The Effectiveness of the Current Cybersecurity Framework used by the UAE’s Oil and Gas Industry: The Perspective of the Cybersecurity Practitioners
|© 2021 by IJCTT Journal|
|Year of Publication : 2021|
|Authors : Mohamed Jumah AL Dhanhani and Jessnor Elmy Mat Jizat|
|DOI : 10.14445/22312803/IJCTT-V69I11P105|
How to Cite?
Mohamed Jumah AL Dhanhani and Jessnor Elmy Mat Jizat, "The Effectiveness of the Current Cybersecurity Framework used by the UAE’s Oil and Gas Industry: The Perspective of the Cybersecurity Practitioners," International Journal of Computer Trends and Technology, vol. 69, no. 11, pp. 29-36, 2021. Crossref, https://doi.org/10.14445/22312803/IJCTT-V69I11P105
As acknowledged, any organization involved in critical industries, such as the oil and gas sector, needs to employ effective cybersecurity measures to protect its critical infrastructure from cyber threats. As such, this study was carried out to determine the adaptability, flexibility, and effectiveness of the cybersecurity framework currently used by various companies involved in oil and gas production in the UAE. This study was based on a quantitative approach involving a survey methodology through which a sample of the target population was surveyed to elicit their professional feedback or expert opinions. The study sample consisted of 94 cybersecurity practitioners or subject matter experts (SMEs) who were randomly selected from 15 companies operating in the UAE’s oil and gas sector of the economy. The research instrument used in this study was based on a survey questionnaire consisting of 44 items to elicit respondents’ demography and their perceptions regarding the flexibility, adaptability, and effectiveness of the cybersecurity framework. Data were analyzed descriptively using Statistical Package for Social Science (SPSS). Demographically, the findings showed that the majority of the respondents were males, had at least a Bachelor’s degree, had more than 10 years of work experience, and worked on the sites. Specifically, the findings showed that the flexibility, adaptability, and effectiveness of the current cybersecurity framework were highly rated by the respondents, suggesting that the cybersecurity practitioners in the UAE believe that this framework is very effective, adaptable, and flexible in helping them to develop superior cybersecurity programs and systems to deal with any form of cyber threats. As such, this finding provides strong evidence for all the major players in the UAE’s oil and gas industry to utilize the current cybersecurity framework in their ongoing efforts to provide strong protection for their critical assets against cyber threats.
Cyberattacks, Cybersecurity framework, Oil and gas industry, Safety, and Security measures.
 W.B. United Arab Emirates GDP. World Bank, (2019).
 F. Hacquebord, F. and C. Pernet, Drilling Deep: A look at Cyber attacks on the Oil and Gas Industry, Trend Micro Research, (2020).
 A. Al Neaimi, T. Ranginya, and P. Lutaaya, A framework for the effectiveness of cyber security defences: a case of the United Arab Emirates (UAE), International Journal of Cyber-Security and Digital Forensics (IJCSDF), 4(1) (2015) 290-301.
 C. Pedersen, Much Ado about Cyber-space: Cyber-terrorism and the Reformation of the Cyber-security, Pepperdine Policy Review, 7.
 D. Kamel and J. Gnana, Middle East energy companies` cyber-security investments lag, The National, Dubai, (2019).
 A. GarcíaZaballos and F. González Herranz, From Cybersecurity to Cybercrime: A Framework for Analysis and Implementation, Inter-American Development Bank, (2013).
 I. Progoulakis, N. Nikitakos, P. Rohmeyer, B. Bunin, D. Dalaklis and S. Karamperidis, Perspectives on Cyber Security for Offshore Oil and Gas Assets, Journal of Marine Science and Engineering, 9(2) (2021) 112. [Online]. Available: 10.3390/jmse9020112.
 C. Haughey, Cybersecurity Framework: How To Create A Resilience Strategy, Security Intelligence, [Online]. Available: https://securityintelligence.com/articles/how-to-create-a-cybersecurity-framework/. (2020)
 D. Syed, T.-H. Chang, D. Svetinovic, T. Rahwan, and Z. Aung, Security for Complex Cyber-Physical and Industrial, Pacific Asia Conference on Information Systems - PACIS Proceedings, (2017) 180.
