IDEAS home Printed from https://ideas.repec.org/a/eee/reensy/v260y2025ics0951832025002121.html
   My bibliography  Save this article

Are the processing facilities safe and secured against cyber threats?

Author

Listed:
  • Arunthavanathan, Rajeevan
  • Khan, Faisal
  • Sajid, Zaman
  • Amin, Md. Tanjin
  • Kota, Kalyan Raj
  • Kumar, Shreyas

Abstract

Most processing facilities, including those in the chemical, petrochemical, and mineral industries, aim to operate as cyber-physical systems to achieve higher plant efficiency, productivity, and, in some cases, safety. However, this digital transformation increases the vulnerability of process control systems to cyber-attacks, which can disrupt operations and lead to catastrophic consequences. Traditional approaches often consider cybersecurity solely as an Information Technology (IT) issue, overlooking the critical role of Operational Technology (OT) in managing cyber threats and ensuring plant resilience. This article reviews OT cybersecurity challenges and solutions, culminating in developing a robust OT-specific cybersecurity framework. The proposed framework integrates threat modeling, real-time attack detection, and real-time mitigation to protect physical plant operations while ensuring operational continuity. Unlike existing models, the proposed framework bridges the safety-security gap by combining IT-driven cybersecurity strategies with OT-specific risk management and defense mechanisms. Key features of the framework include layered defense mechanisms, adaptive response strategies, and risk-based prioritization, all of which collectively strengthen resilience against advanced cyber threats. By systematically reviewing current cybersecurity practices and proposing a comprehensive framework, this study further recommends approaches to enhance scalability and practical applicability for advancing cybersecurity in process plant operations. The findings underscore the necessity of integrating IT and OT cybersecurity strategies to ensure industrial safety, security, and uninterrupted operations.

Suggested Citation

  • Arunthavanathan, Rajeevan & Khan, Faisal & Sajid, Zaman & Amin, Md. Tanjin & Kota, Kalyan Raj & Kumar, Shreyas, 2025. "Are the processing facilities safe and secured against cyber threats?," Reliability Engineering and System Safety, Elsevier, vol. 260(C).
    • Handle: RePEc:eee:reensy:v:260:y:2025:i:c:s0951832025002121
    DOI: 10.1016/j.ress.2025.111011
    as

    Download full text from publisher

    File URL: http://www.sciencedirect.com/science/article/pii/S0951832025002121
    Download Restriction: Full text for ScienceDirect subscribers only
    File URL: https://libkey.io/10.1016/j.ress.2025.111011?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to

    for a different version of it.

