Control Path Protection for Upstream, Midstream, and Refinery
Oil and gas operations span remote wellheads, offshore platforms, pipelines, and refineries. Each environment runs safety-critical control systems that must remain isolated from corporate networks and external threats.
Oil and Gas
In oil and gas, a compromised control system is not a data breach. It is a potential safety incident with consequences measured in lives, environmental damage, and billions in liability.
100%
DCS and SIS isolation from corporate IT
Zero
Persistent vendor paths to safety systems
5
Operational zones with independent governance
Full
IEC 62443 and NIS2 compliance evidence
Oil and gas face converging cyber-physical risks.
Safety System Exposure
Safety instrumented systems increasingly share network infrastructure with DCS and business systems, creating paths to the last line of defence against catastrophic events.
Remote Operations
Offshore platforms and remote wellheads rely on satellite and radio communications for control, with limited visibility into who is accessing what.
Contractor Access
Dozens of specialist contractors require access to different control systems, each creating persistent pathways that outlive the maintenance window.
The Scenario
Scenario: Refinery DCS Compromise via Contractor VPN
Attackers compromise a control system integrator through a targeted phishing campaign. Using the integrator's VPN credentials, they access the refinery DCS network through a maintenance connection that was left active between scheduled visits. Over three weeks, they map the process control network and deploy modified logic on key programmable controllers. When activated, the modified logic causes a distillation column to operate outside safe parameters. The safety instrumented system should intervene, but its engineering workstation was reachable from the same network segment. With Firevault Control, the contractor VPN path is physically severed between maintenance windows. The SIS exists on a separate, disconnected network. The attack cannot reach safety systems because the path does not exist.
"We had 23 active contractor VPN tunnels into our DCS network. When we audited them, seven belonged to contractors whose projects had ended more than a year ago. The tunnels were still live."
Physical governance for process control environments.
Oil and gas operators gain physical control over every network path into DCS, SIS, and remote operations infrastructure. Contractor access exists only during authorised windows. Safety systems remain physically disconnected from all other networks. Recovery from sophisticated attacks is guaranteed through air-gapped archives.
- Physical separation between DCS, SIS, and corporate networks
- Contractor paths that do not exist outside maintenance windows
- Multi-party authorisation involving operations and HSE teams
- Out-of-band management for offshore and remote facilities
- Continuous IEC 62443 and NIS2 compliance evidence
- Air-gapped recovery for safety system configurations
Fracture — Emergency Process Isolation
Module 1 of 4Physically severs network connections between process zones during active threats. When a compromise is detected in one area, Fracture prevents lateral movement into adjacent process units or safety systems.
Featured In
'%3e%3cpath%20fill='%23E40784'%20d='M141.363%2026.6a5.905%205.905%200%200%201-5.899-5.9%205.905%205.905%200%200%201%205.899-5.895%205.901%205.901%200%200%201%205.895%205.895%205.9%205.9%200%200%201-5.895%205.9Zm0-8.347a2.448%202.448%200%200%200%200%204.895%202.449%202.449%200%200%200%202.447-2.448%202.449%202.449%200%200%200-2.447-2.447ZM141.363%200c-.821%200-1.638.052-2.447.144v3.731a16.897%2016.897%200%200%201%202.447-.177c9.373%200%2017.002%207.626%2017.002%2017.002%200%20.825-.063%201.642-.177%202.448h3.732c.095-.81.143-1.627.143-2.448%200-11.411-9.285-20.7-20.7-20.7Z'/%3e%3cpath%20fill='%23E40784'%20d='M141.363%207.268c-.825%200-1.645.077-2.447.228v3.787a9.733%209.733%200%200%201%202.447-.313c5.369%200%209.734%204.368%209.734%209.734%200%20.832-.107%201.652-.313%202.447h3.783c.151-.802.228-1.623.228-2.447.004-7.412-6.024-13.436-13.432-13.436Z'/%3e%3cpath%20fill='%23fff'%20d='M71.382%207.537h-2.84a5.82%205.82%200%200%200-5.815%205.818v9.785h4.037v-9.789a1.78%201.78%200%200%201%201.777-1.777h2.841V7.537ZM80.539%2019.1a3.787%203.787%200%200%201-3.783-3.784%203.787%203.787%200%200%201%203.783-3.783%203.787%203.787%200%200%201%203.783%203.784%203.787%203.787%200%200%201-3.783%203.783Zm0-11.6c-4.313%200-7.82%203.507-7.82%207.82%200%204.313%203.507%207.82%207.82%207.82%201.372%200%202.66-.357%203.78-.982v.982h4.036V15.32c.004-4.313-3.503-7.82-7.816-7.82ZM41.806%2018.71a5.512%205.512%200%200%201-4.34%202.1%205.55%205.55%200%200%201-5.541-5.541%205.55%205.55%200%200%201%205.542-5.543c1.696%200%203.279.766%204.339%202.102l.088.114%201.656-1.656-.077-.092a7.865%207.865%200%200%200-6.01-2.797c-4.339%200-7.871%203.533-7.871%207.872s3.532%207.871%207.871%207.871a7.865%207.865%200%200%200%206.01-2.797l.077-.091-1.656-1.656-.088.113ZM19.479%207.397c-4.34%200-7.872%203.