Control Path Protection for Upstream, Midstream, and Refinery
Oil and gas operations span remote wellheads, offshore platforms, pipelines, and refineries. Each environment runs safety-critical control systems that must remain isolated from corporate networks and external threats.
Oil and Gas
In oil and gas, a compromised control system is not a data breach. It is a potential safety incident with consequences measured in lives, environmental damage, and billions in liability.
100%
DCS and SIS isolation from corporate IT
Zero
Persistent vendor paths to safety systems
5
Operational zones with independent governance
Full
IEC 62443 and NIS2 compliance evidence
Oil and gas face converging cyber-physical risks.
Safety System Exposure
Safety instrumented systems increasingly share network infrastructure with DCS and business systems, creating paths to the last line of defence against catastrophic events.
Remote Operations
Offshore platforms and remote wellheads rely on satellite and radio communications for control, with limited visibility into who is accessing what.
Contractor Access
Dozens of specialist contractors require access to different control systems, each creating persistent pathways that outlive the maintenance window.
The Scenario
Scenario: Refinery DCS Compromise via Contractor VPN
Attackers compromise a control system integrator through a targeted phishing campaign. Using the integrator's VPN credentials, they access the refinery DCS network through a maintenance connection that was left active between scheduled visits. Over three weeks, they map the process control network and deploy modified logic on key programmable controllers. When activated, the modified logic causes a distillation column to operate outside safe parameters. The safety instrumented system should intervene, but its engineering workstation was reachable from the same network segment. With Firevault Control, the contractor VPN path is physically severed between maintenance windows. The SIS exists on a separate, disconnected network. The attack cannot reach safety systems because the path does not exist.
"We had 23 active contractor VPN tunnels into our DCS network. When we audited them, seven belonged to contractors whose projects had ended more than a year ago. The tunnels were still live."
Physical governance for process control environments.
Oil and gas operators gain physical control over every network path into DCS, SIS, and remote operations infrastructure. Contractor access exists only during authorised windows. Safety systems remain physically disconnected from all other networks. Recovery from sophisticated attacks is guaranteed through air-gapped archives.
- Physical separation between DCS, SIS, and corporate networks
- Contractor paths that do not exist outside maintenance windows
- Multi-party authorisation involving operations and HSE teams
- Out-of-band management for offshore and remote facilities
- Continuous IEC 62443 and NIS2 compliance evidence
- Air-gapped recovery for safety system configurations
Fracture, Emergency Process Isolation
Module 1 of 4Physically severs network connections between process zones during active threats. When a compromise is detected in one area, Fracture prevents lateral movement into adjacent process units or safety systems.
Featured In
'%3e%3cpath%20fill='%23E40784'%20d='M141.363%2026.6a5.905%205.905%200%200%201-5.899-5.9%205.905%205.905%200%200%201%205.899-5.895%205.901%205.901%200%200%201%205.895%205.895%205.9%205.9%200%200%201-5.895%205.9Zm0-8.347a2.448%202.448%200%200%200%200%204.895%202.449%202.449%200%200%200%202.447-2.448%202.449%202.449%200%200%200-2.447-2.447ZM141.363%200c-.821%200-1.638.052-2.447.144v3.731a16.897%2016.897%200%200%201%202.447-.177c9.373%200%2017.002%207.626%2017.002%2017.002%200%20.825-.063%201.642-.177%202.448h3.732c.095-.81.143-1.627.143-2.448%200-11.411-9.285-20.7-20.7-20.7Z'/%3e%3cpath%20fill='%23E40784'%20d='M141.363%207.268c-.825%200-1.645.077-2.447.228v3.787a9.733%209.733%200%200%201%202.447-.