Boston Strategies International offers proactive threat prevention, detection, and remediation throughout gas, oil, and power supply chains through multi-tier
Working with your team, BSI helps you plan and execute an integrated cyber approach to avoid, manage, and remediate security and privacy breaches. We offer three services: Diagnostic Audits, Ongoing Management, and Damage Control and Remediation.
Infrastructure, intellectual property, and private data has been compromised by deliberate attacks on gas, oil, and power supply chains through the vulnerabilities of today’s immature, unregulated global Internet. For example
The cost of these cyber attacks is massive. A cyber attack targeted at 50-100 generators that supply power to 15 Northeastern United States, including Washington D.C., would leave almost 93m people without electricity and cause $62 billion to $228 billion in economic losses in the first year. Damage to turbine generating power plants and metering systems would cost $1 billion to $2 billion. Loss of electricity revenue would cost the utilities $1 billion to $4 billion. And loss of revenue to electricity consuming customers of the utilities would cost $60 billion to $222 billion. If recovery takes longer than a year, these costs would multiply. This damage assessment is according to a study by the Centre for Risk Studies at the University of Cambridge.
Major gas, oil, and power companies are now becoming aware of the risks that cyber attacks pose, and are investing capital to get their systems more secure to attack. Utilities are most vulnerable to cyber threat from a third tier supplier, which has no direct connection to the utility and supplies the equipment through a third party vendor or a distribution channel. Second tier suppliers also carry the same risk but are more visible and vetted.
For one-time projects, BSI’s Security Consulting Services reviews security infrastructure to understand the existing information technology control framework; identifying where your organization is most vulnerable to cyber threats and attacks.
We help you establish secure procurement practices for IT infrastructure to block out malicious components before they enter the supply chain, years before an attack occurs. Our consulting process prevents counterfeiting, tainting, and compromising, thereby helping you to avoid hardware, software, and component failures.
Our diagnostic services include Security Strategy Assessments, Technical Security Assessments, and PCI Compliance reviews.
We reduce the vulnerability of our power industry clients throughout their generation, transmission, and distribution infrastructure.
For long-term projects, it may be important to ensure cyber security over an entire project life cycle. BSI sets up a cyber security team that works in collaboration with your Project Management Office (PMO) from concept through installation.
We ensure consistency in security products, support tools, administration techniques and delivery mechanisms. Depending on the needs of the project, project update calls and documented status updates are scheduled and completed with all team members.
We scan for malicious software code in equipment and components that could compromise security, as well as kill-switches and backdoors that enable attackers to steal data or disable the system.
We audit vendors’ maintenance and repair activities including software upgrades and equipment services, whether done onsite or remotely, that could also allow hackers to corrupt or compromise systems. This includes components that could enter the supply chain from the secondary suppliers or contractors, which are less visible to the utility operators.
A Project Manager or Coordinator is assigned and works with internal team members as well as our expert consultants. A Project Manager creates a work plan to schedule all components of the plan in close collaboration with you.
If you have been the victim of a cyber attack, we help undo the damage and put in place corrective and preventative measures. This may include, for example:
BSI’s remediation projects results in improved responsibility, better business and operational transparency, and secure access management, and data visibility. Remediation also enhances resilience from such attacks so you can get back to normal operations quickly.