Analysis of Threats and Cybersecurity in the Oil and Gas Sector within the Context of Critical Infrastructure

Full Text (PDF, 522KB), PP.43-53

Views: 0 Downloads: 0

Author(s)

Shakir A. Mehdiyev 1,* Mammad A. Hashimov 1

1. Institute of Information Technology, Baku, Azerbaijan

* Corresponding author.

DOI: https://doi.org/10.5815/ijitcs.2024.01.05

Received: 25 Aug. 2023 / Revised: 10 Oct. 2023 / Accepted: 1 Dec. 2023 / Published: 8 Feb. 2024

Index Terms

Critical Infrastructure, Vulnerability, Cyber Security, Cyber Threats, Cyber-attacks, Oil and Gas Sector

Abstract

This article explores the multifaceted challenges inherent in ensuring the cybersecurity of critical infrastructures, i.e., a linchpin of modern society and the economy, spanning pivotal sectors such as energy, transportation, and finance. In the era of accelerating digitalization and escalating dependence on information technology, safeguarding these infrastructures against evolving cyber threats becomes not just crucial but imperative. The examination unfolds by dissecting the vulnerabilities that plague critical infrastructures, probing into the diverse spectrum of threats they confront in the contemporary cybersecurity landscape. Moreover, the article meticulously outlines innovative security strategies designed to fortify these vital systems against malicious intrusions. A distinctive aspect of this work is the nuanced case study presented within the oil and gas sector, strategically chosen to illustrate the vulnerability of critical infrastructures to cyber threats. By examining this sector in detail, the article aims to shed light on industry-specific challenges and potential solutions, thereby enhancing our understanding of cybersecurity dynamics within critical infrastructures. This article contributes a comprehensive analysis of the challenges faced by critical infrastructures in the face of cyber threats, offering contemporary security strategies and leveraging a focused case study to deepen insights into the nuanced vulnerabilities within the oil and gas sector.

Cite This Paper

Shakir A. Mehdiyev, Mammad A. Hashimov, "Analysis of Threats and Cybersecurity in the Oil and Gas Sector within the Context of Critical Infrastructure", International Journal of Information Technology and Computer Science(IJITCS), Vol.16, No.1, pp.43-53, 2024. DOI:10.5815/ijitcs.2024.01.05

