The paper focuses on the analysis on cybersecurity monitoring and control potentials in industrial IoT systems (ICSs, SCADA etc.). The Industrial Internet of Thing as part of IoT technology has provided an opportunity to build powerful industrial control systems and its applications with IIoT devices, especially in the manufacturing, oil and gas, chemical industry etc. These integrated IoT/IIoT systems needs cybersecurity monitoring and control due the present and unrelented cyberattacks on these systems. We explore in detailed 5 (five) techniques that aids cybersecurity monitoring and control in industrial IoT and other related industries. In this paper, we carried reviewed on past and recent events on cyberthreats and cyberattacks research literatures in industrial IoT systems (ICS, SCADA etc.) and other industries, which were used as research materials. In conclusion, the paper outlined industrial control system (ICS) incident response, defensible architecture, ICS network visibility monitoring, secure remote access, and risk-based vulnerability management that can create an efficient and effective cybersecurity techniques in industrial IoT systems. Inconclusion, we discover new ideas, applications, monitoring and best practices with critical control measures that will benefit other industries when deployed.
Published in | Internet of Things and Cloud Computing (Volume 11, Issue 1) |
DOI | 10.11648/j.iotcc.20231101.11 |
Page(s) | 1-17 |
Creative Commons |
This is an Open Access article, distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution and reproduction in any medium or format, provided the original work is properly cited. |
Copyright |
Copyright © The Author(s), 2023. Published by Science Publishing Group |
Industrial IoT, Cyber-Attack, Cyber Threats, SCADA, Industrial Control Systems, Oil and Gas
[1] | Digiteum Team (2021), IoT Revolution in the Oil and Gas Industry (Online). |
[2] | Siemen Energy (2020), Oil and Gas Companies Must Act Now on Cybersecurity, hbr.org/sponsored/2021/08/oil-and-gas-companies-must-act-now-on-cybersecurity. |
[3] | Trent J., (2016), Industrial-sized Cyber Attacks Threaten the Upstream Sector, SPE-0316-0042-JPT, nepetro.org/JPT/article-abstract/68/03/42/209373/Industrial-sized-Cyber-Attacks-Threaten-the?redirectedFrom=fulltext |
[4] | Thomas W. E, & David O. M., (2017), Theoretical Research in Research Methods for Cyber Security, www.sciencedirect.com/topics/computer-science/theoretical-research |
[5] | Jake K, Kristine W. E, Mary H, Tyler J, Kyle J, Brian L., (2013), An Analysis of cyber-Conflict and Within the Oil & Gas Industries, www.mandiant.com/apt1 |
[6] | Cathy Cassell (Online), Manchester Business School, Theoretical approaches, Quality in Qualitative Research, www.methods.manchester.ac.uk/themes/theoretical-approaches/ |
[7] | Jakub P., Grzegorz K., and Jerzy L., (2019), Key role and potential of Industrial Internet of Things (IIoT) in modern production monitoring applications, MATEC Web of Conferences 252, 09003. published by EDP Sciences. |
[8] | CS Makarand Lele (2018), Oil and Gas Industry, Publish by The Institute of Company Secretaries of India, |
[9] | Laudelino Soares, Rafael Souza (2020), Cyber Risks in The Oil & Gas Industry, Rio Oil & Gas Expo, and Conference 2014. |
[10] | Bill S & Mario C, Parker H (), Bridging the gap between the digital and physical plant, eHANDBOOK: IIoT, www.plantservices.com. |
[11] | Multan Singh Bhati (2018), Industrial Internet of Things (IIoT): A Literature Review, International Journal for Research in Engineering Application & Management (IJREAM), Vol-04, Issue-03. |
[12] | Anshu M, Andrew S. & Paul Z., (2017), Protecting the Connected Barrels, Cybersecurity for Upstream oil, and gas. jpt.spe.org/protecting-connected-barrels-cybersecurity-upstream-oil-and-gas. |