313c5.369%200%209.734%204.368%209.734%209.734%200%20.832-.107%201.652-.313%202.447h3.783c.151-.802.228-1.623.228-2.447.004-7.412-6.024-13.436-13.432-13.436Z'/%3e%3cpath%20fill='%23fff'%20d='M71.382%207.537h-2.84a5.82%205.82%200%200%200-5.815%205.818v9.785h4.037v-9.789a1.78%201.78%200%200%201%201.777-1.777h2.841V7.537ZM80.539%2019.1a3.787%203.787%200%200%201-3.783-3.784%203.787%203.787%200%200%201%203.783-3.783%203.787%203.787%200%200%201%203.783%203.784%203.787%203.787%200%200%201-3.783%203.783Zm0-11.6c-4.313%200-7.82%203.507-7.82%207.82%200%204.313%203.507%207.82%207.82%207.82%201.372%200%202.66-.357%203.78-.982v.982h4.036V15.32c.004-4.313-3.503-7.82-7.816-7.82ZM41.806%2018.71a5.512%205.512%200%200%201-4.34%202.1%205.55%205.55%200%200%201-5.541-5.541%205.55%205.55%200%200%201%205.542-5.543c1.696%200%203.279.766%204.339%202.102l.088.114%201.656-1.656-.077-.092a7.865%207.865%200%200%200-6.01-2.797c-4.339%200-7.871%203.533-7.871%207.872s3.532%207.871%207.871%207.871a7.865%207.865%200%200%200%206.01-2.797l.077-.091-1.656-1.656-.088.113ZM19.479%207.397c-4.34%200-7.872%203.53-7.872%207.872%200%204.342%203.533%207.871%207.872%207.871a7.883%207.883%200%200%200%207.205-4.71l.081-.18H24.15l-.037.058a5.543%205.543%200%200%201-10.05-1.873h13.2l.015-.11c.048-.357.073-.714.073-1.053%200-4.346-3.529-7.875-7.871-7.875Zm-5.417%206.705a5.54%205.54%200%200%201%205.417-4.376%205.54%205.54%200%200%201%205.417%204.376H14.06ZM46.192%2023.14h2.33v-8.847a4.599%204.599%200%200%201%204.593-4.592%204.599%204.599%200%200%201%204.592%204.592v8.844h2.33v-9.149h-.008a6.887%206.887%200%200%200-2.082-4.648%206.89%206.89%200%200%200-4.832-1.972%206.863%206.863%200%200%200-4.593%201.751V.545h-2.33V23.14ZM2.686%207.393H0v2.33h2.686v8.471a4.944%204.944%200%200%200%204.94%204.939h2.435v-2.33H7.625a2.613%202.613%200%200%201-2.609-2.612V9.726h3.772v-2.33H5.016V1.84h-2.33v5.553ZM101.968%208.457a7.721%207.721%200%200%200-2.547-.858c-.088-.014-.177-.03-.265-.04-.1-.011-.199-.022-.302-.03a9.993%209.993%200%200%200-.574-.029c-.022%200-.04-.004-.062-.004h-.037c-4.313%200-7.82%203.507-7.82%207.82%200%204.313%203.507%207.82%207.82%207.82h.037c.25%200%20.496-.014.743-.04l.037-.003a7.742%207.742%200%200%200%203.003-.939v.979h4.037L106.005.537h-4.037v7.92Zm0%206.863a3.788%203.788%200%200%201-3.769%203.78%203.786%203.786%200%200%201-3.76-3.78c0-2.08%201.688-3.772%203.764-3.78a3.787%203.787%200%200%201%203.765%203.78ZM119.75%2023.11h4.037V15.299c-.011-4.302-3.515-7.798-7.82-7.798-4.313%200-7.821%203.507-7.821%207.82%200%204.313%203.508%207.82%207.821%207.82%201.372%200%202.66-.357%203.783-.982v.953Zm-3.783-4.01a3.786%203.786%200%200%201-3.783-3.784%203.786%203.786%200%200%201%203.783-3.783%203.79%203.79%200%200%201%203.783%203.78v.003a3.787%203.787%200%200%201-3.783%203.784ZM132.273%207.5a5.824%205.824%200%200%200-5.818%205.818v9.822h4.037v-9.822a1.78%201.78%200%200%201%201.777-1.777h2.841V7.5h-2.837ZM173.736%2020.807a5.534%205.534%200%200%201-5.527-5.527%205.534%205.534%200%200%201%205.527-5.528%205.535%205.535%200%200%201%205.528%205.528%205.535%205.535%200%200%201-5.528%205.527Zm0-13.399a7.852%207.852%200%200%200-5.527%202.274V7.393h-2.344V30h2.344v-9.127a7.836%207.836%200%200%200%205.527%202.275c4.339%200%207.872-3.533%207.872-7.872s-3.533-7.868-7.872-7.868ZM186.735%2023.14h-2.385v-9.81a5.84%205.84%200%200%201%205.833-5.834h2.848v2.385h-2.848a3.45%203.45%200%200%200-3.448%203.448v9.811ZM202.813%209.774a5.535%205.535%200%200%200-5.528%205.528%205.535%205.535%200%200%200%205.528%205.527%205.534%205.534%200%200%200%205.527-5.527%205.534%205.534%200%200%200-5.527-5.528Zm0%2013.4c-4.339%200-7.872-3.533-7.872-7.872%200-4.34%203.533-7.872%207.872-7.872s7.872%203.53%207.872%207.872c0%204.339-3.533%207.871-7.872%207.871Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h210.68v30H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
Key Capabilities
Sovereign Process Data
All process control configurations and safety system logic remain within the agreed jurisdiction in NATO-approved Firevault Bunkers.
