shutterstock_133287392w.jpg

Cyber Security

Your Facility Is A Target.

The question isn't what are you doing...it's are you doing enough.

Cyber-attacks are steadily increasing in the energy sector with the potential to cause widespread loss. The pervasive expansion of technology and the security of company information is now a major concern within the private sector. Plus, with the decrease in the workforce, the energy industry is set to see a rise in the automation of tasks in facilities and plants. Are you protected against the new and emerging cyber threats? Common risks to the energy sector include:

Phishing

Highly targeted emails to personnel that fools the user into clicking a link.

Vulnerabilities

A weakness in a system that can be exploited.

Back Door

Hackers use back doors to install malware, modify code or to gain system access.

Internet of Things

Everything that is connected to the internet is vulnerable to an attack.

Protection for the Oil & Gas Industry By the Oil & Gas Industry

As a third-party provider, GATE-OSS can remain an unbiased partner and focused on the big issues that could leave your company vulnerable to a cyber attack, whether or not its a software or hardware issue. Plus, we know how these energy facilities are installed, commissioned, started and how they are supposed to operate. And now with OSS, we know how they need to be protected.

Do you think that big software/hardware company knows how to startup an oil and gas facility? Probably not. Big box providers won't know how a facility needs to work, but we do.

OSS-PlatformDark.png

Traditional Approaches Are No Match Against Future Threats

Hackers, hacktivists, cyber terrorists, etc. are constantly adapting and changing their methods in order to get into your system to steal or destroy information or worse, your asset.

The traditional approach relies on protection from the biggest known threats, leaving less important systems vulnerable. This approach is insufficient in the current environment. With new threats emerging daily, GATE-OSS promotes a proactive approach to cyber security and data efficiency.

Bringing A Proactive Approach to Cyber Security

In order to deliver high-value, best-in-class cyber security and data efficiency solutions services to the energy industry, GATE has formed an alliance with the well-established and renowned cyber security firm OSS.  

With OSS's extensive knowledge in cyber security and GATE's expertise in the oil and gas industry, we can speak the language of both sides. Our alliance delivers peace-of-mind to our Clients in the constantly evolving cyber security market. 


Trusted & Vetted by the US Government

The United States trusts us to protect their national interests... shouldn't you?

The GATE-OSS Cyber division is comprised of former DoD and Intelligence Community specialists with decades of experience protecting vital national security interests. We are uniquely suited to provide high-end cyber security and data efficiency capabilities to the energy sector.

OSS is a premier intelligence and cyber solution provider in the national security sector and has extensive experience supporting:

  • Department of Defense (DoD)
  • Department of Homeland Security (DHS)
  • Department of Justice (DOJ)
  • Intelligence Community (IC)

With these security clearances, we will be able to provide you with the most updated threats to cyber security so you can rest at ease that your data and systems are safely protected against attacks.


A Big Box Provider Won't Know How Your Facility Works

Do you think that big software/hardware company knows how to startup an oil and gas facility? Probably not, but we do.

As a third-party provider, GATE-OSS can remain an unbiased partner and focused on the big issues that could leave your company vulnerable to a cyber attack, whether or not its a software or hardware issue. Plus, we know how these energy facilities are installed, commissioned, started and how they are supposed to operate. And now with OSS, we know how they need to be protected.

Identify. Protect. Detect. Respond. Recover.

We Address All Phases of the NIST Framework

Recognizing the national and economic security of the United States depends on the reliable function of critical infrastructure, the US government directed NIST to work with stakeholders to develop a voluntary framework – based on existing standards, guidelines, and practices - for reducing cyber risks to critical infrastructure.

Created through collaboration between industry and government, the Framework consists of standards, guidelines, and practices to promote the protection of critical infrastructure. The prioritized, flexible, repeatable, and cost-effective approach of the Framework helps owners and operators of critical infrastructure to manage cybersecurity-related risk. (http://www.nist.gov/cyberframework)

GATE-OSS addresses all the phases of the NIST Framework, including:

  • Penetration Testing & Vulnerability Assessments
  • NIST Compliance Audits
  • Predicative Analytic Solutions
  • Emergency Response During Attacks
  • Training/Curriculum Development
  • Consulting Services
Cyber Security NIST Framework
critical infrastructure

Protecting Critical Infrastructure

Threat Detection & Prevention Through Predictive Analytics

Cyber security can no longer be a reactive force. This approach is insufficient in the current environment and the effects could potentially cripple your company.

