To main content

Cyber-incident Response in Industrial Control Systems: Practices and Challenges in the Petroleum Industry

Abstract

The number of significant cyberattacks targeted by national state actors is growing in critical infrastructure. Companies rely on detecting and responding appropriately to such attacks by practicing and developing procedures for the cyber-incident response. This paper presents the findings from seven semi-structured interviews to identify distinct practices, challenges, and roles regarding cyber-incident response in the petroleum industry. The literature has previously addressed specific IT, security, or Operational Technology (OT) teams only, but has not considered the holistic view of cyber-incident response in industrial control systems between internal roles, and external actors, such as Security Operations Centers, Computer Security Incident Response Teams, emergency response teams, and on-site personnel. To address this, a novel framework for empirical inquiry consisting of document analysis, and workshops as preparation for interviews, were conducted. The stakeholder diagram displays the most relevant incident response roles and a list of current challenges extracted from the interviews. Future research should consider extending the sample, and include other, organizational and procedural factors.
Read the publication

Category

Academic chapter

Language

English

Author(s)

Affiliation

  • SINTEF Digital / Software Engineering, Safety and Security
  • Norwegian University of Science and Technology

Year

2024

Publisher

Association for Computing Machinery (ACM)

Book

2024 ACM/IEEE 4th International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS) and 2024 IEEE/ACM Second International Workshop on Software Vulnerability (EnCyCriS/SVM '24)

ISBN

9798400705656

Page(s)

53 - 60

View this publication at Norwegian Research Information Repository