        TY  - JOUR
T1  - A Review on cyber security in oil and gas rig sites by itemizing human errors in turn-torque-systems
AU  - Pusatlı, Ö. Tolga
AU  - Alrawi, Layth Nabeel
PY  - 2025
DA  - June
Y2  - 2025
DO  - 10.62189/ci.1521080
JF  - Computers and Informatics
JO  - Computers and Informatics
PB  - Adem TEKEREK
WT  - DergiPark
SN  - 2757-8259
SP  - 1
EP  - 11
VL  - 5
IS  - 1
LA  - en
AB  - Information technology (IT) is widely utilized at rig sites, with its growing volume and complexity introducing potential errors that may lead to system failures. While various studies propose preventive solutions, human errors remain a leading cause of system failures and cybersecurity vulnerabilities.  Investigating the factors contributing to these errors has become increasingly important. Human error is often regarded as the weakest link in the security chain and a primary cause of system failures. This study examines human factors influencing Turn-Torque Systems, critical control systems used at rig sites in the oil and gas sector. Human errors weaken the cybersecurity of these systems, creating vulnerabilities. By focusing on failures caused specifically by human errors rather than broader cybersecurity challenges, this review identified several human factors impacting IT, including time pressure, security culture, inadequate security policies, lack of education and training, insufficient security awareness, peer behavior, poor communication, work-related stressors, flawed system design, and misalignment with security policies. Itemizing these factors allows targeted interventions to address them individually, thereby reducing human errors and mitigating cybersecurity risks at rig sites.
KW  - Cyber security
KW  - Human errors
KW  - Oil and Gas
KW  - Torque Turn System
KW  - User behavior
CR  - [1] Zwilling M, Klien G, Lesjak D, Wiechetek Ł, Cetin F, Basim HN. Cyber security awareness, knowledge and behavior: A comparative study. Journal of Computer Information Systems. 2022;62(1):82-97. DOI: https://doi.org/10.1080/08874417.2020.1712269
CR  - [2] Hanzu-Pazara R, Raicu G, Zagan R. The impact of human behaviour on cyber security of the maritime systems. Advanced Engineering Forum. 2019;34:267-274. DOI: https://doi.org/10.4028/www.scientific.net/AEF.34.267
CR  - [3] Alissa KA, Alshehri HA, Dahdouh SA, Alsubaie BM, Alghamdi AM, Alharby A, et al. An instrument to measure human behavior toward cyber security policies. In: 21st Saudi Computer Society National Computer Conference (NCC); 25-26 April 2018; Riyadh, Saudi Arabia: IEEE; 2018. p. 1-6. DOI: https://doi.org/10.1109/NCG.2018.8592978
CR  - [4] Esparza J, Caporusso N, Walters A. Addressing human factors in the design of cyber hygiene self-assessment tools. In: Corradini I, Nardelli E, Ahram T, editors. International Conference on Applied Human Factors and Ergonomics; 16-20 Jul 2020; San Diego: Springer, Cham; 2020. p. 88-94. DOI: https://doi.org/10.1007/978-3-030-52581-1_12
CR  - [5] Malatji M, Marnewick A, Solms Sv. Validation of a socio-technical management process for optimising cybersecurity practices. Computers &amp; Security. 2020;95:101846. DOI: https://doi.org/10.1016/j.cose.2020.101846
CR  - [6] Donalds C, Osei-Bryson K-M. Cybersecurity compliance behavior: Exploring the influences of individual decision style and other antecedents. International Journal of Information Management. 2020;51:102056. DOI: https://doi.org/10.1016/j.ijinfomgt.2019.102056
CR  - [7] Chowdhury NH, Adam MTP, Teubner T. Time pressure in human cybersecurity behavior: Theoretical framework and countermeasures. Computers &amp; Security. 2020;97:101963. DOI: https://doi.org/10.1016/j.cose.2020.101963
CR  - [8] Alshaikh M. Developing cybersecurity culture to influence employee behavior: A practice perspective. Computers &amp; Security. 2020;98:102003. DOI: https://doi.org/10.1016/j.cose.2020.102003
CR  - [9] Yeow JA, Ng PK, Tai HT, Chow MM. A review on human error in Malaysia manufacturing industries. Journal of Information System and Technology Management. 2020;5(19):1-13. DOI: https://doi.org/10.35631/JISTM.519001
CR  - [10] Hadlington L. Human factors in cybersecurity; examining the link between internet addiction, impulsivity, attitudes towards cybersecurity, and risky cybersecurity behaviours. Heliyon. 2017;3(7):e00346. DOI: https://doi.org/10.1016/j.heliyon.2017.e00346
CR  - [11] Alrawi LN, Pusatli T. Investigating end user errors in oil and gas critical control systems. In: 6th International Conference on Computer and Technology Applications (ICCTA); 14-16 Apr 2020; Antalya, Turkey: ACM; 2020. p. 41-45. DOI: https://doi.org/10.1145/3397125.3397135
