A Review on cyber security in oil and gas rig sites by itemizing human errors in turn-torque-systems

Abstract

Information technology (IT) is widely utilized at rig sites, with its growing volume and complexity introducing potential errors that may lead to system failures. While various studies propose preventive solutions, human errors remain a leading cause of system failures and cybersecurity vulnerabilities. Investigating the factors contributing to these errors has become increasingly important. Human error is often regarded as the weakest link in the security chain and a primary cause of system failures. This study examines human factors influencing Turn-Torque Systems, critical control systems used at rig sites in the oil and gas sector. Human errors weaken the cybersecurity of these systems, creating vulnerabilities. By focusing on failures caused specifically by human errors rather than broader cybersecurity challenges, this review identified several human factors impacting IT, including time pressure, security culture, inadequate security policies, lack of education and training, insufficient security awareness, peer behavior, poor communication, work-related stressors, flawed system design, and misalignment with security policies. Itemizing these factors allows targeted interventions to address them individually, thereby reducing human errors and mitigating cybersecurity risks at rig sites.

Keywords

• Cyber security
• Human errors
• Oil and Gas
• Torque Turn System
• User behavior

References

1. [1] Zwilling M, Klien G, Lesjak D, Wiechetek Ł, Cetin F, Basim HN. Cyber security awareness, knowledge and behavior: A comparative study. Journal of Computer Information Systems. 2022;62(1):82-97. DOI: https://doi.org/10.1080/08874417.2020.1712269
2. [2] Hanzu-Pazara R, Raicu G, Zagan R. The impact of human behaviour on cyber security of the maritime systems. Advanced Engineering Forum. 2019;34:267-274. DOI: https://doi.org/10.4028/www.scientific.net/AEF.34.267
3. [3] Alissa KA, Alshehri HA, Dahdouh SA, Alsubaie BM, Alghamdi AM, Alharby A, et al. An instrument to measure human behavior toward cyber security policies. In: 21st Saudi Computer Society National Computer Conference (NCC); 25-26 April 2018; Riyadh, Saudi Arabia: IEEE; 2018. p. 1-6. DOI: https://doi.org/10.1109/NCG.2018.8592978
4. [4] Esparza J, Caporusso N, Walters A. Addressing human factors in the design of cyber hygiene self-assessment tools. In: Corradini I, Nardelli E, Ahram T, editors. International Conference on Applied Human Factors and Ergonomics; 16-20 Jul 2020; San Diego: Springer, Cham; 2020. p. 88-94. DOI: https://doi.org/10.1007/978-3-030-52581-1_12
5. [5] Malatji M, Marnewick A, Solms Sv. Validation of a socio-technical management process for optimising cybersecurity practices. Computers & Security. 2020;95:101846. DOI: https://doi.org/10.1016/j.cose.2020.101846
6. [6] Donalds C, Osei-Bryson K-M. Cybersecurity compliance behavior: Exploring the influences of individual decision style and other antecedents. International Journal of Information Management. 2020;51:102056. DOI: https://doi.org/10.1016/j.ijinfomgt.2019.102056
7. [7] Chowdhury NH, Adam MTP, Teubner T. Time pressure in human cybersecurity behavior: Theoretical framework and countermeasures. Computers & Security. 2020;97:101963. DOI: https://doi.org/10.1016/j.cose.2020.101963
8. [8] Alshaikh M. Developing cybersecurity culture to influence employee behavior: A practice perspective. Computers & Security. 2020;98:102003. DOI: https://doi.org/10.1016/j.cose.2020.102003