Reference
[1]ISO 22301. Available at: https://www.iso.org/files/live/sites/isoorg/files/store/en/PUB100442.pdf
[2]J. A. Lewis, “Cybersecurity and critical infrastructure protection,” Center for Strategic and International Studies, vol. 9, 2006. Available at: http://csis-website-prod.s3.amazonaws.com/s3fs-public/legacy_files/files/media/csis/pubs/0601_cscip_preliminary.pdf
[3]L.C. Herera, and O. Maennel, “A comprehensive instrument for identifying critical information infrastructure services,” International Journal of Critical Infrastructure Protection, vol. 25, pp. 50-61, June 2019.
[4]C. Wilson, “Cyber threats to critical information infrastructure,” In Cyberterrorism: Understanding, Assessment, and Response, T. Chen, L., Jarvis, S., Macdonald, S. (eds). Springer, New York, NY. pp. 123-136, 2014.
[5]R. Alguliyev, Y. Imamverdiyev, and L. Sukhostat, “Cyber-physical systems and their security issues,” Computers in Industry, vol. 100, pp. 212-223, Sep. 2018.
[6]H. Brechbühl, R. Bruce, S. Dynes, and M. E. Johnson, “Protecting Critical Information Infrastructure: Developing Cybersecurity Policy,” Information Technology for Development, vol. 16, is. 1, pp.83-91, 2010.
[7]A. A. Süzen, “A Risk-Assessment of Cyber Attacks and Defense Strategies in Industry 4.0 Ecosystem,” International Journal of Computer Network and Information Security (IJCNIS), Vol.12, No.1, pp.1-12, 2020. DOI: 10.5815/ijcnis.2020.01.01.
[8]National Cybersecurity Program. The White House, Washington, 2023, 35 p.
[9]Directive (EU) 2022/2555 of the European Parliament and of the Council. Official Journal of the European Union. Available at: http://data.europa.eu/eli/dir/2022/2555/oj
[10]L. Balke, “China's New Cybersecurity Law and U.S-China Cybersecurity Issues,” The Santa Clara Law Review, vol. 58, is. 1, pp.137-163.
[11]B. Bartlett, “Government as facilitator: how Japan is building its cybersecurity market,” Journal of Cyber Policy, vol. 3, is. 3, pp. 327-343, 2018.
[12]Y. J. Lee, “Social vulnerability indicators as a sustainable planning tool,” Environmental Impact Assessment Review, vol. 44, pp. 31-42, 2014.
[13]S. Laska, Shirley, and B. H. Morrow, “Social Vulnerabilities and Hurricane Katrina: An Unnatural Disaster in New Orleans,” Marine Technology Society Journal, vol. 40, no. 4, pp. 16-26, 2006.
[14]C. Morehouse, “Physical attacks on power grid surge to a new peak,” 2022. Available at: https://www.politico.com/news/2022/12/26/physical-attacks-electrical-grid-peak-00075216
[15]A. Goudarzi, F. Ghayoor, M. Waseem, S. Fahad, I. Traore, “A Survey on IoT-Enabled Smart Grids: Emerging, Applications, Challenges, and Outlook,” Energies, Vol. 15, Issue. 19, pp. 2-32, 2022.
[16]“Terrorist Attacks Targeting Critical Infrastructure in the United States, 1970–2015.” Available at: https://www.start.umd.edu/pubs/DHS_I&A_GTD_Targeting%20Critical%20Infrastructure%20in%20the%20US_June2016.pdf
[17]Y. He, A. Aliyu, M. Evans, and C. Luo, “Health care cybersecurity challenges and solutions under the climate of COVID-19: Scoping review,” Journal of Medical Internet Research, vol. 23, is. 4, e21747, 2021.
[18]A. Millar, “Five pharma cybersecurity breaches to know and learn from”. Sept. 2021. https://www.pharmaceutical-technology.com/features/pharma-cyber-attacks/?cf-view
[19]E. Koks, R. Pant, S. Thacker, and J. W. Hall, “Understanding business disruption and economic losses due to electricity failures and flooding,” International Journal of Disaster Risk Science, vol. 10, pp. 421-438, 2019
[20]“Cyberattack on Ukraine grid: here’s how it worked and perhaps why it was done”. Available at: https://theconversation.com/cyberattack-on-ukraine-grid-heres-how-it-worked-and-perhaps-why-it-was-done-52802
[21]“Water Treatment Plant Hit by Cyber-attack”. Available at: https://www.infosecurity-magazine.com/news/water-treatment-plant-hit-by/
[22] Saudi Arabia Investigating Critical Infrastructure Cyberattack”. Available at: https://www.securitymagazine.com/articles/88818-saudi-arabia-investigating-critical-infrastructure-cyberattack
[23]B. Barth, “DDoS attacks delay trains, and stymie transportation services in Sweden,” 2017. Available at: https://www.scmagazine.com/news/ddos-attacks-delay-trains-stymie-transportation-services-in-sweden
[24]“Equifax Data Breach Settlement”. Available at: https://www.ftc.gov/enforcement/refunds/equifax-data-breach-settlement
[25]B. Lovelace Jr., “Hospital CEO forced to pay hackers in bitcoin now teaches others how to prepare for the worst,” Available at: https://www.cnbc.com/2018/04/06/hosptial-ceo-forced-to-pay-hackers-in-bitcoin-now-teaches-others.html
[26]“Cyber-attacks blamed for Sunday's internet disruption across Turkey”. Available at: https://www.dailysabah.com/turkey/2019/10/28/cyber-attacks-blamed-for-sundays-internet-disruption-across-turkey
