Defending Oil & Gas Critical Infrastructures from Cyber-attacks


Prof Dimitris Gritzalis, Athens University of Economics & Business, Greece (left)

Dr George Stergiopoulos, Athens University of Economics & Business, Greece (right)


The importance of the Oil and Gas (O&G) sector on the global economy is a well-known fact. Market reports state that oil investments reached 500B$ in 2019, with global oil around 1M barrels/day. Τhe constant digital growth and the prevalence of Industry 4.0 systems in modern infrastructures has increased the attack surface of the O&G sector. Novel attacks and attack methods are constantly targeting O&G cyber-physical systems. Attacks on such systems can have adverse geopolitical effects and, more often than not, the interconnected nature of O&G infrastructures exacerbates the impact of such attacks due to cascading failures introduced by dependencies of other critical infrastructures on the O&G sector. In this talk, we will present and discuss the current trends on cyberattacks on all sub-sectors of the O&G sector. We will present the current situation, analyze previous incidents, propose indicators, and discuss open issues concerning cyber-attacks on this sector.


Dr. Dimitris Gritzalis is a Professor of Cybersecurity with the Dept. of Informatics, Athens University of Economics and Business (AUEB), Greece, also serving as Director of the MSc Programme in Information Systems Development and Security. He has served as Associate Rector for Research and President of the Life-long Education Center of the University. Prof Gritzalis has received a BSc (Mathematics, Univ. of Patras), an MSc (Computer Science, City University of New York), and a PhD (Information Systems Security, Univ. of the Aegean). He is the Academic Editor of Computers & Security (Elsevier) and the Scientific Editor of the International Journal of Critical Infrastructure Protection (Elsevier). Prof Gritzalis has also held the positions of the President of the Greek Computer Society and the Associate Data Protection Commissioner of Greece. For more than 30 years he has been providing consulting services, on an international scale, and has published research papers extensively. He has chaired the PC of several international conferences (ACM, IEEE, IFIP, GCS). His current research interests include critical infrastructure protection (Energy, Health, I&CT, Transportation), risk assessment, malware, and smartphone security.

Dr. George Stergiopoulos is a Senior Researcher, Αdjunct Lecturer and IT Security Consultant. He has a PhD in Information Security software and Critical Infrastructure Protection from the Department of Informatics, Athens University of Economics and Business, Athens, Greece, an MSc in Information Technology from Athens University of Economics and Business, Athens, Greece and a BSc in Computer Science from the University of Piraeus. He is a member of the In­for­ma­ti­on Security and Cri­tical Infra­struc­ture Protection (IN­FOSEC) Laboratory and the Cybersecurity Research Group from Department of Informatics, University of Piraeus. His cur­rent re­search in­te­­rests focus on Cri­­ti­cal In­fra­structure Pro­­tection, Risk Assessment, Application and Network Security and Software Engineering. He has published more than 30 articles in journals and conference proceedings. His professional experience includes working as a consultant in cybersecurity projects for developing enterprise Security Plans, Business Continuity Plans, Destruction Recovery plans and assessing enterprises against IT threats and risks through governance, compliance, identification, and validation. He also works as an IT and OT security penetration tester.