Exploring Cyber-Physical Systems’ Security Governance in the Oil and Gas Industry

The Fourth Industrial Revolution, which utilizes modern communication-dependent technologies, including cyber-physical systems (CPS), has made exploration and production operations more efficient in the oil and gas industry. CPS in this industry should be secured against operational threats to prevent interruption of critical oil and gas supplies and services. However, these systems are vulnerable to cyberattacks, and many oil and gas companies have not incorporated effective cybersecurity measures into their corporate management strategies. This qualitative, multiple-case study, which was guided by the routine activity theory, explored how cybersecurity governance was applied to develop controls that stopped or mitigated the consequences of cyberattacks against the CPS. Interview-based data were obtained through Zoom meetings with 20 global cybersecurity experts selected from cybersecurity-specialized groups on LinkedIn. These data were then triangulated with global CPS cybersecurity governance standards and methods. The data analysis resulted in nine themes, including CPS vulnerabilities and failure consequences, predominant cybersecurity governance, the efficiency of cybersecurity governance, governance challenges, offenders and motives, cybersecurity enhancement, CPS governance endorsement, cybersecurity performance assessment, and governance mandate. This study’s implications for positive social change include recommendations for applying cybersecurity governance strategies that reduce health and environmental incidents and prevent interruption of critical oil and gas deliveries due to cyberattacks. These results may also help improve the living conditions of the communities surrounding oil and gas fields and similar CPS-based industries worldwide

Design and analysis of a new feature-distributed malware

In this paper, we propose a new advanced malware that distributes its features to multiple software components in order to bypass various security policies such as application whitelisting and security tools like anti-virus. A tool that automatically generates such malware has been developed, and malware instances generated by this tool have been evaluated, showing the risks of the proposed malware. The new threat proposed in this paper is particularly important in modern computing platforms since they have progressed to more secure environments with various defensive techniques such as application-based permission and application whitelisting. In addition, anti-virus solutions are improving their detection techniques, especially based on behavioural properties. Our offensive technique is designed to overcome these hurdles so that appropriate defensive mitigations can be explored before the adversary develops such offensive technique as they always have done.8 page(s