[13] | Essang ONUNTUEI (2018), Safety, Risk, And Reliability of Cyber Network in Oil and Gas Industry, PUPIL: International Journal of Teaching, Education and Learning, 2 (2), 81- 97. |
[14] | Helms J., Salazar B., Scheibel P., Engels M., & Reiger C., (2017). Safe Active Scanning for Energy Delivery Systems Final Report. Lawrence Livermore National Security https://doi.org/10.2172/1409972 |
[15] | Robert A Martins, Graham John B, Bradford W. M., Jesus M., (2015). Industrial Internet Consortium. Industrial Internet Reference Architecture Technical Report, tech-arch.tr.001 2015-06-04 Version 1.7. |
[16] | Mario A., et al., (2015), Industrial Internet of Things (IIoT), Opportunities, Risk, Mitigations. |
[17] | Abubakar Sadiq M., Philipp R., Pete B., Omer R., & Eirini A., (2022), Cybersecurity Challenges in The Offshore Oil and Gas Industry: An Industrial Cyber-Physical Systems (ICPS) Perspective. |
[18] | Cybersecurity Solutions for Oil & Gas, Your Partners in Oil & Gas Cybersecurity (Online), oxguardsolutions.com/oil-gas-cybersecurity/ |
[19] | Gas (Online), Journal of Petroleum Technology, search.spe.org/i2kweb/SPE/doc/speorg: ED4F437D. |
[20] | Leo D., (2022), BBC (Online), UK helping Ukraine combat Russian cyber-attacks. |
[21] | DNV GL. Oil and gas forecast to 2050, 2017. |
[22] | Piotr Ciepiela (2016), Digitization and cyber disruption in oil and gas. |
[23] | Roberto V., Narciso C., João B., Symone A., & Flavio D., (2019), An IIoT-based architecture for decision support in the aeronautic industry, MATEC Web of Conferences 304, 04004, (http://creativecommons.org/licenses/by/4.0/). |
[24] | Mohammed Y. A., Wazir Z W., Gharibia M., Khurram., & Quratulain A, Wireless Sensor Networks in oil and gas industry: Recent advances, taxonomy, requirements, and open challenges. |
[25] | Ralf Luis de M, Luciana D, L, Tiago M. B, Luiz P. B., Alexandre G, Ludmilla B. W (2020), Industrial Internet of Things: Device Management Architecture Proposal, 2019 International Conference on Computational Science and Computational Intelligence (CSCI), DOI 10.1109/CSCI49370.2019.00221. |
[26] | Andy Zimmerman (), Plant Services, TECHNOLOGY REPORT: IIoT and Asset Monitoring, Putman Media, www. plantservices.com |
[27] | Martin Sime (2021), How IIoT Thermal Monitoring Solutions Can Increase Asset Lifetime and Prevent Fires on Solar Farms, www.sensata.com |
[28] | Centre for Cybersecurity (2022), 3 Ways to Protect your Organisation from Identity-Based Cyber-attack (Online), |
[29] | Kazuhisa T., (2022), Oil/Gas Cybersecurity: Halt Critical Operation Attacks, Compliance & Risks, www.trendmicro.com/en_us/research/22/c/oil-gas-cybersecurity-critical-operation-attacks.html |
[30] | Trend (2022), Cyber Security Review (2022), Oil and Gas Cybersecurity: Industry Overview Part 1, Cyber Threats www.cybersecurity-review.com/news-august-2022/oil-and-gas-cybersecurity-industry-overview-part-1/ |
[31] | Yoana C., (2021), Free Whitepaper, Preventing cyberattacks in the oil and gas industry, |
[32] | Technology (2019), Cyber security for oil and gas industry applications (Online). |
[33] | Wazir Z. K., & Muhammad K. K., (2019), Advance Persistent Threats Through Industrial IoT on Oil and Gas Industry, Global Foundation for Cyber Studies, and Research, ResearchGate. |
[34] | Shi-Wan Lin., Maxine Fu., Jin Zhou., Liu Zhenqi., Li Kun., Jia Yangkai & Isabella Li (2021), Digital Twin and IIoT in Optimizing Manufacturing Process and Quality Management, IIC Journal of Innovation. |
[35] | Kimberley W. (2018), 3 Cyber Threats to the Oil & Gas Industry, w.cs4ca.com/newsroom/feature/3-cyber-threats-to-the-oil-gas-industry/ |
[36] | Cybersecurity for oil and gas industry, Cyberthreats protection, www.otorio.com/industries/oil-and-gas/, (Online). |
