, SEPTEMBER 12, 2024

9:00 a.m. – 12:00 p.m. Central Time

Best Practices for Cyber Security in the Oil and Gas Industry

Best practices for securing IT and OT networks in the oil and gas industry

Employee training and awareness in maintaining cyber security

Incident response

Business continuity planning

Hands-on exercises to develop a cyber security plan for an oil and gas company

Instructors

Gurdeep Kaur, Managing Director and Chief Information Security Officer, PSEG

Gurdeep Kaur has over 20 years of core experience in cyber security that spans across multiple sectors including telecom, financial, healthcare and energy.

In her current role as the Managing Director and Chief Information Security Officer at PSEG, she is responsible for managing the cyber security, risk, and compliance function across Information Technology and Operational Technology. Her areas of expertise include enterprise security strategic planning and execution, industry-standard security architecture, and security audit management of technology environments in oil, gas, and electric sectors.