Skip to main navigation menu Skip to main content Skip to site footer

Vol. 12 No. 07 (2025)
International Multidisciplinary Journal for Research & Development

Articles

INTEGRATING ZERO‑TRUST ARCHITECTURE INTO INDUSTRIAL CONTROL SYSTEMS FOR RESILIENCE AGAINST RANSOMWARE AND INSIDER THREATS IN OFFSHORE OIL & GAS CRITICAL INFRASTRUCTURE

Published 2025-07-31

  • Dr. Ananya Rajiv

Dr. Ananya Rajiv
Department of Cybersecurity Studies, Global Institute of Technology and Security, Worldwide University, India

Abstract

Critical infrastructure — especially industrial control systems (ICS) underpinning offshore oil and gas operations — faces growing cyber threats, ranging from ransomware to insider exploitation. Traditional perimeter‑based defenses have repeatedly proven insufficient: attackers increasingly exploit vulnerabilities both at the network edge and within trusted domains. This paper explores how a comprehensive adoption of zero‑trust architecture (ZTA) tailored for industrial control environments can meaningfully mitigate such risks. Through a systematic literature synthesis, threat‑to‑control mappings, and conceptual modeling, we analyze key vulnerabilities inherent in ICS and critical infrastructure, highlight how ransomware and insider attacks manifest in these contexts, and identify how zero‑trust strategies — including identity-centric authentication, micro‑segmentation, continuous verification, and contextual access control — can address these gaps. Particular attention is paid to the unique constraints and demands of offshore oil and gas ICS: real-time operations, legacy hardware, and physical process dependencies. Our analysis reveals both substantial potential for risk reduction and non-trivial challenges including latency, interoperability, and organizational readiness. We conclude with recommendations for research and phased deployment approaches that balance secure access with operational continuity.

Keywords

Zero‑Trust Architecture, Industrial Control Systems, Ransomware

PDF

References

  1. Makrakis, G. M., Kolias, C., Kambourakis, G., Rieger, C., & Benjamin, J. (2021). Vulnerabilities and attacks against industrial control systems and critical infrastructures. arXiv. doi: 10.48550/arxiv.2109.03945
  2. Kara, I., & Aydos, M. (2021). The rise of ransomware: Forensic analysis for Windows-based ransomware attacks. Expert Systems With Applications, 190, 116198. doi: 10.1016/j.eswa.2021.116198
  3. Mohammed, A. S., Reinecke, P., Burnap, P., Rana, O., & Anthi, E. (2022). Cybersecurity challenges in the offshore oil and gas industry: An Industrial Cyber-Physical Systems (ICPS) perspective. ACM Transactions on Cyber-Physical Systems, 6(3), 1–27. doi: 10.1145/3548691
  4. Romsom, E. (2022). Global oil theft: impact and policy responses. Working Paper Series. doi: 10.35188/unu-wider/2022/147-1
  5. Bobbert, Y. (2020). Zero trust validation: From practical approaches to theory. Scientific Journal of Research & Reviews, 2(5). doi: 10.33552/sjrr.2020.02.000546
  6. Pookandy, J. (2021). Multi-factor authentication and identity management in cloud CRM with best practices for strengthening access controls. International Journal of Information Technology and Management Information Systems (IJITMIS), 12(1), 85-96.
  7. Emmanni, P. S. (2024). Implementing a zero-trust architecture in hybrid cloud environments. International Journal of Computer Trends and Technology, 72(5), 33–39. doi: 10.14445/22312803/ijctt-v72i5p104
  8. Chen, Z., Yan, L., Lü, Z., Zhang, Y., Guo, Y., Liu, W., & Xuan, J. (2021). Research on Zero-trust Security Protection Technology of Power IoT based on blockchain. Journal of Physics Conference Series, 1769(1), 012039. doi: 10.1088/1742-6596/1769/1/012039
  9. Khan, M. J. (2023). Zero trust architecture: Redefining network security paradigms in the digital age. World Journal of Advanced Research and Reviews, 105-116.
  10. Tyler, D., & Viana, T. (2021). Trust no one? A framework for assisting healthcare organisations in transitioning to a zero-trust network architecture. Applied Sciences, 7499.
  11. Chen, B., Qiao, S., Zhao, J., Liu, D., Shi, X., Lyu, M., & Zhai, Y. (2020). A security awareness and protection system for 5G smart healthcare based on zero-trust architecture. IEEE Internet of Things Journal, 10248–10263.
  12. Mehraj, S., & Banday, M. T. (2020). Establishing a zero trust strategy in cloud computing environment. International Conference on Computer Communication and Informatics, 1–6.
  13. Alevizos, L., Ta, V. T., & Hashem Eiza, M. (2022). Augmenting zero trust architecture to endpoints using blockchain: A state‑of‑the‑art review. Security and Privacy, 191.
  14. Kim, A., Oh, J., Ryu, J., & Lee, K. (2020). A review of insider threat detection approaches with IoT perspective. IEEE Access, 78847–78867.
  15. Kesarpu, S. (2025). Zero‑Trust Architecture in Java Microservices. International Journal of Networks and Security, 5(01), 202–214.
  16. Yao, Q., Wang, Q., Zhang, X., & Fei, J. (2020). Dynamic access control and authorization system based on zero‑trust architecture. Proceedings of the 2020 1st International Conference on Control, Robotics and Intelligent System, 123–127.
  17. He, Y., Huang, D., Chen, L., Ni, Y., & Ma, X. (2022). A survey on zero trust architecture: Challenges and future trends. Wireless Communications and Mobile Computing.

Downloads

Download data is not yet available.