[37] | 2021 Cyber security Predictions: These two words should keep security experts at night (2020) (Online). The Industrial Cybercrime Impact Report - 2021 Predictions. |
[38] | Ashok S. (2019), Cyber Security Challenges in the Oil and Gas Industry- An Overview www.yokogawa.com/eu/blog/oil-gas/en/cyber-security-challenges/ |
[39] | Asheesh Kumar., (2020), Energy & Utility, Defending the Oil and Gas Industry Against Cyber Threats, securityintelligence.com/posts/oil-gas-security/ |
[40] | Nate T., (2021), AskWavesCybersecurityNews, How does a ransomware attack work? |
[41] | Cybersecurity risks in US critical infrastructure sector call for better skills, technologies, processes. |
[42] | Anna Ribeiro (2022), Testing environments assist S&T, CISA to safeguard transportation infrastructure, expand training tools. |
[43] | Fidelis I. U (2016), Fundamental of Research Methodology and Data Collection, Research Gate. |
[44] | Kenneth I. Nkuma-Udah (2020), ICT Research Methodology and Statistics, Published by National Open University of Nigeria. |
[45] | Haradhan K. M., (Online), Research Methodology, Chapter III, Aspects of Mathematical Economics, Social Choice, and Game Theory. |
[46] | George M (2021), 8 Cyber Attacks on Critical Infrastructure, Cybersecurity. |
[47] | Dean P (2022), The State of ICS/OT Cybersecurity in 2022 and Beyond, Analyst Program. A Survey. |
[48] | Pascal A, Tom S & Ian B (2023), Compelling need to Build ICS Resiliency across OT and ICS environments in 2023. Industrial Cyber News. |
[49] | J. Jeba Praba., (2016), Cyber Security and Threats, https://www.researchgate.net/publication/322466321, Vol. 3, Page No. 201, Research Gate. |
[50] | Jamie Crandal., (2019), Cybersecurity and Offshore Oil: The Next Big Threat, 4 OIL & GAS, NAT. RESOURCES & ENERGY J. 703, Vo l4 No 6. |
[51] | SANS NewsBites Vol. 25 Num. 08: VMware Software Needs Top Priority Patching; Microsoft Blocking XLLs is a Good Thing; One More Warning About Living Off the Land and Remote Access Attacks. |
[52] | SANS NewsBites Vol. 25 Num. 05: Many Lessons to Learn from CircleCI Breach Report; Patch Zoho ManageEngine Ahead of Exploit Code Release; Yet Another Password Manager Product (Norton) Breached. |
[53] | Cliff Glantz et el. (2021), Oil and Natural Gas Subsector Cybersecurity Capability Maturity Model (On), -C2M2) G. |
[54] | Mike J,. (2022), Top data breaches and cyber-attacks of 2022, Cybercrime is big business, and it’s already rife in 2022 – we’ve highlighted ten top cases. www.techradar.com/features/top-data-breaches-and-cyber-attacks-of-2022 |
[55] | Robert M. L & Tim C., (2022), The Five ICS Cybersecurity Critical Controls, SAN Institute. |
[56] | SANS NewsBites Vol. 24 Num. 94: Rackspace Outage Emphasizes Need for Cloud Outage Workarounds; Check for Falsely Signed Malicious Android Apps; Isolate Baseboard Management Controllers from External Connectivity. |
[57] | SANS NewsBites Vol. 25 Num. 010: Check Enrollment Status on Your Managed Chromebooks; Another Ransomware Incidents Points Out Costs of Manual Workarounds; Vulnerabilities Found in Electric Vehicle Charger Protocols. |
[58] | CSA, protecting industrial control systems from advanced cyber threats, A comprehensive defense strategy that pairs cybersecurity and functional safety in every layer of the system. www.csagroup.org/wp, content/uploads/CSA_Group_Protecting_Industrial_Control_Systems_White_Paper_NA_English.pdf |
[59] | Steve Mustard (2022), Global Security Alliance, Industrial Cybersecurity Case Studies and Best Practices. |
[60] | Wei Qin, Siqi Chen, Mugen Peng (2020), Recent advances in Industrial Internet: insights and challenges, Digital Communications and Networks, |