 E. Luiijf, K. Besseling, and P. Graaf, Nineteen National Cyber Security Strategies, International Journal of Critical Infrastructure Protection, 9 (1) (2013).
 M. Al Dhanhani and J. Mat Jizat, Review of Cyber Security on the Oil and Gas Industry in the United Arab Emirates: Analysis on the Effectiveness of the National Institute of Standards and Technology (NIST) Cybersecurity Framework, 12(11)) (2021) 714-720. Available: https://turcomat.org/index.php/turkbilmat/article/view/5954/4954
 K. Stouffer, T. Zimmerman, C. Tang, J. Cichonski, M. Pease, N. Shah and W. Downard, Cybersecurity Framework Manufacturing Profile, 3 (2019).
 T. Zimmerman, Ensuring the Cybersecurity of Manufacturing Systems, NIST, (2017).
 R. Brooks, Top 20 Critical Security Controls for Effective Cyber Defense, Netwrix Corporation, (2018). [Online]. Available: https://blog.netwrix.com/2018/02/01/top-20-critical-security-controls-for-effective-cyber-defense/.
 J. Pescatore, Back to basics: Focus on the first six CIS critical security controls, SANS Analyst Program, (2018). [Online]. Available: https://wTurkish Journal of Computer and Mathematics Education,ww.dlt.com/sites/.
 M.E., Galligan, S. Herrygers and K. Rau, Managing cyber risk in a digital age, Committee of Sponsoring Organizations of the Treadway Commission. (2021). [Online]. Available: https://www.coso.org/Documents/COSO-Deloitte-Managing-Cyber-Risk-in-a-Digital-Age.pdf.
 S. Adler, Reducing threat impact with CIS Controls, An Arctic Wolf Session Cyber Security Digital Summit, (2020). [Online]. Available: https://www.cshub.com/security-strategy/articles/reducing-threat-impact-with-cis-controls.
 M. Nyhuis, CIS Security Benchmarks and Compliance: What is CIS Compliance? Diligent Insights, (2020). [Online]. Available: https://insights.diligent.com/compliance/what-is-cis-compliance/
 T. Limba, T., Pl?ta, K. Agafonov, and M. Damkus, Cyber security management model for critical infrastructure, Entrepreneurship and Sustainability, 4(4) (2017) 559-573.
 T. Gruenloh, How CIS Controls v8 impacts SMBs? Dark Reading: Connecting the Information Security Community, (2021). [Online]. Available:https://www.darkreading.com/attacks-breaches/how-cis-controls-v8-impacts-smbs
 S. Caimi, Why implementation groups are so important to CIS Controls v8?, Cybersecurity Resilience Sponsored News, (2021). [Online]. Available: https://www.govtech.com/cybersecurity
 K. S. Taber, K.S., The use of Cronbach’s Alpha when developing and reporting research instruments in science education. Research Science Education, 48 (2018) 273–1296.
 J. Scott, R. Dakin, K. Heller, and A. Eftimie, A survey and analysis of the gendered impacts of onshore oil and gas production in three developing countries, Extractive Industries for Development Series #28, (2013).
 R. Park, B. Metzger, and L. Foreman, Promoting gender diversity and inclusion in the oil, gas, and mining extractive industries, A Women’s Human Rights Report: The Advocates for Human Rights, (2019).
 D. Rock and H. Grant, Why Diverse teams are smarter, Harvard Business Review, (2016). [Online]. Available: https://hbr.org/2016/11/why-diverse-teams-are-smarter
 R. Bozick, G.C. Gonzalez, C. Ogletree, and D.G. Carew, Developing a Skilled Workforce for the Oil and Natural Gas Industry: An Analysis of Employers and Colleges in Ohio, Pennsylvania, and West Virginia, RAND Corporation, (2017).
 N. Camps, An Exploratory Study of Skills Shortages within the Oil and Gas Industry in Scotland, International Journal of Management and Applied Research, 2(3) (2015) 130-143.