Investigation of Cybersecurity Vulnerabilities and Mitigation Strategies in Nigeria's Oil and Gas Industry
Article Sidebar
Main Article Content
Abstract
As Africa's largest oil producer, Nigeria heavily relies on its Oil & Gas (O&G) sector, which significantly contributes to the nation's GDP, export profits, and government revenue. However, this sector faces substantial challenges due to its susceptibility to cyberattacks, which exploit the vast amounts of sensitive data generated across its operations. These threats have become more prominent with the integration of digital technologies, increasing the sector's vulnerability. Despite efforts like the Nigerian Data Protection Regulation, cyber incidents like ransomware and Advanced Persistent Threats (APTs) continue targeting critical infrastructure, leading to severe financial, operational, and environmental impacts. The rising frequency of such attacks highlights the urgent need for enhanced cybersecurity measures within Nigeria's O&G industry. This study aims to investigate the cybersecurity landscape in the sector, focusing on identifying prevalent cyber threats and assessing the effectiveness of current control measures. Through systematically analyzing existing research and data, the study seeks to provide insights into the evolution of cyber threats and propose strategies for strengthening the sector's cybersecurity posture.
Downloads
Article Details
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
References
Oluniyi, A. E. (2017). Nigeria's oil and gas production and Niger Delta militant: The need of oil resources to stop oil reliance for sustainable development. Global Journal of Human Social Science, 17(5), 22-34.
Ogbuigwe, A. (2018). Refining in Nigeria: history, challenges, and prospects. Applied Petrochemical Research, 8, 181-192.
Donwa, P., Mgbame, C., & Ekpulu, G. (2015). Economic growth: oil and gas contributions. Sci-Afric Research Journal of Accounting and Monetary Policy, 1(2), 102-108.
Owan, V. J., Ndibe, V., & Anyanwu, C. C. (2020). Diversification and economic growth in Nigeria (1981–2016): An econometric approach based on ordinary least squares (OLS). European Journal of Sustainable Development Research, 4(4).
The Guardian. (2023a). 32 Cyber-attacks leave the oil sector vulnerable. The Guardian. https://guardian.ng/energy/32-cyber-attacks-leave-oil-sector-vulnerable/
Microsoft InfoSec, (2023). What is information security (InfoSec)? Microsoft. Retrieved December 13, 2022, from https://www.microsoft.com/en-ww/security/business/security-101/what-is-information-security-infosec.
Siddiqi, M.A.; Pak, W.; and Siddiqi, M.A. (2022). A Study on the Psychology of Social Engineering- Based Cyberattacks and Existing Countermeasures. Appl. Sci. 12, 6042. https://doi.org/10.3390/app12126042.
Sampson, A. S., & Ojen, I. M. (2021). Perception analysis of COVID-19 pandemic, cybercrime and well-being of online fraud victims in Calabar, Nigeria. International Journal of Public Administration and Management Research, 6(4), 29-35.
THISDAY (2023, September 19). Despite the multi-billion Naira spending on oil asset protection, Nigeria recorded the least crude output in four years. This Day Live. https://www.thisdaylive.com/index.php/2023/09/19/despite-multi-billion-naira-spending-on-oil-assets-protection-nigeria-records-least-crude-output-in-four-years
Tenable. (2022). Industrial Cybersecurity to Secure Oil and Gas Operations. Tenable. https://www.tenable.com/solutions/oil-and-gas. Accessed October 22, 2024.
Mc Ewan, K. A. (2020). Cyber-threats as political risk: increased risk for the oil and gas industry (Doctoral dissertation, Stellenbosch: Stellenbosch University).
Broadhurst, R. (2017). Cybercrime: Thieves, Swindlers, Bandits, and Privateers in Cyberspace. In The Oxford Handbook of Cyber Security. Oxford, UK: Oxford Handbooks Press.
Stellios, I., Kotzanikolaou, P., Psarakis, M., Alcaraz, C., & Lopez, J. (2018). A survey of IoT-enabled cyberattacks: Assessing attack paths to critical infrastructures and services. IEEE Communications Surveys & Tutorials, 20(4), 3453-3495.
