Connect with us


NNPC Secures $2bn Discounts On Re-Negotiated Contracts



The Nigerian National Petroleum Corporation (NNPC), says it has secured $2 billion dollars discount from re-negotiated upstream contracts being executed by its various service providers in the last one year.
The Group Managing Director of the corporation, Dr Maikanti Baru, made this known in a message to mark one year of his headship of the organisation.
In a statement by  NNPC Group General Manager, Mr Ndu Ughamadu, Group Public Affairs Division, Baru said that the discount was got in the quest to continually drive down the high cost of production in the oil industry.
He said that the corporation had successfully reduced cost of producing a barrel of crude from 27 dollars per barrel to 22 dollars per barrel.
He said that in the upstream segment of the sector, cost reduction and efficiency were key features that the corporation would focus attention on.
Baru said that there had been significant increase in crude oil reserves and production, averaging national daily production of 1.83 million barrels of oil and condensate.
He disclosed that currently, “the year-to-date 2017 average production hovers around 1.88 million barrels’’.
He said that with improvement in security and resumption of production on Forcados Oil Terminal (FOT) and Qua Iboe Terminal pipelines, average national production was expected to increase.
According to him, it will surpass 2017 target of 2.2 million barrels of oil and condensate per day.
“In October last year, the Owowo Field, located close to the producing ExxonMobil-operated Usan Field was found, and the Field’s location could allow for early production through a tie-back to the Usan Floating Production Storage and Offloading.
“The Field added current estimated reserves of one billion barrels to the national crude oil reserves.
“The corporation has grown the production of the Nigerian Petroleum Development Company (NPDC), NNPC’s flagship Upstream Company, from 15,000 barrels of oil per day to the current peak-operated volume of 210,000 barrels per day in June, 2017.
“The ownership of Oil Mining Licence, OML13, has been restored to NPDC following a presidential intervention, with first oil from the well expected before the end of the year.
“The confidence of the NNPC Joint Venture (JV) partners to pursue new projects has been rekindled following the repayment agreements for JV cash call arrears.
“The arrears were negotiated and executed for outstanding up to end 2015 by all the International Oil Company Partners,” Baru said.
He also said that gas supply to power plants and industries in the country had significantly increased.
Baru listed NNPC’s accomplishments during the period as completion of repairs of vandalized 20″ Escravos-Lagos Pipeline System ‘A’ in August, 2016 which ramped up Chevron Escravos Gas plant supply from nil to 259 million standard cubic feet per day (mmscfd).
Another, according to him, is the completion of repairs of the vandalized Chevron offshore gas pipeline in February, 2017 which took the company’s gas supply to 430mmscfd.
He said that others were completion of repairs on vandalized 48″ FOT export gas pipeline in June, 2017 and inauguration of NPDC’s Utorogu NAG2 and Oredo EPF 2 gas plants.
The GMD explained that the FOT export pipeline had reactivated shutdown gas plants, including Oredo Gas Plant, Sapele Gas Plant, Ovade Gas Plant, Oben and NGC Gas Compressors.
He said that the concomitant effect of the attainments was a significant growth in domestic gas supply in the last few months.
He added that during the period, domestic gas supply increased from average of 700mmscf in July, 2016 to an average of 1,220mmscfd currently, with about 75 per cent of the volume supplied to thermal power plants.
“A lot of Generation Companies, as a result, are rejecting gas due to the inability of Transmission Company of Nigeria to wheel-out the power generated”, Baru said.
He also said that since he resumed office, resources had been deployed to the Benue Trough, with exploration efforts commencing there in earnest.
“Seismic data acquisition is ongoing in the frontier region using the services of Integrated Data Services limited (IDSL) and her partners to pursue government’s aspiration to grow the reserves base of the country.
“Drilling activities are expected to commence in Benue Trough in the fourth quarter of this year.
“We are working with the security agencies for an early return to the Chad Basin.
“Drilling activities will be a priority on resumption while continuing with seismic data acquisition with improved parameters,” he projected.
In the downstream sector, Baru explained that NNPC had stabilized the market with sufficient products availability across the country through modest local refining efforts as well as Direct Supply Direct Purchase (DSDP) scheme.
According to him, the scheme has saved the nation about N40 billion in 2017.
“We have also commenced the resuscitation of our products transportation pipelines network, thus enabling us to move products to depots at faster rate and cheaper distribution costs to consumers.
“The Aba, Mosimi, Atlas-Cove and Kano depots have all been re-commissioned and are currently receiving products, thereby enhancing products availability across the country,” he said.
Baru said that under him, NNPC had improved capacity utilization of the refineries with the projection that they would attain supply of 50 per cent of non-gasoline white products, including diesel and kerosene, to the nation.
“After more than seven years of dormancy, the Asphalt Blowing Unit of the Kaduna Refining and Petrochemical Company (KRPC) was resuscitated to meet road construction needs in the country.
“Efforts are ongoing to secure third party financing to revamp the refineries to their full operational capacities,” he said.
He commended the corporation’s staff and industry’s in-house unions – Nigerian Union of Petroleum and Natural Gas Workers (NUPENG) and Petroleum and Natural Gas Senior Staff Association of Nigeria (PENGASSAN) for their support.

