Abstract
During the past two decades, oil and gas operational and information technology systems have experienced constant digital growth, closely followed by an increasing number of cyber-attacks on the newly interconnected systems. Adversaries exploit vulnerable accessible device or malware attacks networked services, in an attempt to gain access to critical systems and machinery that are interconnected over networks. Given the importance of the oil and gas sector on the global economy and the diversity of critical systems often being controlled over remote locations, it is highly important to understand and mitigate such attacks. In this paper, we survey cyber-attacks on all three domains of the oil and gas sector (upstream, midstream, downstream) starting from the early 90s up until 2020. For each domain, we document and analyze verified attacks based on real-world reports and published demo attacks on systems. We map and catalogue the attack types used in each case, in order to understand common and subliminal attack paths against oil and gas critical operations. Our aim is threefold, i.e., first, to assess documented attacks using standardized impact assessment techniques and highlight potential consequences of cyber-attacks on this sector, second, to build a vulnerability taxonomy based on technical knowledge gathered by all such incidents and connect each vulnerability with oil and gas systems and respective attack paths, and third, to map the documented knowledge and taxonomies with MITRE’s international knowledge base of Adversary Tactics and Techniques, so as to provide a general guide for analyzing and protecting against cyber-attacks at oil and gas infrastructures.
Highlights
Oil and Gas (O&G) infrastructures are divided in three broad categories: upstream, midstream and downstream infrastructures
SURVEY METHOD The method utilized to develop this survey is comprised of 4 steps: (1) Survey protocol and scope development, (2) Search and identification of selected studies based on scope, (3) Screening of literature based on quality, and (4) Reporting
MITIGATING CYBER ATTACKS IN O&G INFRASTRUCTURES Following up on the classification of impact, type of attack, and potential vulnerabilities in O&G Industrial Control Systems (ICS), in this chapter we examine potential security controls able to mitigate the risk in most common patterns detected in the above scenarios
Summary
Oil and Gas (O&G) infrastructures are divided in three broad categories: upstream, midstream and downstream infrastructures. Upstream infrastructures support operations for exploring and drilling operations, midstream is responsible for the transportation of oil and gas and for providing a link between upstream production and downstream dissemination, while downstream focuses on distributing assets to consumers, mainly for crude oil and raw/condensed natural gas. Upstream oil investment reached USD 500B only for 2019, with the. In Canada, 97% of oil and petroleum products are transported via pipelines. According to American Petroleum Institute’s report of 2019, the US pipeline system (midstream infrastructure) consists of 2.7M miles of pipelines transferring assets between locations [27]. Midstream infrastructure connects to refineries and facilities working to distribute oil and gas to the end-users (downstream infrastructure)
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