Achunike, V. U., & Egbuna, F. C. (2016). Synopsis of Cyber-attacks Incidents and Impacts on Oil and Gas Critical Infrastructures: A Nigerian Perspective. International Journal of Advances in Engineering and Management (IJAEM). 2(3), 335-343
Lu, H., Guo, L., Azimi, M., & Huang, K. (2019). Oil and Gas 4.0 era: A systematic review and outlook. Computers in Industry, 111, 68-90.
Wall, D. S. (2017). Crime, security and information communication technologies: The changing cybersecurity threat landscape and its implications for regulation and policing. Security and Information Communication Technologies: The Changing Cybersecurity Threat Landscape and Its Implications for Regulation and Policing (July 20, 2017).
Jabar, T., & Mahinderjit Singh, M. (2022). Exploration of mobile device behavior for mitigating advanced persistent threats (APT): a systematic literature review and conceptual framework. Sensors, 22(13), 4662.
Duffy, C. (2021) A massive ransomware attack hit hundreds of businesses. Here’s what we know CNN business, CNN. Available at: https://www.cnn.com/2021/07/06/tech/kaseya-ransomware-what-we-know/index.html (Accessed: 14 June 2024).
Faircloth, C., Hartzell, G., Callahan, N., & Bhunia, S. (2022). A study on brute force attack on T-Mobile leading to SIM-hijacking and identity theft. In 2022 IEEE World AI IoT Congress (AIIoT) (501-507). IEEE.
BBC News. (2021, July 22). Hackers reportedly demand $50m from Saudi Aramco over data leak. BBC. https://www.bbc.com/news/business-57924355. Accessed October 22, 2024.
Mikkelsen, D. (2024, May 24). Decade of danger: The Top 10 cyberattacks on the Oil & Gas Industry. Oilandgasmiddleeast.com. http://w.oilandgasmiddleeast.com/listing/decade-of-danger-the-top-10-cyberattacks-on-the-oil-gas-industry. Accessed October 28, 2024.
Morrison, S. (2021, May 10). How a major oil pipeline got held for ransom. Vox. https://www.vox.com/recode/22428774/ransomeware-pipeline-colonial-darkside-gas-prices. Accessed October 18, 2024.
Briggs, B. (2019, December 16). Hackers hit Norsk Hydro with ransomware. The company responded with transparency. Source. https://news.microsoft.com/source/features/digital-transformation/hackers-hit-norsk-hydro-ransomware-company-responded-transparency/. Accessed October 22, 2024.
Stillman, A., & Sebenius, A. (2019, November 12). Pemex Faces Payment Problems After Cyber Attack Shut System. Bloomberg.com. https://www.bloomberg.com/news/articles/2019-11-11/pemex-workers-barred-from-computers-after-unexpected-shutdown. Accessed October 20, 2024.
Walton, R. (2018, April 4). Hackers hit communications system of Energy Transfer Partners pipeline. Utility Dive. https://www.utilitydive.com/news/hackers-hit-communications-system-of-energy-transfer-partners-pipeline/520531/. Accessed October 21, 2024.
Jaiyeola, T. (2022, November 24). Hackers attack 39% Nigeria’s oil sector computers – Report. Punch Newspapers; Punch Newspaper. https://punchng.com/hackers-attack-39-nigerias-oil-sector-computers-report/. Accessed October 18, 2024.
Jeremiah, K. (2023, March 8). 32 cyber attacks leave oil sector vulnerable. The Guardian. https://guardian.ng/energy/32-cyber-attacks-leave-oil-sector-vulnerable/. Accessed October 22, 2024.
Obonna, U. O., Opara, F. K., Mbaocha, C. C., Obichere, J.-K. C., Akwukwaegbu, I. O., Amaefule, M. M., & Nwakanma, C. I. (2023a). Detection of man-in-the-middle (MitM) cyber-attacks in oil and gas process control networks using machine learning algorithms. Future Internet, 15(8), 280. https://doi.org/10.3390/fi15080280
Onuntuei, E. (2018). Safety, Risk, and Reliability of Cyber Network in Oil and Gas Industry. PUPIL: International Journal of Teaching, Education, and Learning, 2(2),81-97.DOI-https://dx.doi.org/10.20319/pijtel.2018.22.8197
Obonna, U. O., Opara, F. K., Mbaocha, C. C., Obichere, J.-K. C., Nwakanma, C. I., Ahakonye, L. A. C., & Kim, D.-S. (2023b). Coarse tree algorithm-based detection of unstructured cyber-attacks in oil and gas process control networks. 2023 IEEE AFRICON.