Multi-Party Access Control
Contractor and vendor access requires sign-off from both operations and HSE teams before any path is activated.
IEC 62443 Evidence
Automated compliance logging maps directly to IEC 62443 zone and conduit requirements and NIS2 Article 21 outcomes.
Satellite Failover
Out-of-band management ensures control plane access to offshore and remote facilities independent of primary communications.
Tamper-Proof Logging
Every contractor session, configuration change, and access authorisation is recorded in immutable logs on physically separate infrastructure.
Air-Gapped Safety Backups
Physically disconnected copies of SIS logic and safety configurations ensure restoration capability during total compromise scenarios.
Demo to Live
Adoption Guide
Process Network Assessment
Map all network paths between corporate IT, DCS, SIS, and contractor access points across upstream, midstream, and downstream operations.
Zone and Conduit Design
Design physically separated zones aligned to IEC 62443 requirements with Control modules governing each conduit between zones.
Single Facility Pilot
Deploy at one facility with full zone separation, contractor access governance, and compliance logging to validate operational procedures.
Enterprise Rollout
Phased deployment across all facilities with air-gapped recovery, continuous compliance evidence, and out-of-band management.
Process Network Assessment
Map all network paths between corporate IT, DCS, SIS, and contractor access points across upstream, midstream, and downstream operations.
Zone and Conduit Design
Design physically separated zones aligned to IEC 62443 requirements with Control modules governing each conduit between zones.
Single Facility Pilot
Deploy at one facility with full zone separation, contractor access governance, and compliance logging to validate operational procedures.
Enterprise Rollout
Phased deployment across all facilities with air-gapped recovery, continuous compliance evidence, and out-of-band management.
Win Business, Earn Trust, and Build Reputation with Butterfly
Butterfly is an operational model that helps organisations structure sensitive data to close deals faster, strengthen client relationships, and demonstrate the governance maturity that wins enterprise contracts.
Built on the VPPP framework (Vault, Policy, Permissions, Purpose), Butterfly maps your sensitive data and assigns dedicated Vaults by role, relationship, and purpose, turning data stewardship into a competitive advantage.
Deal Readiness
Governed materials ready to share with confidence
Client Trust
Demonstrate stewardship that earns loyalty
Board Confidence
Clear governance that inspires stakeholders
Enterprise Scale
Structure data governance across your organisation
Who Uses Butterfly?
-
Sales Teams
Secure client proposals, pricing, and commercial intelligence
-
Service Providers
Exchange sensitive documents with clients through governed Vaults
-
Businesses
Protect strategic plans, IP, and competitive intelligence
-
Family Offices
Structure data governance across principals, staff, and advisors
Explore More
Control for Critical Infrastructure
National-grade security for essential services.
Learn more about Control for Critical InfrastructureIEC 62443 Framework
Industrial automation security and Purdue model compliance.
Learn more about IEC 62443 FrameworkSupply Chain Threat
Disconnect third-party paths when not in active use.
Learn more about Supply Chain ThreatControl for OT Environments
Physical-path governance for SCADA, ICS and industrial control data.
Learn more about Control for OT EnvironmentsControl for Utilities
Zone and conduit governance for power, water and gas networks.
Learn more about Control for UtilitiesNIS2 Framework
Article 21 outcomes evidenced through physical path governance.
Learn more about NIS2 FrameworkQuestions
Frequently Asked
Ready to take the next step?
See how Control can govern your data paths with physical enforcement no software exploit can bypass.
Speak to the team to organise a PoC
Walk through your blueprint with the Firevault team and scope a proof of concept on your estate. 30 minutes, no sales pitch.