Gas

The threat picture

Gas operators run high-consequence assets — compression stations, processing plants, transmission pipelines — controlled by SCADA, PLCs, and increasingly cloud-connected IIoT. The safety implications of an unauthorised setpoint change or a compromised controller are immediate and physical.

That puts gas utilities in a tight bracket: SOCI obligations, sector regulators, and a threat picture that includes both opportunistic ransomware and targeted, OT-aware attackers.

What xCIRT covers

• Processing and compression — Control systems and safety instrumented systems (SIS) underpinning continuous operations.
• Transmission pipelines — SCADA, leak-detection telemetry, and remote field-asset access.
• Distribution networks — Local PLC control, metering, and the IIoT layer aggregating field data.
• Operational and corporate IT — Where IT and OT meet, including engineering workstations and historian access.

Where we help

• Gas-sector IR playbooks including pipeline-telemetry compromise, control-system command injection, and SIS-adjacent incidents.
• SOCI / CIRMP readiness with explicit attention to safety-critical OT.
• Containment decision support that respects SIS, safety regulations, and operational continuity.
• 24/7 retainer engagements with engineers who understand gas-sector OT.

The questions we usually start with

• Does your IR plan distinguish between control-system compromise and SIS-adjacent compromise?
• Is your safety case still valid under the containment actions your IR plan would take?
• Who in your organisation has the authority to take a compressor offline, and how is that exercised under pressure?