    References listed on IDEAS

    as
    1. Wang, Huaizhi & Meng, Anjian & Liu, Yitao & Fu, Xueqian & Cao, Guangzhong, 2019. "Unscented Kalman Filter based interval state estimation of cyber physical energy system for detection of dynamic attack," Energy, Elsevier, vol. 188(C).
    2. Iaiani, Matteo & Fazari, Giuseppe & Tugnoli, Alessandro & Cozzani, Valerio, 2025. "Identification of reference security scenarios from past event datasets by Bayesian Network analysis," Reliability Engineering and System Safety, Elsevier, vol. 254(PB).
    3. IAIANI, Matteo & TUGNOLI, Alessandro & BONVICINI, Sarah & COZZANI, Valerio, 2021. "Analysis of Cybersecurity-related Incidents in the Process Industry," Reliability Engineering and System Safety, Elsevier, vol. 209(C).
    4. Robert Grubbs & Jeremiah Stoddard & Sarah Freeman & Ron Fisher, 2021. "Evolution and Trends of Industrial Control System Cyber Incidents since 2017," Journal of Critical Infrastructure Policy, John Wiley & Sons, vol. 2(2), pages 45-79, September.
    5. Iaiani, Matteo & Tugnoli, Alessandro & Macini, Paolo & Cozzani, Valerio, 2021. "Outage and asset damage triggered by malicious manipulation of the control system in process plants," Reliability Engineering and System Safety, Elsevier, vol. 213(C).
    6. Knowles, William & Prince, Daniel & Hutchison, David & Disso, Jules Ferdinand Pagna & Jones, Kevin, 2015. "A survey of cyber security management in industrial control systems," International Journal of Critical Infrastructure Protection, Elsevier, vol. 9(C), pages 52-80.
    7. Bolton, Matthew L. & Molinaro, Kylie A. & Houser, Adam M., 2019. "A formal method for assessing the impact of task-based erroneous human behavior on system safety," Reliability Engineering and System Safety, Elsevier, vol. 188(C), pages 168-180.
    8. Zhenze Liu & Chunyang Wang & Weiping Wang & Yang Li, 2022. "Online Cyber-Attack Detection in the Industrial Control System: A Deep Reinforcement Learning Approach," Mathematical Problems in Engineering, Hindawi, vol. 2022, pages 1-9, July.
    9. Irina Brass & Jesse H. Sowell, 2021. "Adaptive governance for the Internet of Things: Coping with emerging security risks," Regulation & Governance, John Wiley & Sons, vol. 15(4), pages 1092-1110, October.
    10. Zhao, Tianxiang & Tu, Haicheng & Jin, Rui & Xia, Yongxiang & Wang, Fangfang, 2024. "Improving resilience of cyber–physical power systems against cyber attacks through strategic energy storage deployment," Reliability Engineering and System Safety, Elsevier, vol. 252(C).
    11. Berghout, Tarek & Benbouzid, Mohamed, 2022. "EL-NAHL: Exploring labels autoencoding in augmented hidden layers of feedforward neural networks for cybersecurity in smart grids," Reliability Engineering and System Safety, Elsevier, vol. 226(C).
    12. Barry Sheehan & Finbarr Murphy & Arash N. Kia & Ronan Kiely, 2021. "A quantitative bow-tie cyber risk classification and assessment framework," Journal of Risk Research, Taylor & Francis Journals, vol. 24(12), pages 1619-1638, December.
    13. Martin, H. & Ma, Z. & Schmittner, Ch. & Winkler, B. & Krammer, M. & Schneider, D. & Amorim, T. & Macher, G. & Kreiner, Ch., 2020. "Combined automotive safety and security pattern engineering approach," Reliability Engineering and System Safety, Elsevier, vol. 198(C).
    14. Hu, Xiaoxiao & Xu, Maochao & Xu, Shouhuai & Zhao, Peng, 2017. "Multiple cyber attacks against a target with observation errors and dependent outcomes: Characterization and optimization," Reliability Engineering and System Safety, Elsevier, vol. 159(C), pages 119-133.
    15. Wang, Wei & Cova, Gregorio & Zio, Enrico, 2022. "A clustering-based framework for searching vulnerabilities in the operation dynamics of Cyber-Physical Energy Systems," Reliability Engineering and System Safety, Elsevier, vol. 222(C).
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Tang, Daogui & Fang, Yi-Ping & Zio, Enrico, 2023. "Vulnerability analysis of demand-response with renewable energy integration in smart grids to cyber attacks and online detection methods," Reliability Engineering and System Safety, Elsevier, vol. 235(C).
    2. Berghout, Tarek & Benbouzid, Mohamed, 2022. "EL-NAHL: Exploring labels autoencoding in augmented hidden layers of feedforward neural networks for cybersecurity in smart grids," Reliability Engineering and System Safety, Elsevier, vol. 226(C).
    3. Liu, Qi & Sun, Ke & Liu, Wenqi & Li, Yufeng & Zheng, Xiangyu & Cao, Chenhong & Li, Jiangtao & Qin, Wutao, 2025. "Quantitative risk assessment for connected automated Vehicles: Integrating improved STPA-SafeSec and Bayesian network," Reliability Engineering and System Safety, Elsevier, vol. 253(C).
