A Review on cyber security in oil and gas rig sites by itemizing human errors in turn-torque-systems

Year 2025, Volume: 5 Issue: 1, 1 - 11, 30.06.2025

Layth Nabeel Alrawi , Ö. Tolga Pusatlı

https://doi.org/10.62189/ci.1521080

Abstract

Information technology (IT) is widely utilized at rig sites, with its growing volume and complexity introducing potential errors that may lead to system failures. While various studies propose preventive solutions, human errors remain a leading cause of system failures and cybersecurity vulnerabilities. Investigating the factors contributing to these errors has become increasingly important. Human error is often regarded as the weakest link in the security chain and a primary cause of system failures. This study examines human factors influencing Turn-Torque Systems, critical control systems used at rig sites in the oil and gas sector. Human errors weaken the cybersecurity of these systems, creating vulnerabilities. By focusing on failures caused specifically by human errors rather than broader cybersecurity challenges, this review identified several human factors impacting IT, including time pressure, security culture, inadequate security policies, lack of education and training, insufficient security awareness, peer behavior, poor communication, work-related stressors, flawed system design, and misalignment with security policies. Itemizing these factors allows targeted interventions to address them individually, thereby reducing human errors and mitigating cybersecurity risks at rig sites.

Keywords

Cyber security , Human errors , Oil and Gas , Torque Turn System , User behavior

References

• [1] Zwilling M, Klien G, Lesjak D, Wiechetek Ł, Cetin F, Basim HN. Cyber security awareness, knowledge and behavior: A comparative study. Journal of Computer Information Systems. 2022;62(1):82-97. DOI: https://doi.org/10.1080/08874417.2020.1712269
• [2] Hanzu-Pazara R, Raicu G, Zagan R. The impact of human behaviour on cyber security of the maritime systems. Advanced Engineering Forum. 2019;34:267-274. DOI: https://doi.org/10.4028/www.scientific.net/AEF.34.267
• [3] Alissa KA, Alshehri HA, Dahdouh SA, Alsubaie BM, Alghamdi AM, Alharby A, et al. An instrument to measure human behavior toward cyber security policies. In: 21st Saudi Computer Society National Computer Conference (NCC); 25-26 April 2018; Riyadh, Saudi Arabia: IEEE; 2018. p. 1-6. DOI: https://doi.org/10.1109/NCG.2018.8592978
• [4] Esparza J, Caporusso N, Walters A. Addressing human factors in the design of cyber hygiene self-assessment tools. In: Corradini I, Nardelli E, Ahram T, editors. International Conference on Applied Human Factors and Ergonomics; 16-20 Jul 2020; San Diego: Springer, Cham; 2020. p. 88-94. DOI: https://doi.org/10.1007/978-3-030-52581-1_12
• [5] Malatji M, Marnewick A, Solms Sv. Validation of a socio-technical management process for optimising cybersecurity practices. Computers & Security. 2020;95:101846. DOI: https://doi.org/10.1016/j.cose.2020.101846
• [6] Donalds C, Osei-Bryson K-M. Cybersecurity compliance behavior: Exploring the influences of individual decision style and other antecedents. International Journal of Information Management. 2020;51:102056. DOI: https://doi.org/10.1016/j.ijinfomgt.2019.102056
• [7] Chowdhury NH, Adam MTP, Teubner T. Time pressure in human cybersecurity behavior: Theoretical framework and countermeasures. Computers & Security. 2020;97:101963. DOI: https://doi.org/10.1016/j.cose.2020.101963
• [8] Alshaikh M. Developing cybersecurity culture to influence employee behavior: A practice perspective. Computers & Security. 2020;98:102003. DOI: https://doi.org/10.1016/j.cose.2020.102003
• [9] Yeow JA, Ng PK, Tai HT, Chow MM. A review on human error in Malaysia manufacturing industries. Journal of Information System and Technology Management. 2020;5(19):1-13. DOI: https://doi.org/10.35631/JISTM.519001
• [10] Hadlington L. Human factors in cybersecurity; examining the link between internet addiction, impulsivity, attitudes towards cybersecurity, and risky cybersecurity behaviours. Heliyon. 2017;3(7):e00346. DOI: https://doi.org/10.1016/j.heliyon.2017.e00346
• [11] Alrawi LN, Pusatli T. Investigating end user errors in oil and gas critical control systems. In: 6th International Conference on Computer and Technology Applications (ICCTA); 14-16 Apr 2020; Antalya, Turkey: ACM; 2020. p. 41-45. DOI: https://doi.org/10.1145/3397125.3397135