CR  - [12] Alladi T, Chamola V, Zeadally S. Industrial control systems: Cyberattack trends and countermeasures. Computer Communications. 2020;155:1-8. DOI: https://doi.org/10.1016/j.comcom.2020.03.007
CR  - [13] Adeyanju IA, Emake ED, Olaniyan OM, Omidiora EO, Adefarati T, Uzedhe GO, et al. Digital industrial control systems: Vulnerabilities and security technologies. Current Applied Science and Technology. 2021;21(1):188-207. DOI: https://doi.org/10.14456/cast.2021.18
CR  - [14] Anthi E, Williams L, Rhode M, Burnap P, Wedgbury A. Adversarial attacks on machine learning cybersecurity defences in industrial control systems. Journal of Information Security and Applications. 2021;58:102717. DOI: https://doi.org/10.1016/j.jisa.2020.102717
CR  - [15] Progoulakis I, Nikitakos N, Rohmeyer P, Bunin B, Dalaklis D, Karamperidis S. Perspectives on cyber security for offshore oil and gas assets. Journal of Marine Science and Engineering. 2021;9(2):112. DOI: https://doi.org/10.3390/jmse9020112
CR  - [16] Srivastava A, Gupta JP. New methodologies for security risk assessment of oil and gas industry. Process Safety and Environmental Protection. 2010;88(6):407-412. DOI: https://doi.org/10.1016/j.psep.2010.06.004
CR  - [17] Beretas CP. Industrial control systems-the biggest cyber threat. Biomedical Journal of Scientific &amp; Technical Research. 2020;31(4):24412-24415. DOI: http://dx.doi.org/10.26717/BJSTR.2020.31.005143
CR  - [18] Luiijf E. Threats in industrial control systems. In: Colbert EJM, Kott A, editors. Cyber-security of SCADA and other industrial control systems. Advances in information security. Cham: Springer; 2016. p. 69–93. DOI: https://doi.org/10.1007/978-3-319-32125-7_5
CR  - [19] Husák M, Bartoš V, Sokol P, Gajdoš A. Predictive methods in cyber defense: Current experience and research challenges. Future Generation Computer Systems. 2020;115:517-530. DOI: https://doi.org/10.1016/j.future.2020.10.006
CR  - [20] Badawy M, Sherief NH, Abdel-Hamid AA. Legacy ICS cybersecurity assessment using hybrid threat modeling—an oil and gas sector case study. Applied Sciences. 2024;14(18):8398. DOI: https://doi.org/10.3390/app14188398
CR  - [21] Zimmermann V, Renaud K. Moving from a &quot;human-as-problem” to a &quot;human-as-solution” cybersecurity mindset. International Journal of Human-Computer Studies. 2019;131:169-187. DOI: https://doi.org/10.1016/j.ijhcs.2019.05.005
CR  - [22] Arend I, Shabtai A, Idan T, Keinan R, Bereby-Meyer Y. Passive- and not active-risk tendencies predict cyber security behavior. Computers &amp; Security. 2020;97:101964. DOI: https://doi.org/10.1016/j.cose.2020.101964
CR  - [23] Shohoud M. Study the effectiveness of ISO 27001 to mitigate the cyber security threats in the Egyptian downstream oil and gas industry. Journal of Information Security. 2023;14(2):152-180. DOI: https://doi.org/10.4236/jis.2023.142010
CR  - [24] Triplett WJ. Addressing human factors in cybersecurity leadership. Journal of Cybersecurity and Privacy. 2022;2(3):573-586. DOI: https://doi.org/10.3390/jcp2030029
CR  - [25] Li L, He W, Xu L, Ash I, Anwar M, Yuan X. Investigating the impact of cybersecurity policy awareness on employees’ cybersecurity behavior. International Journal of Information Management. 2019;45:13-24. DOI: https://doi.org/10.1016/j.ijinfomgt.2018.10.017
CR  - [26] Rob R, Tural T, McLorn GW, Sheikh A, Hassan A. Addressing cyber security for the oil, gas and energy sector. In: North American Power Symposium (NAPS); 7-9 Sep 2014; Pullman, WA, USA: IEEE; 2014. p. 1-8. DOI: https://doi.org/10.1109/NAPS.2014.6965377
CR  - [27] Knox BJ, Lugo RG, Sütterlin S. Cognisance as a human factor in military cyber defence education. IFAC-PapersOnLine. 2019;52(19):163-168. DOI: https://doi.org/10.1016/j.ifacol.2019.12.168
CR  - [28] Radmand P, Talevski A, Petersen S, Carlsen S. Taxonomy of wireless sensor network cyber security attacks in the oil and gas industries. In: 24th IEEE International Conference on Advanced Information Networking and Applications; 20-23 Apr 2010; Perth, Australia: IEEE; 2010. p. 949-957. DOI: https://doi.org/10.1109/AINA.2010.175
CR  - [29] AlKhaldi M, Pathirage C, Kulatunga U. The role of human error in accidents within oil and gas industry in Bahrain. In: 13th International Postgraduate Research Conference; 14-15 Sep 2017; Salford, UK. 2017. p. 822-834.
CR  - [30] Vieane A, Funke G, Gutzwiller R, Mancuso V, Sawyer B, Wickens C. Addressing human factors gaps in cyber defense. In: Human Factors and Ergonomics Society Annual Meeting; Sep 2016. Sage; 2016. p. 770-773. DOI: https://doi.org/10.1177/1541931213601176
UR  - https://doi.org/10.62189/ci.1521080
L1  - https://dergipark.org.tr/en/download/article-file/4091939
ER  -