Mario Vukovic

Studied technical project and process management at the University of Applied Science in Vienna. Started to gain experience at OMV in the Schwechat refinery in 2006. Through numerous international projects, especially in the field of automation technology, he was able to consolidate his skills at other OMV and Petrom locations. In 2016, he was entrusted as Chief OT Security Officer with the implementation of the OT Security program, within OMV Downstream. Since 2023 he is managing a department for functional safety management and OT Security, within the Reliability, Technology and Projects business of Fuels and Feedstock. Areas of his specialization are functional and process safety as well automation engineering and explosion protection. He is a GIAC certified professional for Response and Industrial Defense (GRID) and TÜV certified functional safety engineer.

_________________________________________________________________________________________________________________________________________________________

Abstract

In an era marked by the rapid convergence of operational technology (OT) and information technology (IT) and a rapidly evolving threat landscape this contribution presents an updated security program for enhancing OT Security at OMV F&F, continuing our journey initiated by the first roadmap from 2019 to 2022. This extended roadmap not only builds upon the foundations laid during that period but also embraces the concept of an ever-running Quality Management (QM) system to ensure the ongoing security of OMV’s critical infrastructure, including refineries and other assets within the Fuels & Feedstock Business.

The presentation commences by revisiting the achievements and progress made during the first roadmap, emphasizing the importance of maintaining the security posture of industrial control systems in a dynamically evolving threat landscape. It highlights the need to adapt to new situations and requirements that have emerged since the initial roadmap, demonstrating OMV’s commitment to the continued safety and security of their assets on the one side, and economically and technically efficient allocation of resources that serves our long-term strategy, on the other side.

This approach ensures that security practices and procedures are continuously updated and improved to address emerging threats and vulnerabilities effectively. It provides a proactive means of safeguarding OMV’s infrastructure and ensuring compliance with regulations, even in the face of evolving challenges. In this light the new NIS directive (NIS 2) is to be seen as the next regulatory milestone which will become effective in Oct. 2024.

Moreover, the extended roadmap remains firmly grounded in real-world context, offering practical insights and case studies from OMV’s experience in securing their OT environments. These real-world scenarios not only illustrate past challenges but also showcase the adaptability and resilience needed to secure critical assets effectively.

By offering a comprehensive and adaptive approach to OT security, this extended roadmap equips us with means and strategies needed to further protect our critical infrastructure. It serves as a valuable resource for management, security professionals, and industry stakeholders, ensuring the ongoing security and compliance of our OT systems in a dynamic and ever-evolving landscape.