Gidado, S. (2020, January 8). Cyber security in Nigerian oil & gas sector. Linkedin.com. https://www.linkedin.com/pulse/cyber-security-nigerian-oil-gas-sector-sirajo-Gidado. Accessed October 22, 2024.
Adebayo, C. (2021, May 12). Cybersecurity in Nigeria’s energy sector: Lessons from the “DarkSide.” Nairametrics. https://nairametrics.com/2021/05/12/cybersecurity-in-nigerias-energy-sector-lessons-from-the-darkside/. Accessed October 22, 2024.
Davis, D. (2022, November 1). 5 big cyberattacks in oil and gas. Oil & Gas IQ. https://www.oilandgasiq.com/digital-transformation/articles/5-big-cyber-security-attacks-in-oil-and-gas. Accessed October 22, 2024.
THISDAY (2023b, September 19). Despite the multi-billion Naira spending on oil asset protection, Nigeria recorded the least crude output in four years. This Day Live. https://www.thisdaylive.com/index.php/2023/09/19/despite-multi-billion-naira-spending-on-oil-assets-protection-nigeria-records-least-crude-output-in-four-years. Accessed October 22, 2024.
Chukwuemeka, A., & Ngozi, M. (2017). Securing Nigeria’s Crude Oil and Gas Pipelines–Change in Current Approach and Focus on the Future. Scientific Research Journal (SCIRJ), 5(1), 1-9.
Saravanan, S., Menon, A., Saravanan, K., Hariharan, S., Nelson, L., & Gopalakrishnan, J. (2023). Cybersecurity audits for emerging and existing cutting-edge technologies. In 2023 11th International Conference on Intelligent Systems and Embedded Design (ISED) (1-7). IEEE.
Al-majed, R., Ibrahim, A., Abualkishik, A., Mourad, N., & Almansour, F. (2022). Using machine learning algorithm for detection of cyber-attacks in cyber-physical systems. Periodicals of Engineering and Natural Sciences (PEN), 10(3), 261. https://doi.org/10.21533/pen.v10i3.3035
Uyyala, P. (2022). DETECTION OF CYBER ATTACK IN NETWORK USING MACHINE LEARNING TECHNIQUES. Journal of Interdisciplinary Cycle Research, 14(3), 1903-1913.
Semwal, P., & Handa, A. (2022). Cyber-attack detection in cyber-physical systems using supervised machine learning. Handbook of Big Data Analytics and Forensics, 131-140.
Aragonés L. M., Pérez Llopis, I., & Esteve Domingo, M. (2023). Threat hunting system for protecting critical infrastructures using a machine learning approach. Mathematics, 11(16), 3448.
Arora, P., Kaur, B., & Teixeira, M. A. (2021). Evaluation of machine learning algorithms used on attack detection in industrial control systems. Journal of The Institution of Engineers (India): Series B, 102(3), 605-616.
Avcı, İ., & Koca, M. (2023). Cybersecurity Attack Detection Model, Using Machine Learning Techniques. Acta Polytechnica Hungarica, 20(7), 29-44.
Öztürk, T., Turgut, Z., Akgün, G., & Köse, C. (2022). Machine learning-based intrusion detection for SCADA systems in healthcare. Network Modeling Analysis in Health Informatics and Bioinformatics, 11(1), 47.
Zarandi, Z. N., & Sharifi, I. (2020, December). Detection and identification of cyber-attacks in cyber-physical systems based on machine learning methods. In 2020 11th International Conference on Information and Knowledge Technology (IKT) (107-112). IEEE.
Arya, L., & Gupta, G. P. (2023, March). Ensemble filter-based feature selection model for cyber-attack detection in industrial Internet of Things. In 2023 9th International Conference on Advanced Computing and Communication Systems (ICACCS), IEEE, 1, 834-840.
Raza, A., Memon, S., Nizamani, M. A., & Shah, M. H. (2022, June). Machine learning-based security solutions for critical cyber-physical systems. In 2022 10th International Symposium on Digital Forensics and Security (ISDFS), IEEE, 1-6.
