Introductory Courses, Technology

Cyber Security Fundamentals for Oil and Gas Professionals

Jon Brown
May 17, 2023

Cyber Security Fundamentals for Oil and Gas Professionals

September 12-13, 2023 | Online :: Central Time

The EUCI Cyber Security Fundamentals for Oil and Gas Professionals course is designed to provide oil and gas professionals with a fundamental understanding of cyber security, including:

  • Threats
  • Vulnerabilities
  • Risks unique to the industry

Participants will learn how to identify, assess, and mitigate cyber security risks in upstream, midstream, and downstream operations. Join the EUCI Cyber Security Fundamentals for Oil and Gas course to gain insights on IT and OT networks, oil and gas industry standards and regulations (e.g., NIST, IEC 62443, ISO 27001), TSA Security Directives for critical pipeline operators, and more.

Course Learning Outcomes

  • Identify the unique vulnerabilities of oil and gas systems and how they can be exploited by attackers
  • Identify and assess cyber security risks in an oil and gas environment
  • Review the differences between IT and OT networks and the unique challenges of securing OT networks
  • Identify relevant industry standards and regulations (e.g., NIST, IEC 62443, ISO 27001) and apply them to oil and gas cyber security
  • Review TSA Security Directives for critical pipeline operators
  • Discuss the risk management process and how it applies to cyber security
  • Develop and implement a comprehensive cyber security program for an oil and gas company
  • Explain the importance of employee training and awareness in maintaining cyber security
  • Recognize the key components of incident response and business continuity planning

Agenda

Tuesday, September 12, 2023 : Central Time

8:45 – 9:00 a.m.
Log In and Welcome

12:00 – 12:30 p.m.
Lunch Break

9:00 a.m. – 4:00 p.m.
Course Timing

 

Introduction to Cyber Security in the Oil and Gas Industry

  • Current cyber security landscape and its impact on the oil and gas industry
    • Upstream exploration and production facilities
    • Midstream transportation and storage infrastructure
    • Downstream refining and petrochemical facilities
    • Renewable energy facilities
    • Natural gas processing facilities
    • Control systems and industrial automation networks
  • Anatomy of Colonial Pipeline attack
  • Differences between IT and OT networks
    • Securing OT networks
  • Standards and regulations
    • NIST
    • IEC 62443
    • ISO 27001
  • Risk management process and how it applies to cyber security

Cyber Threats and Vulnerabilities in the Oil and Gas Industry

  • Common cyber threats and attack vectors in the oil and gas industry
    • Ransomware
    • Phishing
    • Advanced persistent threats
    • Insider threats
  • Vulnerabilities of oil and gas systems
    • Legacy systems
    • Remote locations
    • Supply chain risks
  • Security controls and their effectiveness in mitigating cyber risks
  • Physical ramifications
    • Production disruption
    • Equipment failure
    • Environmental damage
  • Hands-on exercises to identify and assess cyber security risks in a simulated oil and gas environment

 

Wednesday, September 13, 2023 : Central Time

8:45 – 9:00 a.m.
Log In

9:00 a.m. – 12:00 p.m.
Course Timing

 

Best Practices for Cyber Security in the Oil and Gas Industry

  • Best practices for securing IT and OT networks in the oil and gas industry
  • Employee training and awareness in maintaining cyber security
  • Incident response
  • Business continuity planning
  • Hands-on exercises to develop a cyber security plan for an oil and gas company

Instructor

Gurdeep Kaur, Managing Director and Chief Information Security Officer, PSEG

Gurdeep Kaur has over 20 years of core experience in cyber security that spans across multiple sectors including telecom, financial, healthcare and energy.

In her current role as the Managing Director and Chief Information Security Officer at PSEG, she is responsible for managing the cyber security, risk, and compliance function across Information Technology and Operational Technology. Her areas of expertise include enterprise security strategic planning and execution, industry-standard security architecture, and security audit management of technology environments in oil, gas, and electric sectors.

She served as the founder-president of the (ISC)² New Jersey Chapter, chair of (ISC)² North American Advisory Council and member of Cloud Security Alliance (CSA) Global Enterprise Advisory Board. She is the cofounder of “StepUpSkill”, a not-for-profit organization focused on initiatives to address the shortage of cyber workforce.

