When a leading petrochemical company in Canada set out to modernize its cybersecurity posture, one mission stood above all: safeguard the Industrial Control System (ICS) - the heart of its industrial operations.

Arista Cyber was chosen to design and implement a Cyber Program that would align policies, processes, and technical foundations with NIST CSF 2.0 and IEC/ISA 62443. The result was a comprehensive cybersecurity program, embedded into daily operations, supported by robust asset visibility and network architecture documentation, empowering the organization to operate with resilience and trust.

The Story Begins

In today’s petrochemical industry, the ICS is where operations come alive; where automation, networks, and control systems keep production safe, efficient, and continuous. But with cyber threats advancing, the integrity of the ICS was no longer guaranteed.

The Canadian petrochemical company recognized the risk: without clear governance, visibility of assets, and robust procedures, even the most advanced operations could be vulnerable. They needed more than a compliance exercise; they needed a partner to transform their approach to cybersecurity.

That’s where Arista Cyber stepped in.

The Challenge

The company faced pressing concerns:

• Fragmented Procedures - Policies and work instructions varied by site, leaving room for gaps in secure operations.
• Limited Asset Visibility - Many OT assets and networks lacked clear documentation, complicating risk management.
• Emerging Vulnerabilities - Global threats highlighted the importance of knowing where exposures existed.
• Integration into Daily Practice – Even the best cybersecurity framework would fall short if it wasn’t embedded into daily site operations.

Failure to address these challenges would mean heightened risk to safety, operations, and compliance an unacceptable outcome for a leading player in Canada’s critical energy sector.

Our Approach

Arista Cyber deployed a team of consultants with deep expertise in automation, networking, and OT cybersecurity. Their mission: embed cybersecurity into the DNA of site operations.

Governance & Procedures

• Developed a cybersecurity program aligned with NIST CSF 2.0 and IEC/ISA 62443.
• Created policies, procedures, work instructions, and operating models for all terminals.
• Collaborated with site stakeholders to adapt templates to real-world systems and workflows.
• Ensured the “secure way of working” became part of daily practice, not just documentation.

Asset Inventory & Visibility

• Conducted on-site asset and network discovery.
• Deployed automated inventory scripts to capture detailed system information.
• Investigated vulnerabilities, across all sites within OT/ICS systems.
• Documented findings in structured templates to build transparency.

Key Deliverables

• Cybersecurity framework, policies, and procedures tailored to site operations.
• Comprehensive asset inventory capturing all OT/ICS assets.
• Physical network architecture diagrams for each site.
• Logical network architecture diagrams detailing data flows.
• Overall network architecture providing a consolidated view across terminals.

Results & Impact

By the end of the program, the petrochemical company achieved:

• Governance Clarity – A unified framework with consistent, secure practices across all terminals.
• Full Visibility – A clear, accurate inventory of assets and networks for risk management and incident response.
• Reduced Vulnerability – Identification and mitigation of log4j risks, strengthening operational security.
• Cultural Shift – Cybersecurity practices became part of everyday site operations, not a separate layer.
• Future Resilience – A living roadmap aligned with international best practices, ready to evolve with threats.

For the Canadian petrochemical company, cybersecurity was no longer just about compliance it became a pillar of operational excellence. By embedding security into people, processes, and technology, Arista Cyber helped ensure that the integrity of the Industrial Control System would stand strong against evolving cyber risks.