[27]Sanger, D. E., and N. Perloth. “Colonial Pipeline hack reveals weaknesses in US cybersecurity.” New York Times 14, 2021.
[28]J. Córdoba, C. Sherman, “Cyberattack causes chaos in Costa Rica government systems,” Available at: https://apnews.com/article/russia-ukraine-technology-business-gangs-costa-rica-9b2fe3c5a1fba7aa7010eade96a086ea
[29]“Poland investigates hacking attack on state railway network.” Available at: https://www.reuters.com/world/europe/poland-investigates-hacking-attack-state-railway-network-2023-08-26/
[30]P. Gardoni, Risk and reliability analysis. Springer International Publishing, pp. 3-24, 2017
[31]J. Moteff, P. Parfomak, Critical infrastructure and key assets: definition and identification. Washington: Congressional Research Service, Library of Congress, October 2004.
[32]I. Pal, A. Kumar, and A. Mukhopadhyay, “Risks to Coastal Critical Infrastructure from Climate Change,” Annual Review of Environment and Resources, Vol. 48, 2023.
[33]S. Walker-Roberts, M. Hammoudeh, and A. Dehghantanha, “A systematic review of the availability and efficacy of countermeasures to internal threats in healthcare critical infrastructure,” IEEE Access, 6, 25167-25177, 2018.
[34]I. Ghafir, J. Saleem, M. Hammoudeh, et al. “Security threats to critical infrastructure: the human factor,” The Journal of Supercomputing, 74, 4986-5002, 2018.
[35]“Protecting critical infrastructure from a cyber pandemic.” Available at: https://www.weforum.org/agenda/2021/10/protecting-critical-infrastructure-from-cyber-pandemic/
[36]A. Clark-Ginsberg, I. A. Rueda, J. Monken, J. Liu, and H. Chen, “Maintaining critical infrastructure resilience to natural hazards during the COVID-19 pandemic: hurricane preparations by US energy companies,” Journal of infrastructure preservation and resilience, 1:10, pp. 1-6, 2020. DOI: 10.1186/s43065-020-00010-1.
[37]M. Heinrich, A. Gölz, T. Arul, and S. Katzenbeisser, “Rule-based anomaly detection for railway signaling networks,” International Journal of Critical Infrastructure Protection, 100603, 2023.
[38]N. Mtukushe, A. K. Onaolapo, A. Aluko, and D. G. Dorrell, “Review of cyberattack implementation, detection, and mitigation methods in cyber-physical systems,” Energies, 16(13), 5206, 2023. 
[39]Z. Yu, H. Gao, X. Cong, N. Wu, and H. H. Song, “A Survey on Cyber-Physical Systems Security,” IEEE Internet of Things Journal, 2023.
[40]R. Morrison, “How AI will extend the scale and sophistication of cybercrime,” 2023. Available at: https://techmonitor.ai/partner-content/ai-cybercrime
[41]Tahmasib Kh. Fataliyev, Shakir A. Mehdiyev, "Analysis and New Approaches to the Solution of Problems of Operation of Oil and Gas Complex as Cyber-Physical System", International Journal of Information Technology and Computer Science, Vol.10, No.11, pp.67-76, 2018.
[42]H. Alfarsi, “Oil and Gas: Upstream, Midstream, and Downstream,” 2018. Available at https://www.profolus.com/topics/oil-and-gas-upstream-midstream-and-downstream/
[43]Azeri-Chirag-Deepwater Gunashli. Available at: https://www.bp.com/en_az/azerbaijan/home/who-we-are/operationsprojects/acg2.html
[44]C. Bueger, and T. Liebetrau, “Critical maritime infrastructure protection: What’s the trouble?” Marine Policy, 155, 105772, 2023.
[45]A. S. Mohammed, P. Reinecke, P. Burnap, O. Rana, and E. Anthi, “Cybersecurity challenges in the offshore oil and gas industry: an Industrial Cyber-Physical Systems (ICPS) perspective,” ACM Transactions on Cyber-Physical Systems (TCPS), vol. 6, is. 3, pp. 1-27, 2022.
[46]R. Su, “Supervisor synthesis to thwart cyber-attack with bounded sensor reading alterations,” Automatica, vol. 94, pp. 35-44, 2018.
[47]A. Vempaty, L. Tong, and P. K. Varshney, “Distributed inference with Byzantine data: State-of-the-art review on data falsification attacks,” IEEE Signal Processing Magazine, vol. 30, is. 5, pp. 65-75, 2013.
[48]V. L. Nguyen, P. C. Lin, and R. H. Hwang, “Energy depletion attacks in low power wireless networks,” IEEE Access, vol. 7, pp. 51915-51932, 2019.
[49]G. Carl, G. Kesidis, R. R. Brooks, and S. Rai, “Denial-of-service attack-detection techniques,” IEEE Internet Computing, vol. 10, is. 1, pp. 82-89, 2006.
[50]D. G. Padmavathi and M. Shanmugapriya, “A survey of attacks, security mechanisms, and challenges in wireless sensor networks,” arXiv preprint: 0909.0576, 2009.
[51]“Protecting Against Cyber Threats to Managed Service Providers and their Customers”. Available at: https://media.defense.gov/2022/May/11/2002994383/-1/-1/1/CSA_Protecting_Against_Cyber_Threats_to_MSPs_and_their_Customers_05112022.PDF
[52]R. Brewer, “Ransomware attacks: detection, prevention, and cure,” Network Security, no. 9, pp. 5-9, 2016.
[53]O. Harazeem, T. A. Abdulganiyu, and Y.K. Saheed, “A systematic literature review for network intrusion detection system (IDS),” International Journal of Information Security, vol. 22, is. 5, 1125-1162, 2023.