53-7.872%207.872%200%204.342%203.533%207.871%207.872%207.871a7.883%207.883%200%200%200%207.205-4.71l.081-.18H24.15l-.037.058a5.543%205.543%200%200%201-10.05-1.873h13.2l.015-.11c.048-.357.073-.714.073-1.053%200-4.346-3.529-7.875-7.871-7.875Zm-5.417%206.705a5.54%205.54%200%200%201%205.417-4.376%205.54%205.54%200%200%201%205.417%204.376H14.06ZM46.192%2023.14h2.33v-8.847a4.599%204.599%200%200%201%204.593-4.592%204.599%204.599%200%200%201%204.592%204.592v8.844h2.33v-9.149h-.008a6.887%206.887%200%200%200-2.082-4.648%206.89%206.89%200%200%200-4.832-1.972%206.863%206.863%200%200%200-4.593%201.751V.545h-2.33V23.14ZM2.686%207.393H0v2.33h2.686v8.471a4.944%204.944%200%200%200%204.94%204.939h2.435v-2.33H7.625a2.613%202.613%200%200%201-2.609-2.612V9.726h3.772v-2.33H5.016V1.84h-2.33v5.553ZM101.968%208.457a7.721%207.721%200%200%200-2.547-.858c-.088-.014-.177-.03-.265-.04-.1-.011-.199-.022-.302-.03a9.993%209.993%200%200%200-.574-.029c-.022%200-.04-.004-.062-.004h-.037c-4.313%200-7.82%203.507-7.82%207.82%200%204.313%203.507%207.82%207.82%207.82h.037c.25%200%20.496-.014.743-.04l.037-.003a7.742%207.742%200%200%200%203.003-.939v.979h4.037L106.005.537h-4.037v7.92Zm0%206.863a3.788%203.788%200%200%201-3.769%203.78%203.786%203.786%200%200%201-3.76-3.78c0-2.08%201.688-3.772%203.764-3.78a3.787%203.787%200%200%201%203.765%203.78ZM119.75%2023.11h4.037V15.299c-.011-4.302-3.515-7.798-7.82-7.798-4.313%200-7.821%203.507-7.821%207.82%200%204.313%203.508%207.82%207.821%207.82%201.372%200%202.66-.357%203.783-.982v.953Zm-3.783-4.01a3.786%203.786%200%200%201-3.783-3.784%203.786%203.786%200%200%201%203.783-3.783%203.79%203.79%200%200%201%203.783%203.78v.003a3.787%203.787%200%200%201-3.783%203.784ZM132.273%207.5a5.824%205.824%200%200%200-5.818%205.818v9.822h4.037v-9.822a1.78%201.78%200%200%201%201.777-1.777h2.841V7.5h-2.837ZM173.736%2020.807a5.534%205.534%200%200%201-5.527-5.527%205.534%205.534%200%200%201%205.527-5.528%205.535%205.535%200%200%201%205.528%205.528%205.535%205.535%200%200%201-5.528%205.527Zm0-13.399a7.852%207.852%200%200%200-5.527%202.274V7.393h-2.344V30h2.344v-9.127a7.836%207.836%200%200%200%205.527%202.275c4.339%200%207.872-3.533%207.872-7.872s-3.533-7.868-7.872-7.868ZM186.735%2023.14h-2.385v-9.81a5.84%205.84%200%200%201%205.833-5.834h2.848v2.385h-2.848a3.45%203.45%200%200%200-3.448%203.448v9.811ZM202.813%209.774a5.535%205.535%200%200%200-5.528%205.528%205.535%205.535%200%200%200%205.528%205.527%205.534%205.534%200%200%200%205.527-5.527%205.534%205.534%200%200%200-5.527-5.528Zm0%2013.4c-4.339%200-7.872-3.533-7.872-7.872%200-4.34%203.533-7.872%207.872-7.872s7.872%203.53%207.872%207.872c0%204.339-3.533%207.871-7.872%207.871Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h210.68v30H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
Key Capabilities
Sovereign Process Data
All process control configurations and safety system logic remain within the agreed jurisdiction in NATO-approved Firevault Bunkers.
Multi-Party Access Control
Contractor and vendor access requires sign-off from both operations and HSE teams before any path is activated.
IEC 62443 Evidence
Automated compliance logging maps directly to IEC 62443 zone and conduit requirements and NIS2 Article 21 outcomes.
Satellite Failover
Out-of-band management ensures control plane access to offshore and remote facilities independent of primary communications.
Tamper-Proof Logging
Every contractor session, configuration change, and access authorisation is recorded in immutable logs on physically separate infrastructure.
Air-Gapped Safety Backups
Physically disconnected copies of SIS logic and safety configurations ensure restoration capability during total compromise scenarios.
Demo to Live
Adoption Guide
Process Network Assessment
Map all network paths between corporate IT, DCS, SIS, and contractor access points across upstream, midstream, and downstream operations.
Zone and Conduit Design
Design physically separated zones aligned to IEC 62443 requirements with Control modules governing each conduit between zones.
Single Facility Pilot
Deploy at one facility with full zone separation, contractor access governance, and compliance logging to validate operational procedures.
Enterprise Rollout
Phased deployment across all facilities with air-gapped recovery, continuous compliance evidence, and out-of-band management.
Process Network Assessment
Map all network paths between corporate IT, DCS, SIS, and contractor access points across upstream, midstream, and downstream operations.
Zone and Conduit Design
Design physically separated zones aligned to IEC 62443 requirements with Control modules governing each conduit between zones.
Single Facility Pilot
Deploy at one facility with full zone separation, contractor access governance, and compliance logging to validate operational procedures.
Enterprise Rollout
Phased deployment across all facilities with air-gapped recovery, continuous compliance evidence, and out-of-band management.
Questions
Frequently Asked
Ready to take the next step?
See how Control can govern your data paths with physical enforcement no software exploit can bypass.