Document Type : Original Article
Authors
1
Strategic Management, Faculty of Defense, University and Institute of National Defense and Strategic Research, Tehran, Iran
2
Industrial Safety, Faculty of Safety and Security Measures, Imam Hussein (AS) University, Tehran, Iran
Abstract
Industrial Control Systems (ICS) in the gas industry, as part of countries' critical infrastructure, face increasing cyber threats. These threats, considering the strategic importance of the gas industry to national economy and security, as well as the crucial role of industrial control systems in the gas industry, have created serious challenges. To the extent that today, many hostile countries plan cyber attacks targeting industrial control systems in other countries' gas industries. This research aims to identify and analyze cyber vulnerabilities in industrial control systems of the gas industry and present a systemic model to counter these threats.The research methodology was mixed (quantitative-qualitative) and the necessary information was collected through extensive field studies of gas facilities, in-depth interviews with cybersecurity specialists and gas industry engineers, specialized questionnaires, and document analysis. The resulting data has been analyzed using advanced statistical methods and qualitative content analysis.The research results indicate that the main vulnerabilities include lack of integration in security architecture, use of legacy systems that cannot be updated, weaknesses in user and contractor access management, and deficiencies in staff training regarding cyber threats. Additionally, connections between administrative and industrial networks, lack of continuous system monitoring, and absence of incident response protocols are among other identified challenges.The proposed systemic model includes five protective layers (defense in depth) covering all technical, managerial, human, procedural, and supervisory aspects. This model, emphasizing preventive approaches and rapid response, is capable of implementation in the specific conditions of gas infrastructure and can serve as a comprehensive and practical framework for strengthening cybersecurity in this strategic industry.
Keywords