A U.S.-based liquefied natural gas operator engaged Armexa to conduct a Validated Cybersecurity Assessment (VCA) of its DeltaV-based distributed control system environment. While the facility had strong foundational practices in place, it lacked a formally documented OT cybersecurity program, leaving gaps in user account management, network segmentation, security monitoring, and policy documentation that prevented the operator from demonstrating a defensible compliance posture. Armexa delivered a structured risk assessment aligned to the DeltaV Security Manual, NIST CSF, and ISA/IEC 62443, producing a clear baseline and a prioritized roadmap for closing identified gaps.
Challenges
Strong operational practices, but no formally documented OT cybersecurity program
The DeltaV control environment had a solid foundation, but the absence of a structured, documented program created risk exposure and compliance vulnerability across several domains. Key challenges included:
- User Account Management: Inconsistent practices for OT user account provisioning, periodic review, and deprovisioning. creating uncontrolled access risk
- Network Segmentation: Gaps in segmentation between control systems and third-party equipment, weakening the defensive boundary around critical OT assets
- Security Monitoring: Limited centralized monitoring and reduced visibility into OT security events, with no reliable mechanism for detecting anomalous activity
- Program Documentation: Incomplete cybersecurity policies, procedures, and standards alignment. This was insufficient to satisfy regulatory audit requirements or insurer expectations
Our Solution
A structured Basic Cybersecurity Assessment across all site domains, tailored to the DeltaV environment
Armexa executed a VCA aligned to the DeltaV Security Manual, NIST CSF, and ISA/IEC 62443, combining pre-assessment data collection with on-site facilitated workshops and a structured evaluation across the full OT security domain:
- Pre-Assessment Data Collection: Gathered system documentation and technical configurations in advance to inform the on-site workshop and focus time on analysis rather than discovery.
- On-Site Assessment Workshop: Facilitated structured sessions with OT, IT, and operations stakeholders to evaluate current practices against industry standards.
- OT Security Evaluation: Assessed network security, workstation hardening, user account management, patch management, physical security, security monitoring, and data management, producing findings across each domain.
- Findings & Roadmap: Documented prioritized recommendations practical for implementation within an operational LNG environment, without requiring operational disruption.
Outcomes & Impact
A defensible compliance baseline and the foundation for a broader OT cyber risk program
The assessment gave the operator a clear, structured view of its current posture and a practical path forward:
- Clear, defensible baseline of OT cybersecurity posture benchmarked against the DeltaV Security Manual, NIST CSF, and ISA/IEC 62443, establishing documented evidence of program status for regulatory and insurer audiences
- Improved visibility into gaps across user access management, network segmentation, and security monitoring, replacing informal practices with documented findings
- Prioritized roadmap enabling targeted risk reduction without operational disruption to the LNG control environment
- Foundation for a broader OT cyber risk program and stronger IT/OT alignment, positioning the operator for more comprehensive assessments as maturity develops