    4. Chen, Chao & Yang, Ming & Reniers, Genserik, 2021. "A dynamic stochastic methodology for quantifying HAZMAT storage resilience," Reliability Engineering and System Safety, Elsevier, vol. 215(C).
    5. Zhang, Chenwei & Wang, Ying & Zheng, Tao & Zhang, Kaifeng, 2024. "Complex network theory-based optimization for enhancing resilience of large-scale multi-energy System11The short version of the paper was presented at CUE2023. This paper is a substantial extension of," Applied Energy, Elsevier, vol. 370(C).
    6. Rodofile, Nicholas R. & Radke, Kenneth & Foo, Ernest, 2019. "Extending the cyber-attack landscape for SCADA-based critical infrastructure," International Journal of Critical Infrastructure Protection, Elsevier, vol. 25(C), pages 14-35.
    7. Diao, Xiaoxu & Zhao, Yunfei & Smidts, Carol & Vaddi, Pavan Kumar & Li, Ruixuan & Lei, Hangtian & Chakhchoukh, Yacine & Johnson, Brian & Blanc, Katya Le, 2024. "Dynamic probabilistic risk assessment for electric grid cybersecurity," Reliability Engineering and System Safety, Elsevier, vol. 241(C).
    8. Kim, Hee Eun & Son, Han Seong & Kim, Jonghyun & Kang, Hyun Gook, 2017. "Systematic development of scenarios caused by cyber-attack-induced human errors in nuclear power plants," Reliability Engineering and System Safety, Elsevier, vol. 167(C), pages 290-301.
    9. Zio, E., 2018. "The future of risk assessment," Reliability Engineering and System Safety, Elsevier, vol. 177(C), pages 176-190.
    10. Jia, Chun-Xiao & Liu, Run-Ran, 2025. "Cascading dynamics in double-layer hypergraphs with higher-order inter-layer interdependencies," Reliability Engineering and System Safety, Elsevier, vol. 257(PA).
    11. Mohammed Alghassab, 2021. "Analyzing the Impact of Cybersecurity on Monitoring and Control Systems in the Energy Sector," Energies, MDPI, vol. 15(1), pages 1-21, December.
    12. Iaiani, Matteo & Tugnoli, Alessandro & Macini, Paolo & Cozzani, Valerio, 2021. "Outage and asset damage triggered by malicious manipulation of the control system in process plants," Reliability Engineering and System Safety, Elsevier, vol. 213(C).
    13. Chelouati, Mohammed & Boussif, Abderraouf & Beugin, Julie & El Koursi, El-Miloudi, 2023. "Graphical safety assurance case using Goal Structuring Notation (GSN) — challenges, opportunities and a framework for autonomous trains," Reliability Engineering and System Safety, Elsevier, vol. 230(C).
    14. Krishna Kalyanam & David Casbeer & Meir Pachter, 2020. "A sequential partial information bomber‐defender shooting problem," Naval Research Logistics (NRL), John Wiley & Sons, vol. 67(3), pages 223-235, April.
    15. Wu, Di & Xiao, Hui & Peng, Rui, 2018. "Object defense with preventive strike and false targets," Reliability Engineering and System Safety, Elsevier, vol. 169(C), pages 76-80.
    16. Du, Dajun & Zhu, Minggao & Wu, Dakui & Li, Xue & Fei, Minrui & Hu, Yukun & Li, Kang, 2024. "Distributed security state estimation-based carbon emissions and economic cost analysis for cyber–physical power systems under hybrid attacks," Applied Energy, Elsevier, vol. 353(PA).
    17. Xie, Haipeng & Tang, Lingfeng & Zhu, Hao & Cheng, Xiaofeng & Bie, Zhaohong, 2023. "Robustness assessment and enhancement of deep reinforcement learning-enabled load restoration for distribution systems," Reliability Engineering and System Safety, Elsevier, vol. 237(C).
    18. Lilli, Giordano & Sanavia, Matteo & Oboe, Roberto & Vianello, Chiara & Manzolaro, Mattia & De Ruvo, Pasquale Luca & Andrighetto, Alberto, 2024. "A semi-quantitative risk assessment of remote handling operations on the SPES Front-End based on HAZOP-LOPA," Reliability Engineering and System Safety, Elsevier, vol. 241(C).
    19. Eric DuBois & Ashley Peper & Laura A. Albert, 2023. "Interdicting Attack Plans with Boundedly Rational Players and Multiple Attackers: An Adversarial Risk Analysis Approach," Decision Analysis, INFORMS, vol. 20(3), pages 202-219, September.
    20. Rui Fang & Xiaohu Li, 2020. "A stochastic model of cyber attacks with imperfect detection," Communications in Statistics - Theory and Methods, Taylor & Francis Journals, vol. 49(9), pages 2158-2175, May.

    More about this item

    Keywords

    ;
    ;
    ;
    ;
    ;

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:reensy:v:260:y:2025:i:c:s0951832025002121. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Catherine Liu (email available below). General contact details of provider: https://www.journals.elsevier.com/reliability-engineering-and-system-safety .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.