Incorporating cybersecurity measures around industrial control systems (ICS) within the petrochemical sector

Abstract

The fast adoption of technologies that enable the Fourth Industrial Revolution (4IR) in the South African industrial sector has been well noted, and is advancing to meet global pressures. Cybersecurity countermeasures to protect and safeguard the expanding interconnected nature of several industrial sectors have not kept pace. The steadfast march toward digitalization and Industrial Internet of Things (IIoT) optimization increases industrial control systems' (ICSs) vulnerabilities, and they become ripe targets for the wicked. This study aimed to identify the current level of the cybersecurity maturity of ICS assets in the South African petrochemical sector and to investigate the root causes of that level of maturity. Extensive research was done into industry best practices, lessons learned, and global governing bodies of knowledge. A target maturity (from NIST 800-xx and IEC 62443-x-x) and possible contributing factors to poor adoption were identified and tested with a population in a cluster of South African petrochemical facilities. The research propositions concurred with the results, showing systemic barriers to adequate ICS cybersecurity adoption. A risk-based approach and a high-level recommendation roadmap were developed to address poor maturity levels. More specific sector studies could be conducted in the future to refine the findings, but this framework and roadmap could be implemented directly as a starting point for an organization's ICS cybersecurity journey.

HIGHLIGHTS • Evaluates ICS cybersecurity maturity in South Africa's petrochemical sector. • Identifies systemic barriers to cybersecurity adoption and implementation. • Uses a mixed-method approach with NIST 800–53 and IEC 62443 frameworks. • Finds weak maturity in Protect and Detect pillars due to poor automation. • Proposes a high-level roadmap to enhance ICS cybersecurity resilience.