StudyDaddy Information Systems This assignment serves to benchmark competency 2.1: Establish a risk management framework using industry standards for compliance. Based on an executive level report, deliver the findings of the Topic

This assignment serves to benchmark competency 2.1: Establish a risk management framework using industry standards for compliance. Based on an executive level report, deliver the findings of the Topic

Stephen 5











Security Risk in the Oil and Gas Industry
















Sean “Yogi” Stephen


CYB 535


November 25, 2020



Security Risks in the Oil and Gas Industry

The oil and gas industry, like any other industry, is a target of Network/IT threats including, data theft, Identity theft, denial of service, spyware, and viruses, among others. "Over the first six months of 2020, the percentage of systems attacked in the oil and gas industry increased when compared to the same period last year" (Coble). The threats sometimes are not limited to external attacks but also include internal factors like system failure, misconfiguration, and natural disasters, among other causes. These double-sided instances necessitate the inclusion of redundancy, failovers, failure domain, and backup analysis in the development of low-risk network designs for organizations. However, network designs have not been able to stop the attacks on networks/IT systems. Still, a properly designed structure can reduce or make it difficult for attackers to successfully carry out attacks.

A threat is an intention suggestive of a malicious action against a person or a thing. In information technology, the danger is an action targeted at the vulnerability of a system to alter its operation mode or disrupt its process flow. Risk is the susceptibility of a strategy to a threat. In order words, chances are the possibilities for a network to be successfully attacked. IT systems are hosts to information that are valuable to an organization. Most times, information hosted on the system can be useful to order people or could be a means to blackmail the organization hosting it, and unauthorized users deploy actions to access or utilize hosted information. To this end, organizations employ stringent procedures to ensure that it is difficult for information in their network are not accessible by an unauthorized user, and services of their IT infrastructure are not easily disrupted.

"Any activity in the oil and gas sector is subject to risks caused by threats and vulnerabilities" (Winther). The vulnerability of the oil and gas industry are evident in past events. Attackers get more sophisticated in their attacks, assessing and accessing every vulnerability the system has. "A recent ransomware attack caused a U.S. natural gas compressor facility to shut for two days" (Buurma, and Sebenius). Attackers deployed a phishing attack in a mail, through which they were able to gain administrative access to the firm's information technology system. This attack exposes the inadequate awareness of oil and gas firms' employees on cyber-attack. The oil and gas industry, recently, has been using standard IT Systems component like PCs and Windows Operating System products with known vulnerabilities in automation and process control systems, against the previous proprietary systems. The use of these products exposes the system to the vulnerabilities associated with these components.

Hosting and management of production data are exposed to attacks, as remote access to information on the internal networks is being enabled. Employees' access to critical information servers during operations and maintenance, and workplace arrangement due to the COVID-19 pandemic, has necessitated remote access by employees to the information servers, exposing the servers to possible attacks. Oil firms do not enforce adequate security measures/procedures in vendors and contractors which allows for the inclusion of vulnerable technologies in the building of industrial control systems, ICS. The inclusion of the vulnerable component is mostly without adequate security model to prevent cyber-attacks. Inadequate data network security management culture exposes the sector to the ever-increasing sophistication in cyber-attacks. The use of vulnerable software, aging control system without security model, and inadequate physical security of data infrastructure, expose the sector to threats too.

The oil and gas industry has been reputable for the use of proprietary technologies in their automation and control system, and access to their information systems was mostly internal, or on a strict tunneling standard. The oil and gas industry has been integrating standard technology systems in their process control and automation systems through the services of their contracting organizations, without a proper security model against the possible attacks associated with these technologies.

Works Cited

Buurma, Christine, and Alyza Sebenius. "Bloomberg - Are You A Robot?". Bloomberg.Com,

2020, https://www.bloomberg.com/news/articles/2020-02-18/ransomware-shuts-u-s-gas-compressor-for-2-days-in-latest-attack.

Coble, Sarah. "Attacks Against Oil and Gas Industry on The Rise". Infosecurity Magazine,

2020, https://www.infosecurity-magazine.com/news/attacks-against-oil-and-gas/.

Winther, Trond. "Cyber Security Vulnerabilities for the Oil and Gas Industry - DNV GL". DNV

GL, 2020, https://www.dnvgl.com/oilgas/download/lysne-committee-study.html.



Have a similar question?

Continue to edit or attach image(s).

  • Fast and convenient

    Fast and convenient

    Simply post your question and get it answered by professional tutor within 30 minutes. It's as simple as that!

  • Any topic, any difficulty

    Any topic, any difficulty

    We've got thousands of tutors in different areas of study who are willing to help you with any kind of academic assignment, be it a math homework or an article.

  • 100% Satisfied Students

    100% Satisfied Students

    Join 3,4 million+ members who are already getting homework help from StudyDaddy!