[61] | George S, Dimitris G, and Evangelos L., (2020), Cyber-attacks on the Oil & Gas sector: A survey on incident assessment and attack patterns, https://creativecommons.org/licenses/by/4.0/. |
[62] | B. Johnson, D. Caban, M. Krotofil, D. Scali, N. Brubaker, C. Glyer, “Attackers Deploy New ICS Attack Framework ‘TRITON’ and Cause Operational Disruption to Critical Infrastructure”, FireEye Dec. 2017. [Online]. Available: https://www.fireeye.com/blog/threat-research/2017/12/attackers deploy-new-ics-attack-framework-triton.html. Accessed on Mar. 16, 2020. |
[63] | “Triton: Malware that aims to attack industrial safety systems”, Symantec, Dec. 2017. [Online]. Available: https://symantecblogs.broadcom.com/blogs/threat-intelligence/triton-malware-ics. Accessed on Mar. 15, 2020. |
[64] | H. Kobayashi, K. Watanabe, T. Watanabe, and Y. Nagayasu., (2010), “Development of Information Security-Focused Incident Prevention Measures for Critical Information Infrastructure in Japan”, Critical Information Infrastructures Security, LNCS, pp. 22–33. |
[65] | J. Robertson, M. Riley., (2020), “Mysterious ’08 Turkey Pipeline Blast Opened New Cyberwar,” Bloomberg.com, Dec. 2014. [Online]. Available: https://www.bloomberg.com/news/articles/2014-12- 10/mysterious-08-turkey-pipeline-blast-opened-new-cyberwar. Accessed on Mar. 15. |
[66] | Anna Rabeiro, (2023), New Darktrace PREVENT/OT will use AI to ‘pre-empt’ cyber-attacks on critical infrastructure. |
[67] | Anna Rabeiro (2023), DPRK hackers target critical infrastructure, exploit Log4Shell, SonicWall vulnerabilities. industrialcyber.co/ai/new-darktrace-prevent-ot-will-use-ai-to-pre-empt-cyber-attacks-on-critical infrastructure/?utm_source=ActiveCampaign&utm_medium=email&utm_content=Industrial+Cyber+News&utm_campaign=Industrial+Cyber. |
[68] | SANS NewsBites Vol. 25 Num. 017: Is Bitmining Raising Your Electric Bill?; It's Time to Try High Fidelity Automated Attack Disruption Techniques; Password Manager Vendor LastPass Breached Was Caused By Engineer’s Use of Reusable Passwords for Remote Access. |
[69] | Mike Jennings (2022), Top data breaches and cyber-attacks of 2022, www.techradar.com/features/top-data-breaches-and-cyber-attacks-of-2022. (Online). |
[70] | Patrick O’Connor, (2022), The biggest cyber-attacks in 2022, www.bcs.org/articles-opinion-and-research/the-biggest-cyber-attacks-of-2022/. (Online). |
[71] | SANS NewsBites Vol. 25 Num. 018: US National Cybersecurity Emphasizes Need for Regulation; Enable GitHub Secret Scanning on All Libraries; Make Sure You Are Not Repeating Booking.com’s OAuth Misconfiguration. |
[72] | SANS Survey (2023) - The State of ICS/OT Cybersecurity in 2022 and beyond, Nozomi Networks, www.bankinfosecurity.com/whitepapers/sans-survey-i-state-icsot-cybersecurity-in-2022-beyond-w-11610 |
[73] | Eduard Kovacs (2023) Shell Confirms MOVEit-Related Breach After Ransomware Group Leaks Data, www.securityweek.com/shell-confirms-moveit-related-breach-after-ransomware-group-leaks-data/ |
[74] | Chris Morgan (2023), The Top Cyber Threat to Manufacturing Industry in 1H, Reliaquest, ww.reliaquest.com/blog/cyber-threats-to-manufacturing-industry-1h-2023. |
APA Style
Aziboledia Frederick, B., Egerton Taylor, O. (2023). Analysis on Cybersecurity Control and Monitoring Techniques in Industrial IoT: Industrial Control Systems. Internet of Things and Cloud Computing, 11(1), 1-17. https://doi.org/10.11648/j.iotcc.20231101.11
ACS Style
Aziboledia Frederick, B.; Egerton Taylor, O. Analysis on Cybersecurity Control and Monitoring Techniques in Industrial IoT: Industrial Control Systems. Internet Things Cloud Comput. 2023, 11(1), 1-17. doi: 10.11648/j.iotcc.20231101.11
AMA Style
Aziboledia Frederick B, Egerton Taylor O. Analysis on Cybersecurity Control and Monitoring Techniques in Industrial IoT: Industrial Control Systems. Internet Things Cloud Comput. 2023;11(1):1-17. doi: 10.11648/j.iotcc.20231101.11