Continue Reading

Information Technology

AWS Security Audit: Things To Keep In Mind, Checklist, and Tools



AWS security audits are important for any organization looking to assess its IT Security. AWS security audits involve both a technical and non-technical review of all major systems, networks, databases and applications. The audit also includes an assessment of the organization’s risk tolerance level in order to prioritize remediation efforts. 

AWS security auditing is also essential when it comes time to ensure compliance with industry standards like HIPAA (Health Insurance Portability & Accountability Act), PCI DSS (Payment Card Industry Data Security Standard) and ISO 27001/27002 (International Organization for Standardization Security Standards, ISO 27001 specifically.

This blog post will provide you with some tips on things to keep in mind, a checklist, and tools and processes that your company can use for performing security audits on your AWS environments.

5 Things to keep in mind during security audit for your AWS

  1. Security assessment of the existing environment.
  2. Security assessment for new/future services and products.
  3. Review AWS managed security service (ex. IAM, encryption) availability, performance & capacity limits.
  4. Security assessments at the application layer include web applications servers like Apache or Nginx running on ECWs and databases like MySQL or Oracle Database running in RDS instances.
  5. Security audits for any other technologies that are used by your organization can be performed as well. 
  6. You should also ensure network segmentation between cloud resources and create a secure baseline configuration with an eye toward best practices around networking, operating systems deployment processes, patching processes, monitoring tools, etc.

A security assessment is not a single snapshot of the environment. It’s an ongoing process that enables continuous monitoring, discovery and improvement by identifying vulnerabilities, threats or exposures to assets before they become issues.

AWS security audit checklist

  • Perform risk assessments in order to understand the business impact/criticality of assets being reviewed.
  • Perform AWS penetration testing to discover potential vulnerabilities and misconfiguration issues in your AWS environment
  • Identify current controls & their effectiveness/scope – e.g., existing access control lists (ACLs) around VPC subnets or network ACL rules controlling traffic between ECWs.
  • Ensure PCI DSS compliance checklist is completed by third-party service providers who manage payment card information data.
  • Determine if AWS managed services meet data protection requirements as outlined in the ISO 27001 and 27002 standards.
  • Identify data flows, compute usage and potential attack vectors.
  • Conduct a network penetration test to identify possible security vulnerabilities that could be exploited by an attacker to gain access into your AWS environment.
  • Review configuration management dashboards for all servers/networks/applications and ensure configurations are set correctly (e.g., SSL certificates with right expiration date) – third-party tools like CloudSploit can help here.
  • Ensure you understand what is happening on the wire where it counts: between ECWs, RDS instances or across VPCs (VPC peering etc.) – NetFlow logs from EBS volumes or Elastic Network Interfaces (ENIs) can be helpful here.
  • Monitor network activity and look for anomalies – e.g., unusual traffic flows coming from an ECW to a known bad actor IP address or application-level data exfiltration attempts.
  • Review AWS CloudTrail logs to see who is trying to access what, when they are doing it, where the requests are originating from/going to etc.
  • Create alerts on security metrics that show abnormal behaviour (e.g., increase in failed login attempts into RDS instances). These patterns should then be cross-referenced with other sources of information like VPC flow logs or network ACLs & firewall rules around subnets.

AWS security audit tools

1) AWS Security Hub

This new service is a centralised location to monitor, track and act on all security-related events for your AWS environment. This includes notifications about third-party configuration issues with services like Elastic Load Balancing or Amazon API Gateway as well as vulnerabilities in other software packages running within ECWs (e.g., Apache Struts). Other data sources include the following: VPC flow logs, CloudTrail event histories, network ACLs/firewall rules around subnets etc. Run automated remediation tasks directly from this console when required too!

2) CloudWatch Events

Get notified via email & Slack of critical changes to your systems that require immediate attention – e.g., an administrator has just deleted an important ECW or security group.

3) CloudFront Access Logs

Get notified via email & Slack of unauthorised access to your SaaS services – e.g., someone has just launched a DDoS attack against one of the databases hosted on an RDS instance!

4) AWS Config Rules

Periodically check that all CloudWatch alarms for metrics like “CPU usage” and “free EBS volume space” are working as expected. Automatically remediate if they’re not (e.g., launch another ECW, increase alarm thresholds etc.)! Or simply use Amazon Inspector which will do this for you automatically (see below).

5) Amazon Inspector

This service provides deep insights into what’s running within any given AWS environment – including any vulnerable software packages or misconfigurations that could lead to a security breach.

