CASE
STUDY
SECURING REFINERY OT ENVIRONMENTS
ACROSS MULTI-SITE OPERATIONS
How a major refinery operator achieved standards-aligned visibility into OT cybersecurity risk across multiple refinery sites, established a structured improvement roadmap, and built the governance and monitoring foundations needed for long-term operational resilience.
| Challenge | Solution | Result |
|---|---|---|
| Increasing OT/IT connectivity across complex refinery environments with legacy control systems | Comprehensive OT/ICS cybersecurity assessment aligned to ISA/IEC 62443 and NIST CSF 2.0 across multiple sites | Full visibility into OT cybersecurity gaps and risk posture across refinery operations, with no risks categorized as extreme |
| No standards-aligned baseline for measuring or managing OT cybersecurity risk | On-site workshops, technical reviews, and architecture assessments covering DCS, PLCs, HMIs, SCADA, and OT infrastructure | Structured compliance baseline against ISA/IEC 62443 and NIST CSF 2.0 supporting governance decisions |
| Gaps in governance, asset visibility, monitoring, and vulnerability management across sites | Risk treatment roadmap, Purdue Model network architecture, cybersecurity dashboard, and awareness programme | Clear, phased roadmap enabling targeted improvements to safety, reliability, and long-term OT security maturity |
Project Background
A major refinery operator managing complex OT and ICS environments across multiple sites recognized that increasing connectivity between refinery control systems and enterprise networks was creating cyber risk that required proactive, structured management. Critical refinery systems, including DCS controllers, PLCs, HMIs, and SCADA platforms, were operating in an environment where cybersecurity gaps could directly affect operational safety, production reliability, and regulatory compliance. The organization required an assessment methodology that could establish a clear, standards-aligned view of current risk across sites, identify which gaps required prioritized attention, and provide a credible path toward a resilient OT cybersecurity programme.
Legacy Systems, Increasing Connectivity, and No Structured Security Baseline
Refinery OT environments present a cybersecurity challenge that is both technically demanding and operationally constrained. The control systems that manage process units, utilities, and safety functions have often been in service for many years, with security considerations that were not part of their original design. As enterprise connectivity has increased and remote access requirements have grown, these legacy environments have become more exposed without a corresponding increase in security controls.
The operator faced this challenge across multiple refinery sites. OT cybersecurity practices varied between locations, with no consistent baseline for governance, architecture, or technical controls. Asset visibility was incomplete, making it difficult to confirm what was connected, how it was configured, and where vulnerabilities existed. Monitoring capabilities were limited, and OT-related security events were not integrated into the broader enterprise security management programme. Leadership needed a structured assessment that could establish where the organization stood against recognized standards, identify the specific gaps requiring remediation, and provide the prioritized, actionable roadmap needed to direct improvement efforts effectively.
The assessment also needed to address the safety dimension that makes refinery OT cybersecurity distinct: in a refinery environment, a cyber incident that affects control system availability or integrity is not just an operational disruption. It carries the potential for process safety consequences that extend well beyond the immediate operational impact.
Multi-Site Assessment Against ISA/IEC 62443 and NIST CSF 2.0
Arista Cyber delivered a comprehensive OT/ICS cybersecurity assessment across refinery operations, covering OT policies, processes, architecture, and technical controls at each site. The assessment was aligned to both ISA/IEC 62443 and NIST Cybersecurity Framework 2.0, providing the operator with compliance visibility against the two standards most relevant to its operational and regulatory context.
The engagement was structured across several phases: pre-assessment planning to confirm scope and align on methodology, on-site workshops and stakeholder interviews across OT, engineering, IT, and operational teams, technical reviews of network infrastructure, remote access configurations, firewall rules, servers, endpoints, and backup systems, and architecture assessments against Purdue Model principles.
Critical refinery systems within scope included DCS controllers, PLCs, HMIs, SCADA platforms, engineering workstations, and the broader OT network infrastructure supporting process operations. Physical and logical access controls, patch management practices, and vulnerability management processes were also assessed.
Arista Cyber produced a comprehensive set of deliverables for the operator:
Detailed OT Cybersecurity Assessment Report
A detailed OT cybersecurity assessment report mapping identified gaps, risks, and vulnerabilities to ISA/IEC 62443 and NIST CSF 2.0 requirements, enabling direct compliance benchmarking.
Prioritized Management Recommendations
Management-level recommendations presented in a clear, prioritized format suitable for executive decision-making and governance review.
Phased Risk Treatment & Improvement Roadmap
A phased OT cybersecurity risk treatment and improvement roadmap structured around risk priority and implementation feasibility.
Purdue Model-Based Architecture Concept
A Purdue Model-based OT network architecture concept providing a target-state reference for segmentation and perimeter security improvements.
Asset Inventory Templates
Asset inventory templates to support ongoing OT asset visibility and configuration management.
OT Cybersecurity Dashboard Concept
An OT cybersecurity dashboard concept to support ongoing monitoring and risk tracking across the operational environment.
Cybersecurity Awareness Session
An OT cybersecurity awareness session aligned to assessment findings, building shared understanding of identified risks across stakeholders.
Consolidated Risk Visibility, Standards Alignment, and a Roadmap for Resilience
The engagement significantly improved the operator's visibility into its OT cybersecurity posture across refinery operations. For the first time, the organization had a consolidated, standards-aligned view of cybersecurity gaps and risk levels across its OT environment, mapped to both ISA/IEC 62443 and NIST CSF 2.0 in a format that supported governance and risk management decisions at both technical and executive levels.
The assessment confirmed that while specific gaps required prioritized remediation, no risks were categorized as extreme, and the overall risk posture was consistent with industry peers at a comparable stage of OT security maturity. This finding provided leadership with an evidence-based perspective on relative risk exposure and a credible, proportionate basis for investment decisions.
The delivered roadmap gave the operator a structured, sequenced path for addressing identified gaps, prioritized by risk impact and organized to support implementation within the operational constraints of a continuously operating refinery environment. Architectural recommendations provided a practical reference point for network segmentation improvements that could be planned and executed progressively without disrupting production.
The cybersecurity dashboard and asset inventory outputs established the foundation for enhanced ongoing monitoring and risk tracking, moving the organization toward a posture where OT cyber risk is continuously visible rather than periodically assessed. The awareness session aligned key stakeholders around the identified risks and remediation priorities, building the organizational readiness needed to sustain improvement beyond the immediate assessment engagement.
Collectively, the engagement equipped the operator with the clarity, structure, and direction needed to strengthen OT cybersecurity posture across refinery operations in a way that supports both safety objectives and long-term operational resilience.
Who Should Engage Arista Cyber?
IT and OT Leaders in industrial & critical infrastructure operations who want assurance, resilience, and measurable security outcomes.
What's The Next Step?
- Schedule a Cyber Risk Assessment
- Conduct an Executive Workshop
- Start OT Security Roadmap Planning
Operating refinery or process industry OT environments? Contact Arista Cyber to establish a standards-aligned cybersecurity baseline and a roadmap for operational resilience.