@article{10.11648/j.iotcc.20231101.11, author = {Boye Aziboledia Frederick and Onate Egerton Taylor}, title = {Analysis on Cybersecurity Control and Monitoring Techniques in Industrial IoT: Industrial Control Systems}, journal = {Internet of Things and Cloud Computing}, volume = {11}, number = {1}, pages = {1-17}, doi = {10.11648/j.iotcc.20231101.11}, url = {https://doi.org/10.11648/j.iotcc.20231101.11}, eprint = {https://article.sciencepublishinggroup.com/pdf/10.11648.j.iotcc.20231101.11}, abstract = {The paper focuses on the analysis on cybersecurity monitoring and control potentials in industrial IoT systems (ICSs, SCADA etc.). The Industrial Internet of Thing as part of IoT technology has provided an opportunity to build powerful industrial control systems and its applications with IIoT devices, especially in the manufacturing, oil and gas, chemical industry etc. These integrated IoT/IIoT systems needs cybersecurity monitoring and control due the present and unrelented cyberattacks on these systems. We explore in detailed 5 (five) techniques that aids cybersecurity monitoring and control in industrial IoT and other related industries. In this paper, we carried reviewed on past and recent events on cyberthreats and cyberattacks research literatures in industrial IoT systems (ICS, SCADA etc.) and other industries, which were used as research materials. In conclusion, the paper outlined industrial control system (ICS) incident response, defensible architecture, ICS network visibility monitoring, secure remote access, and risk-based vulnerability management that can create an efficient and effective cybersecurity techniques in industrial IoT systems. Inconclusion, we discover new ideas, applications, monitoring and best practices with critical control measures that will benefit other industries when deployed. }, year = {2023} }
TY - JOUR T1 - Analysis on Cybersecurity Control and Monitoring Techniques in Industrial IoT: Industrial Control Systems AU - Boye Aziboledia Frederick AU - Onate Egerton Taylor Y1 - 2023/11/09 PY - 2023 N1 - https://doi.org/10.11648/j.iotcc.20231101.11 DO - 10.11648/j.iotcc.20231101.11 T2 - Internet of Things and Cloud Computing JF - Internet of Things and Cloud Computing JO - Internet of Things and Cloud Computing SP - 1 EP - 17 PB - Science Publishing Group SN - 2376-7731 UR - https://doi.org/10.11648/j.iotcc.20231101.11 AB - The paper focuses on the analysis on cybersecurity monitoring and control potentials in industrial IoT systems (ICSs, SCADA etc.). The Industrial Internet of Thing as part of IoT technology has provided an opportunity to build powerful industrial control systems and its applications with IIoT devices, especially in the manufacturing, oil and gas, chemical industry etc. These integrated IoT/IIoT systems needs cybersecurity monitoring and control due the present and unrelented cyberattacks on these systems. We explore in detailed 5 (five) techniques that aids cybersecurity monitoring and control in industrial IoT and other related industries. In this paper, we carried reviewed on past and recent events on cyberthreats and cyberattacks research literatures in industrial IoT systems (ICS, SCADA etc.) and other industries, which were used as research materials. In conclusion, the paper outlined industrial control system (ICS) incident response, defensible architecture, ICS network visibility monitoring, secure remote access, and risk-based vulnerability management that can create an efficient and effective cybersecurity techniques in industrial IoT systems. Inconclusion, we discover new ideas, applications, monitoring and best practices with critical control measures that will benefit other industries when deployed. VL - 11 IS - 1 ER -