6) Amazon Macie

This service uses machine learning and big-data techniques to automatically discover, classify & protect sensitive data stored within your AWS environment – e.g., PHI/PII data belonging to customers (e.g., Social Security Numbers). It can help you meet compliance requirements outlined by industry standards like HIPAA, PCI DSS etc..

7) AWS Config Rules

This new feature allows you to validate configuration settings across all ECWs in an AWS account for services like Amazon SNS/Kinesis/DynamoDB and resolve issues before they affect production environments (e.g., workflows executed against the affected resources will fail if rules are violated).

Each of the above services/tools should be used to help you continuously improve your AWS security posture – by allowing you to identify & fix configuration errors before they affect production environments. If one service isn’t sufficient enough, simply use two or more in conjunction with each other!

Summing Up…

If you want to be sure that your organization is safe from hackers, then it’s important to do an AWS security audit. A lot of companies are now realizing the importance of this and have been doing these audits as a precautionary measure. In today’s world where technology has taken over our lives, we need to make sure that we don’t make any mistakes with data security because there will always be someone looking for vulnerabilities in order to exploit them. So, keep your business safe!

Continue Reading


Refinery’s Rehab: PHRC Boss Seeks Host Communities’ Support



The managing director of Port Harcourt refinery company (PHRC), Ahmed Dikko, says the support of host communities will contribute to the success of the rehabilitation of the refinery.
In May, the Nigerian National Petroleum Corporation (NNPC) commenced the rehabilitation of the Port Harcourt refinery in Rivers state.
This was after the federal executive council (FEC) approved the sum of $1.5 billion for the rehabilitation.
The repair, which will be executed by Tecnimont SPA, an Italian company, will be done in three phases of 18, 24 and 44 months, respectively.
Dikko, who said the PHRC is already engaging the host communities, expressed optimism that they will support the project.
“Host communities’ engagement is one of the key priorities for the success of this project and PHRC management recognises this right from the earlier days of the award of this contract and has done a lot in this regard through the public affairs,” he said.
“The first is to put out the information correctly about this project, and the second is to manage the expectations of the communities.
“The approach that we are using is to get the communities to buy into the project and be part of it. So much has been covered and I’m delighted with the way we are going. We are going to have the support of the communities.
“The contractors themselves have nominated a community representative that is working closely with our public affairs team in the manner to ensure that the right information is given to the communities.
“Everybody is part of the rehabilitation project, and in whatever department you are, you must contribute your own to make sure that we truly succeed.
“Whether you are in the human resources, engineering, or admin department; there is a role for you in the project, and I’m happy that the staff have taken it on, and are looking forward to the actual commencement of activities physically.
“We have gone further again to keep knowledge sharing so that everybody will understand clearly what the project is about, and also the scope of work that we want to do. That way, we’ll have a role to play as it goes on.”
Dikko also said the rehabilitation of the refinery will be completed as scheduled, adding that the contractors have been given what they need to get the project done.
“It is not a small thing knowing full well that all specs of all the equipment and everything therein that will make the contractor succeed have to be given; all the documentation that we have. So, we have done that; we’ve given thousands of documents to the contractor,” he said.

Continue Reading


Godwin Emefiele: Bad Bank Debtors Frustrating Loan Recovery



The Governor of the Central Bank of Nigeria, Godwin Emefiele, said that recalcitrant debtors have exploited the lack of prioritisation of credit recovery matters by the Nigerian judicial system to frustrate debt recovery efforts of financial institutions in the country.
Emefiele stated this at a workshop for judicial officers on recent reforms of the banking financial services sectors in Nigeria held in Abuja.
The Governor was represented by the Deputy Governor, Financial System Stability, CBN, Aisha Ahmad.
According to the Asset Management Corporation of Nigeria (AMCON), out of a total of N4.158trn bad loans, it has so far recovered over N1.48trn.
It still has 7,902 outstanding obligors with a total outstanding loan of above N3.1trn, while 350 obligors alone account for over N2.053trn, with more than 70 per cent of the total outstanding amount.
Emefiele disclosed the plan by the CBN to engage stakeholders in the Judiciary to enforce The Special Tribunal for the Enforcement and Recovery of Eligible Loans.
The Special Tribunal which is a provision of the Banks and Other Financial Institutions Act was introduced to accelerate credit recovery processes and enforcement of collateral rights.
Speaking on the significance of the BOFIA 2020, the apex bank boss said that the Act is expected to reinvigorate the Nigerian banking sector as it will engender a sound and stable financial system that will support sustainable growth and development of the Nigerian economy.
He said that the BOFIA 2020 also strengthens the Anti-Money Laundering and Combating Financing of Terrorism Framework by mandating regulated entities to comply with AML/CFT and cyber security regulations.
Emefiele also pointed out that the BOFIA contains provisions to effectively manage unclaimed funds or abandoned property in dormant accounts maintained with banks, specialised banks and other financial institutions, as well as recovery tools for failing banks.
BOFIA 2020 also provides enhanced recovery and resolution tools for failing banks.

Continue Reading