9. [9] Yeow JA, Ng PK, Tai HT, Chow MM. A review on human error in Malaysia manufacturing industries. Journal of Information System and Technology Management. 2020;5(19):1-13. DOI: https://doi.org/10.35631/JISTM.519001
10. [10] Hadlington L. Human factors in cybersecurity; examining the link between internet addiction, impulsivity, attitudes towards cybersecurity, and risky cybersecurity behaviours. Heliyon. 2017;3(7):e00346. DOI: https://doi.org/10.1016/j.heliyon.2017.e00346
11. [11] Alrawi LN, Pusatli T. Investigating end user errors in oil and gas critical control systems. In: 6th International Conference on Computer and Technology Applications (ICCTA); 14-16 Apr 2020; Antalya, Turkey: ACM; 2020. p. 41-45. DOI: https://doi.org/10.1145/3397125.3397135
12. [12] Alladi T, Chamola V, Zeadally S. Industrial control systems: Cyberattack trends and countermeasures. Computer Communications. 2020;155:1-8. DOI: https://doi.org/10.1016/j.comcom.2020.03.007
13. [13] Adeyanju IA, Emake ED, Olaniyan OM, Omidiora EO, Adefarati T, Uzedhe GO, et al. Digital industrial control systems: Vulnerabilities and security technologies. Current Applied Science and Technology. 2021;21(1):188-207. DOI: https://doi.org/10.14456/cast.2021.18
14. [14] Anthi E, Williams L, Rhode M, Burnap P, Wedgbury A. Adversarial attacks on machine learning cybersecurity defences in industrial control systems. Journal of Information Security and Applications. 2021;58:102717. DOI: https://doi.org/10.1016/j.jisa.2020.102717
15. [15] Progoulakis I, Nikitakos N, Rohmeyer P, Bunin B, Dalaklis D, Karamperidis S. Perspectives on cyber security for offshore oil and gas assets. Journal of Marine Science and Engineering. 2021;9(2):112. DOI: https://doi.org/10.3390/jmse9020112
16. [16] Srivastava A, Gupta JP. New methodologies for security risk assessment of oil and gas industry. Process Safety and Environmental Protection. 2010;88(6):407-412. DOI: https://doi.org/10.1016/j.psep.2010.06.004
17. [17] Beretas CP. Industrial control systems-the biggest cyber threat. Biomedical Journal of Scientific & Technical Research. 2020;31(4):24412-24415. DOI: http://dx.doi.org/10.26717/BJSTR.2020.31.005143
18. [18] Luiijf E. Threats in industrial control systems. In: Colbert EJM, Kott A, editors. Cyber-security of SCADA and other industrial control systems. Advances in information security. Cham: Springer; 2016. p. 69–93. DOI: https://doi.org/10.1007/978-3-319-32125-7_5
19. [19] Husák M, Bartoš V, Sokol P, Gajdoš A. Predictive methods in cyber defense: Current experience and research challenges. Future Generation Computer Systems. 2020;115:517-530. DOI: https://doi.org/10.1016/j.future.2020.10.006
20. [20] Badawy M, Sherief NH, Abdel-Hamid AA. Legacy ICS cybersecurity assessment using hybrid threat modeling—an oil and gas sector case study. Applied Sciences. 2024;14(18):8398. DOI: https://doi.org/10.3390/app14188398
21. [21] Zimmermann V, Renaud K. Moving from a "human-as-problem” to a "human-as-solution” cybersecurity mindset. International Journal of Human-Computer Studies. 2019;131:169-187. DOI: https://doi.org/10.1016/j.ijhcs.2019.05.005
22. [22] Arend I, Shabtai A, Idan T, Keinan R, Bereby-Meyer Y. Passive- and not active-risk tendencies predict cyber security behavior. Computers & Security. 2020;97:101964. DOI: https://doi.org/10.1016/j.cose.2020.101964
23. [23] Shohoud M. Study the effectiveness of ISO 27001 to mitigate the cyber security threats in the Egyptian downstream oil and gas industry. Journal of Information Security. 2023;14(2):152-180. DOI: https://doi.org/10.4236/jis.2023.142010
24. [24] Triplett WJ. Addressing human factors in cybersecurity leadership. Journal of Cybersecurity and Privacy. 2022;2(3):573-586. DOI: https://doi.org/10.3390/jcp2030029
25. [25] Li L, He W, Xu L, Ash I, Anwar M, Yuan X. Investigating the impact of cybersecurity policy awareness on employees’ cybersecurity behavior. International Journal of Information Management. 2019;45:13-24. DOI: https://doi.org/10.1016/j.ijinfomgt.2018.10.017
26. [26] Rob R, Tural T, McLorn GW, Sheikh A, Hassan A. Addressing cyber security for the oil, gas and energy sector. In: North American Power Symposium (NAPS); 7-9 Sep 2014; Pullman, WA, USA: IEEE; 2014. p. 1-8. DOI: https://doi.org/10.1109/NAPS.2014.6965377
27. [27] Knox BJ, Lugo RG, Sütterlin S. Cognisance as a human factor in military cyber defence education. IFAC-PapersOnLine. 2019;52(19):163-168. DOI: https://doi.org/10.1016/j.ifacol.2019.12.168
28. [28] Radmand P, Talevski A, Petersen S, Carlsen S. Taxonomy of wireless sensor network cyber security attacks in the oil and gas industries. In: 24th IEEE International Conference on Advanced Information Networking and Applications; 20-23 Apr 2010; Perth, Australia: IEEE; 2010. p. 949-957. DOI: https://doi.org/10.1109/AINA.2010.175
29. [29] AlKhaldi M, Pathirage C, Kulatunga U. The role of human error in accidents within oil and gas industry in Bahrain. In: 13th International Postgraduate Research Conference; 14-15 Sep 2017; Salford, UK. 2017. p. 822-834.
30. [30] Vieane A, Funke G, Gutzwiller R, Mancuso V, Sawyer B, Wickens C. Addressing human factors gaps in cyber defense. In: Human Factors and Ergonomics Society Annual Meeting; Sep 2016. Sage; 2016. p. 770-773. DOI: https://doi.org/10.1177/1541931213601176