Incorporating cybersecurity measures around industrial control systems (ICS) within the petrochemical sector

IF 4.2 3区工程技术 Q2 ENGINEERING, CHEMICAL

Journal of Loss Prevention in The Process Industries Pub Date : 2025-09-21 DOI:10.1016/j.jlp.2025.105803

Lushen Rajaruthnam, Rina Peach

{"title":"Incorporating cybersecurity measures around industrial control systems (ICS) within the petrochemical sector","authors":"Lushen Rajaruthnam, Rina Peach","doi":"10.1016/j.jlp.2025.105803","DOIUrl":null,"url":null,"abstract":"<div><div>The fast adoption of technologies that enable the Fourth Industrial Revolution (4IR) in the South African industrial sector has been well noted, and is advancing to meet global pressures. Cybersecurity countermeasures to protect and safeguard the expanding interconnected nature of several industrial sectors have not kept pace. The steadfast march toward digitalization and Industrial Internet of Things (IIoT) optimization increases industrial control systems' (ICSs) vulnerabilities, and they become ripe targets for the wicked. This study aimed to identify the current level of the cybersecurity maturity of ICS assets in the South African petrochemical sector and to investigate the root causes of that level of maturity. Extensive research was done into industry best practices, lessons learned, and global governing bodies of knowledge. A target maturity (from NIST 800-xx and IEC 62443-x-x) and possible contributing factors to poor adoption were identified and tested with a population in a cluster of South African petrochemical facilities. The research propositions concurred with the results, showing systemic barriers to adequate ICS cybersecurity adoption. A risk-based approach and a high-level recommendation roadmap were developed to address poor maturity levels. More specific sector studies could be conducted in the future to refine the findings, but this framework and roadmap could be implemented directly as a starting point for an organization's ICS cybersecurity journey.</div></div>","PeriodicalId":16291,"journal":{"name":"Journal of Loss Prevention in The Process Industries","volume":"99 ","pages":"Article 105803"},"PeriodicalIF":4.2000,"publicationDate":"2025-09-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Loss Prevention in The Process Industries","FirstCategoryId":"5","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S095042302500261X","RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"ENGINEERING, CHEMICAL","Score":null,"Total":0}

引用次数: 0

Abstract

The fast adoption of technologies that enable the Fourth Industrial Revolution (4IR) in the South African industrial sector has been well noted, and is advancing to meet global pressures. Cybersecurity countermeasures to protect and safeguard the expanding interconnected nature of several industrial sectors have not kept pace. The steadfast march toward digitalization and Industrial Internet of Things (IIoT) optimization increases industrial control systems' (ICSs) vulnerabilities, and they become ripe targets for the wicked. This study aimed to identify the current level of the cybersecurity maturity of ICS assets in the South African petrochemical sector and to investigate the root causes of that level of maturity. Extensive research was done into industry best practices, lessons learned, and global governing bodies of knowledge. A target maturity (from NIST 800-xx and IEC 62443-x-x) and possible contributing factors to poor adoption were identified and tested with a population in a cluster of South African petrochemical facilities. The research propositions concurred with the results, showing systemic barriers to adequate ICS cybersecurity adoption. A risk-based approach and a high-level recommendation roadmap were developed to address poor maturity levels. More specific sector studies could be conducted in the future to refine the findings, but this framework and roadmap could be implemented directly as a starting point for an organization's ICS cybersecurity journey.

查看原文本刊更多论文

围绕石化行业的工业控制系统（ICS）采取网络安全措施

南非工业部门迅速采用了使第四次工业革命（4IR）成为可能的技术，并正在推进以应对全球压力。保护和维护多个工业部门日益扩大的互联性的网络安全对策没有跟上步伐。数字化和工业物联网（IIoT）优化的稳步发展增加了工业控制系统（ics）的脆弱性，它们成为邪恶分子的成熟目标。本研究旨在确定南非石化行业ICS资产的网络安全成熟度的当前水平，并调查该成熟度水平的根本原因。对行业最佳实践、经验教训和全球知识管理机构进行了广泛的研究。目标成熟度（来自NIST 800-xx和IEC 62443-x-x）和可能导致采用率低的因素被确定并在南非石化设施集群中进行了测试。研究主张与结果一致，显示了充分采用ICS网络安全的系统性障碍。开发了基于风险的方法和高级建议路线图，以解决较差的成熟度级别。未来可以进行更具体的行业研究，以完善研究结果，但该框架和路线图可以直接作为组织ICS网络安全之旅的起点实施。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Loss Prevention in The Process Industries 工程技术-工程：化工

CiteScore

7.20

自引率

14.30%

发文量

226

审稿时长

52 days

期刊介绍： The broad scope of the journal is process safety. Process safety is defined as the prevention and mitigation of process-related injuries and damage arising from process incidents involving fire, explosion and toxic release. Such undesired events occur in the process industries during the use, storage, manufacture, handling, and transportation of highly hazardous chemicals.