• [12] Alladi T, Chamola V, Zeadally S. Industrial control systems: Cyberattack trends and countermeasures. Computer Communications. 2020;155:1-8. DOI: https://doi.org/10.1016/j.comcom.2020.03.007
• [13] Adeyanju IA, Emake ED, Olaniyan OM, Omidiora EO, Adefarati T, Uzedhe GO, et al. Digital industrial control systems: Vulnerabilities and security technologies. Current Applied Science and Technology. 2021;21(1):188-207. DOI: https://doi.org/10.14456/cast.2021.18
• [14] Anthi E, Williams L, Rhode M, Burnap P, Wedgbury A. Adversarial attacks on machine learning cybersecurity defences in industrial control systems. Journal of Information Security and Applications. 2021;58:102717. DOI: https://doi.org/10.1016/j.jisa.2020.102717
• [15] Progoulakis I, Nikitakos N, Rohmeyer P, Bunin B, Dalaklis D, Karamperidis S. Perspectives on cyber security for offshore oil and gas assets. Journal of Marine Science and Engineering. 2021;9(2):112. DOI: https://doi.org/10.3390/jmse9020112
• [16] Srivastava A, Gupta JP. New methodologies for security risk assessment of oil and gas industry. Process Safety and Environmental Protection. 2010;88(6):407-412. DOI: https://doi.org/10.1016/j.psep.2010.06.004
• [17] Beretas CP. Industrial control systems-the biggest cyber threat. Biomedical Journal of Scientific & Technical Research. 2020;31(4):24412-24415. DOI: http://dx.doi.org/10.26717/BJSTR.2020.31.005143
• [18] Luiijf E. Threats in industrial control systems. In: Colbert EJM, Kott A, editors. Cyber-security of SCADA and other industrial control systems. Advances in information security. Cham: Springer; 2016. p. 69–93. DOI: https://doi.org/10.1007/978-3-319-32125-7_5
• [19] Husák M, Bartoš V, Sokol P, Gajdoš A. Predictive methods in cyber defense: Current experience and research challenges. Future Generation Computer Systems. 2020;115:517-530. DOI: https://doi.org/10.1016/j.future.2020.10.006
• [20] Badawy M, Sherief NH, Abdel-Hamid AA. Legacy ICS cybersecurity assessment using hybrid threat modeling—an oil and gas sector case study. Applied Sciences. 2024;14(18):8398. DOI: https://doi.org/10.3390/app14188398
• [21] Zimmermann V, Renaud K. Moving from a "human-as-problem” to a "human-as-solution” cybersecurity mindset. International Journal of Human-Computer Studies. 2019;131:169-187. DOI: https://doi.org/10.1016/j.ijhcs.2019.05.005
• [22] Arend I, Shabtai A, Idan T, Keinan R, Bereby-Meyer Y. Passive- and not active-risk tendencies predict cyber security behavior. Computers & Security. 2020;97:101964. DOI: https://doi.org/10.1016/j.cose.2020.101964
• [23] Shohoud M. Study the effectiveness of ISO 27001 to mitigate the cyber security threats in the Egyptian downstream oil and gas industry. Journal of Information Security. 2023;14(2):152-180. DOI: https://doi.org/10.4236/jis.2023.142010
• [24] Triplett WJ. Addressing human factors in cybersecurity leadership. Journal of Cybersecurity and Privacy. 2022;2(3):573-586. DOI: https://doi.org/10.3390/jcp2030029
• [25] Li L, He W, Xu L, Ash I, Anwar M, Yuan X. Investigating the impact of cybersecurity policy awareness on employees’ cybersecurity behavior. International Journal of Information Management. 2019;45:13-24. DOI: https://doi.org/10.1016/j.ijinfomgt.2018.10.017
• [26] Rob R, Tural T, McLorn GW, Sheikh A, Hassan A. Addressing cyber security for the oil, gas and energy sector. In: North American Power Symposium (NAPS); 7-9 Sep 2014; Pullman, WA, USA: IEEE; 2014. p. 1-8. DOI: https://doi.org/10.1109/NAPS.2014.6965377
• [27] Knox BJ, Lugo RG, Sütterlin S. Cognisance as a human factor in military cyber defence education. IFAC-PapersOnLine. 2019;52(19):163-168. DOI: https://doi.org/10.1016/j.ifacol.2019.12.168
• [28] Radmand P, Talevski A, Petersen S, Carlsen S. Taxonomy of wireless sensor network cyber security attacks in the oil and gas industries. In: 24th IEEE International Conference on Advanced Information Networking and Applications; 20-23 Apr 2010; Perth, Australia: IEEE; 2010. p. 949-957. DOI: https://doi.org/10.1109/AINA.2010.175
• [29] AlKhaldi M, Pathirage C, Kulatunga U. The role of human error in accidents within oil and gas industry in Bahrain. In: 13th International Postgraduate Research Conference; 14-15 Sep 2017; Salford, UK. 2017. p. 822-834.
• [30] Vieane A, Funke G, Gutzwiller R, Mancuso V, Sawyer B, Wickens C. Addressing human factors gaps in cyber defense. In: Human Factors and Ergonomics Society Annual Meeting; Sep 2016. Sage; 2016. p. 770-773. DOI: https://doi.org/10.1177/1541931213601176