By Wazir Zada Khan & Muhammad Khurram Khan
Industrial Internet of Things (IIoT) has enabled the oil and gas industry to reap potential benefits such as improved efficiency, lower operating costs, and higher productivity. However, due to the elevated connectivity, the oil and gas industry is now at higher risk by becoming a significant target for cyberattacks. The three sectors of oil and gas industries – Upstream, Midstream, and Downstream – involve critical infrastructures depending on industrial control systems (ICS) for safe and reliable operations. The operational technology (OT) leveraged by oil and gas industry was traditionally not connected to the Internet, but with the convergence of OT with IT technology, the oil fields, and their assets are increasingly connected, and thus the attack surface of OT has been expanded exponentially. These connected assets have increased exposure to the new cyber-physical risks that can lead to not only substantial financial losses, because of the loss of production through disruption to physical equipment, systems, and products, but may also cause serious injuries or death.
This paper shares an insight gained through analysis of cybersecurity attacks on various oil and gas companies, including the lessons learned as preemptive measures. Presenting an overview of the basics of IIOT, OT, ICS, APTs with some prominent examples and references, a set of recommendations are presented to overcome the risks arising out of increased cyber-criminal activities in this sector. By identifying and highlighting these challenges, this paper helps the oil and gas industry to defend its most valuable assets and data from digital disruption in upstream, midstream, and downstream sectors.
About the author(s)
Wazir Zada Khan
Wazir Zada Khan is cybersecurity policy researcher at Global Foundation for Cyber Studies and Research.
Muhammad Khurram Khan
Muhammad Khurram Khan is the Founder and CEO of the Global Foundation for Cyber Studies and Research. His research focuses on Cybersecurity from the policy, technology and academic perspectives. His detailed profile can be visited on his personal website at http://www.professorkhurram.com