She received a bachelor’s degree in electrical engineering from Delhi College of Engineering in New Delhi, India.  She holds multiple security certifications including CISSP-ISSAP, CISA and CCSK.

Online Delivery

We will be using Microsoft Teams to facilitate your participation in the upcoming event. You do not need to have an existing Teams account in order to participate in the broadcast – the course will play in your browser and you will have the option of using a microphone to speak with the room and ask questions, or type any questions in via the chat window and our on-site representative will relay your question to the instructor.

  • IMPORTANT NOTE: After November 30 you will not be able to join a Teams meeting using Internet Explorer 11. Microsoft recommends downloading and installing the Teams app if possible. You may also use the Edge browser or Chrome.
  • You will receive a separate email with a unique link to a personalized landing page which will include links to join all sessions of this event.
  • If you are using a microphone, please ensure that it is muted until such time as you need to ask a question.
  • The remote meeting connection will be open approximately 30 minutes before the start of the course. We encourage you to connect as early as possible in case you experience any unforeseen problems.

Register

Please Note: This event is being conducted entirely online. All attendees will connect and attend from their computer, one connection per purchase. For details please see our FAQ

If you are unable to attend at the scheduled date and time, we make recordings available to all attendees for 7 days after the event

REGISTER NOW FOR THIS EVENT:

Cyber Security Fundamentals for Oil and Gas Professionals

September 12-13, 2023 | Online
Individual attendee(s) - $ 1195.00 each

Volume pricing also available

Individual attendee tickets can be mixed with ticket packs for complete flexibility
Pack of 5 attendees - $ 4,780.00 (20% discount)
Pack of 10 attendees - $ 8,365.00 (30% discount)
Pack of 20 attendees - $ 14,340.00 (40% discount)

Your registration may be transferred to a member of your organization up to 24 hours in advance of the event. Cancellations must be received on or before August 11, 2023 in order to be refunded and will be subject to a US $195.00 processing fee per registrant. No refunds will be made after this date. Cancellations received after this date will create a credit of the tuition (less processing fee) good toward any other EUCI event. This credit will be good for six months from the cancellation date. In the event of non-attendance, all registration fees will be forfeited. In case of conference cancellation, EUCIs liability is limited to refund of the event registration fee only. For more information regarding administrative policies, such as complaints and refunds, please contact our offices at 303-770-8800

CEUs

Credits

AP_Logo

EUCI is accredited by the International Accreditors for Continuing Education and Training (IACET) and offers IACET CEUs for its learning events that comply with the ANSI/IACET Continuing Education and Training Standard. IACET is recognized internationally as a standard development organization and accrediting body that promotes quality of continuing education and training.

EUCI is authorized by IACET to offer 1.0 CEUs for this event

Requirements for Successful Completion of Program

Participants must log in each day and be in attendance for the entirety of the conference to be eligible for continuing education credit.

Instructional Methods

PowerPoint presentations, panel discussions and case studies will be used for this conference. We will also use hands-on exercises through simulation programming.

Upon successful completion of this event, program participants interested in receiving CPE credits will receive a certificate of completion.

Course CPE Credits: 11.0
There is no prerequisite for this Course.
Program field of study: Specialized Knowledge
Program Level: Basic
Delivery Method: Group Internet Based
Advanced Preparation: None

CpeEUCI is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its web site: www.nasbaregistry.org

 

Who Should Attend

  • Chief Information Security Officer (CISO)
  • Cybersecurity Manager
  • IT Security Manager/Analyst
  • Network Security Engineer
  • OT Security Engineer
  • Control Systems Security Analyst
  • Risk Management Analyst
  • Compliance Manager
  • IT/OT Project Manager
  • Information Security Officer
  • Security Consultant
  • Penetration Tester
  • Incident Response Manager
  • Business Continuity Manager
  • Chief Information Officer (CIO)
  • Chief Technology Officer (CTO)
  • Operations Manager
  • Plant Manager
  • Production Manager