GATE-OSS promotes a proactive approach which means moving toward a continuous monitoring and real-time assessment model. We use analytics to predict the future and keep your company protected from future threats.


OSS led the concept development and establishment of “House” – the Navy’s most advanced intelligence analysis team assigned to the Office of Naval Intelligence.  OSS continues to provide the core analytic expertise of the ONI Advanced Analytics (House) team and leads the development and application of highly advanced intelligence analytic tools and methodologies against our Navy’s highest priority maritime targets.

OSS pioneers industry-leading cyber analytic approaches and capabilities to meet rapidly evolving threats to government and commercial networks. 

The OSS A2Cyber team operates in support of Interagency Cyber investigations and analysis.  The OSS Cyber team consists of experts known throughout the Navy, Army, FBI, IC, and Interagency cyber communities.  They have led and participated in some of our nation’s most sensitive cyber operations and continue to provide cutting-edge cyber security services and senior advisory support to an interagency command.  OSS is spearheading the formation of a strategic partnership between this client and a Cyber Joint Task Force.


Safeguarding Industrial Control Systems: Design & Optimization of SCADA Systems

Supervisory control and data acquisition or SCADA is a computer system used to gather and analyze real time data. This includes monitoring equipment for oil and gas facilities, plants and refineries (pressure and temperature gauges, flow meters, etc.). These days the energy industry relies heavily on these systems to control facilities, gather feedback from systems and decrease upsets based on trending. Cyber-attacks on these types of systems are a growing concern as they can cause wide spread power outages, data thefts, network breaches and denial of service. Attacks can severely impact uptime, safety, data integrity, and compliance.

SCADA

While these systems promote standard computer software, account logins and protocols for access, these are familiar vulnerabilities. These systems are often installed in remote areas that are difficult to access and often promote problems such as lack of authentication and encryption that would allow attackers into the system. While most SCADA systems have some level of defence, such as network segmentation and firewalls, attackers are always looking for alternative ways.

To achieve the level of protection needed, GATE-OSS provides a multi-layered defense including:

  • Ensure Authorized Access Only
  • Identity Awareness
  • Firewall
  • Intrusion Prevention
  • Anti-Virus
  • Threat Emulation
  • Threat Intelligence (Gathering and sharing new and emerging threats)

Cloud Computing

Cloud Computing Architecture Development

Proper design of cloud computing architecture is essential for cyber security. These include front end platforms (fat client, thin client, mobile devices), back end platforms (servers, storage), cloud based delivery and network (internet, intrantet and intercloud). Over estimation and underestimation of capacity can prove costly in the development stages. Risk areas need to be identified at the beginning to ensure that the cloud architecture is secure.

GATE-OSS provides the following services:

  • Internal Control Measures
    • Identity Management - who has access to the cloud.
    • Access Management - who has administrative rights to the cloud.
    • Maintaining Time Sync - to ensure that logs and backups are reliable.
  • External Control Measures
    • Security of data in motion (DIM), data in use (DIU), and data at rest (DAR) through encryption.
    • Risk Identification and Management identifying what data and systems need to be protected, at what stage in the lifecycle and at what strength.
    • Threat Intelligence - gathering and sharing new and emerging threats.
    • Disaster recovery planning and Incident management procedure development for serious incident scenarios.
    • Architecture auditing and improvement path development.
    • Vulnerability management and testing
    • Network control configuration

OSS is a primary leader in the IC and Navy cloud computing development efforts.  Johnnie Simpson is one of the IC’s and DoD’s foremost experts in cloud computing.  OSS is guiding the development of the Naval Tactical Cloud (NTC) and synchronizing cloud development efforts across the IC and DoD.


penetration and vulnerability assessments

Penetration Testing & Vulnerability Assessments

Penetration Testing

GATE-OSS can perform penetration testing to look for security weaknesses. These tests can help to determine whether a system is vulnerable to an attack, if the system's defenses are adequate and which defenses were defeated. Once testing is complete, we can provide recommendations on countermeasures to reduce the risk of these vulnerabilities.

Zero-Day Identification

A zero-day vulnerability is an undisclosed software vulnerability that hackers can exploit to affect computer programs, data or a network. It's known as a zero-day because once the vulnerability is known, the software's author has zero days to mitigate against it's exploitation. Zero-days are known to be worth hundreds of thousands of dollars on the black market and these types of attacks are a severe threat. GATE-OSS has over 30 years of experience in identifying zero-day vulnerabilities.


To read more about OSS, visit their website at www.oakleasimpsonsecurity.com