Cyber-Attacks on the Oil & Gas Sector: A Survey on Incident Assessment and Attack Patterns

During the past two decades, oil and gas operational and information technology systems have experienced constant digital growth, closely followed by an increasing number of cyber-attacks on the newly interconnected systems. Adversaries exploit vulnerable accessible device or malware attacks networked services, in an attempt to gain access to critical systems and machinery that are interconnected over networks. Given the importance of the oil and gas sector on the global economy and the diversity of critical systems often being controlled over remote locations, it is highly important to understand and mitigate such attacks. In this paper, we survey cyber-attacks on all three domains of the oil and gas sector (upstream, midstream, downstream) starting from the early 90s up until 2020. For each domain, we document and analyze verified attacks based on real-world reports and published demo attacks on systems. We map and catalogue the attack types used in each case, in order to understand common and subliminal attack paths against oil and gas critical operations. Our aim is threefold, i.e., first, to assess documented attacks using standardized impact assessment techniques and highlight potential consequences of cyber-attacks on this sector, second, to build a vulnerability taxonomy based on technical knowledge gathered by all such incidents and connect each vulnerability with oil and gas systems and respective attack paths, and third, to map the documented knowledge and taxonomies with MITRE's international knowledge base of Adversary Tactics and Techniques, so as to provide a general guide for analyzing and protecting against cyber-attacks at oil and gas infrastructures.