Singh, S., & Silakari, S. (2014). An ensemble approach for cyber attack detection system: a generic framework. International Journal of Networked and Distributed Computing, 2(2), 78-90.
Alqahtani, H., Sarker, I. H., Kalim, A., Minhaz Hossain, S. M., Ikhlaq, S., & Hossain, S. (2020). Cyber intrusion detection using machine learning classification techniques. In Computing Science, Communication and Security: First International Conference, COMS2 2020, Gujarat, India, March 26–27, 2020, Revised Selected Papers 1, Springer Singapore, 121-131.
Al Ogaili, R. R. N., Alomari, E. S., Alkorani, M. B. M., Alyasseri, Z. A. A., Mohammed, M. A., Dhanaraj, R. K., ... & Karuppayah, S. (2023). Malware cyberattack detection using a novel feature selection method based on a modified whale optimization algorithm. Wireless Networks, 1-17.
Bhardwaj, A., Chandok, S. S., Bagnawar, A., Mishra, S., & Uplaonkar, D. (2022). Detection of cyber-attacks: XSS, SQL, phishing attacks, and detecting intrusion using machine learning algorithms. In 2022 IEEE Global Conference on Computing, Power and Communication Technologies (GlobConPT), IEEE, 1-6.
Zakariah, M., AlQahtani, S. A., Alawwad, A. M., & Alotaibi, A. A. (2023). Intrusion Detection System with Customized Machine Learning Techniques for NSL-KDD Dataset. Computers, Materials & Continua, 77(3).
Ghiasi, M., Dehghani, M., Niknam, T., Kavousi-Fard, A., Siano, P., & Alhelou, H. H. (2021). Cyber-attack detection and cyber-security enhancement in smart DC-microgrid based on blockchain technology and Hilbert Huang transform. Ieee Access, 9, 29429-29440.
Yu, Y., Liu, G. P., Zhou, X., & Hu, W. (2022). Blockchain protocol-based predictive secure control for networked systems. IEEE Transactions on Industrial Electronics, 70(1), 783-792.
Singh, R., Kukreja, D., & Sharma, D. K. (2023). Blockchain-enabled access control to prevent cyber-attacks in IoT: Systematic literature review. Frontiers in Big Data, 5, 1081770.
Ajayi, O., & Saadawi, T. (2020). Blockchain-based architecture for secured cyber-attack features exchange. In 2020 7th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/2020 6th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom), IEEE, 100-107
Dang, T., Tian, G., Wei, J., & Liu, S. (2023). Blockchain-based collaborative intrusion detection scheme. International Journal of Computational Science and Engineering, 26(4), 418-429.
Dawit, N. A., Mathew, S. S., & Hayawi, K. (2020). Suitability of blockchain for collaborative intrusion detection systems. In 2020 12th Annual Undergraduate Research Conference on Applied Computing (URC), IEEE, 1-6.
Ajayi, O., Cherian, M., & Saadawi, T. (2019). Secured cyber-attack signatures distribution using blockchain technology. In 2019 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC), IEEE, 482-488.
Li, W., Tug, S., Meng, W., & Wang, Y. (2019). Designing collaborative blockchained signature-based intrusion detection in IoT environments. Future Generation Computer Systems, 96, 481-489.
Laufenberg, D., Li, L., Shahriar, H., & Han, M. (2019). An architecture for blockchain-enabled collaborative signature-based intrusion detection system. In Proceedings of the 2019 ACM Southeast Conference, 169-169, https://doi.org/10.1145/3349266.3351389
Meng, W., Tischhauser, E. W., Wang, Q., Wang, Y., & Han, J. (2018). When intrusion detection meets blockchain technology: a review. Ieee Access, 6, 10179-10188.
Hazman, C., Amaouche, S., Abdedaime, M., Guezzaz, A., Benkirane, S., & Azrour, M. (2024). A collaborative intrusion detection approach based on deep learning and blockchain. 112-124). Chapman and Hall/CRC.
Alkadi, O., Moustafa, N., Turnbull, B., & Choo, K. K. R. (2020). A deep blockchain framework-enabled collaborative intrusion detection for protecting IoT and cloud networks. IEEE Internet of Things Journal, 8(12), 9463-9472