Date of Conferral

2022

Degree

Ph.D.

School

Management

Advisor

Danielle Wright-Babb

Abstract

The Fourth Industrial Revolution, which utilizes modern communication-dependent technologies, including cyber-physical systems (CPS), has made exploration and production operations more efficient in the oil and gas industry. CPS in this industry should be secured against operational threats to prevent interruption of critical oil and gas supplies and services. However, these systems are vulnerable to cyberattacks, and many oil and gas companies have not incorporated effective cybersecurity measures into their corporate management strategies. This qualitative, multiple-case study, which was guided by the routine activity theory, explored how cybersecurity governance was applied to develop controls that stopped or mitigated the consequences of cyberattacks against the CPS. Interview-based data were obtained through Zoom meetings with 20 global cybersecurity experts selected from cybersecurity-specialized groups on LinkedIn. These data were then triangulated with global CPS cybersecurity governance standards and methods. The data analysis resulted in nine themes, including CPS vulnerabilities and failure consequences, predominant cybersecurity governance, the efficiency of cybersecurity governance, governance challenges, offenders and motives, cybersecurity enhancement, CPS governance endorsement, cybersecurity performance assessment, and governance mandate. This study’s implications for positive social change include recommendations for applying cybersecurity governance strategies that reduce health and environmental incidents and prevent interruption of critical oil and gas deliveries due to cyberattacks. These results may also help improve the living conditions of the communities surrounding oil and gas fields and similar CPS-based industries worldwide.

Share

 
COinS