{"id":"https://openalex.org/W4401878099","doi":"https://doi.org/10.1145/3643662.3643958","title":"Cyber-incident Response in Industrial Control Systems: Practices and Challenges in the Petroleum Industry","display_name":"Cyber-incident Response in Industrial Control Systems: Practices and Challenges in the Petroleum Industry","publication_year":2024,"publication_date":"2024-04-15","ids":{"openalex":"https://openalex.org/W4401878099","doi":"https://doi.org/10.1145/3643662.3643958"},"language":"en","primary_location":{"id":"doi:10.1145/3643662.3643958","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3643662.3643958","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2024 ACM/IEEE 4th International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS) and 2024 IEEE/ACM Second International Workshop on Software Vulnerability","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1145/3643662.3643958","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5092033670","display_name":"Vahiny Gnanasekaran","orcid":"https://orcid.org/0009-0003-2865-2115"},"institutions":[{"id":"https://openalex.org/I204778367","display_name":"Norwegian University of Science and Technology","ror":"https://ror.org/05xg72x27","country_code":"NO","type":"education","lineage":["https://openalex.org/I204778367"]}],"countries":["NO"],"is_corresponding":true,"raw_author_name":"Vahiny Gnanasekaran","raw_affiliation_strings":["Norwegian University of Science and Technology, Trondheim, Norway"],"affiliations":[{"raw_affiliation_string":"Norwegian University of Science and Technology, Trondheim, Norway","institution_ids":["https://openalex.org/I204778367"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5038392511","display_name":"Maria Bartnes","orcid":"https://orcid.org/0009-0006-5396-6492"},"institutions":[{"id":"https://openalex.org/I204778367","display_name":"Norwegian University of Science and Technology","ror":"https://ror.org/05xg72x27","country_code":"NO","type":"education","lineage":["https://openalex.org/I204778367"]}],"countries":["NO"],"is_corresponding":false,"raw_author_name":"Maria Bartnes","raw_affiliation_strings":["Norwegian University of Science and Technology, Trondheim, Norway"],"affiliations":[{"raw_affiliation_string":"Norwegian University of Science and Technology, Trondheim, Norway","institution_ids":["https://openalex.org/I204778367"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5076716152","display_name":"Tor Olav Gr\u00f8tan","orcid":"https://orcid.org/0000-0002-6863-7038"},"institutions":[{"id":"https://openalex.org/I173888879","display_name":"SINTEF","ror":"https://ror.org/01f677e56","country_code":"NO","type":"facility","lineage":["https://openalex.org/I173888879"]},{"id":"https://openalex.org/I4387930215","display_name":"SINTEF Digital","ror":"https://ror.org/028m52w57","country_code":null,"type":"facility","lineage":["https://openalex.org/I173888879","https://openalex.org/I4387930215"]}],"countries":["NO"],"is_corresponding":false,"raw_author_name":"Tor Olav Grotan","raw_affiliation_strings":["SINTEF Digital, Trondheim, Norway"],"affiliations":[{"raw_affiliation_string":"SINTEF Digital, Trondheim, Norway","institution_ids":["https://openalex.org/I173888879","https://openalex.org/I4387930215"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5032464896","display_name":"Poul E. Heegaard","orcid":"https://orcid.org/0000-0003-0083-5860"},"institutions":[{"id":"https://openalex.org/I204778367","display_name":"Norwegian University of Science and Technology","ror":"https://ror.org/05xg72x27","country_code":"NO","type":"education","lineage":["https://openalex.org/I204778367"]}],"countries":["NO"],"is_corresponding":false,"raw_author_name":"Poul Einar Heegaard","raw_affiliation_strings":["Norwegian University of Science and Technology, Trondheim, Norway"],"affiliations":[{"raw_affiliation_string":"Norwegian University of Science and Technology, Trondheim, Norway","institution_ids":["https://openalex.org/I204778367"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5092033670"],"corresponding_institution_ids":["https://openalex.org/I204778367"],"apc_list":null,"apc_paid":null,"fwci":1.3009,"has_fulltext":false,"cited_by_count":4,"citation_normalized_percentile":{"value":0.80347946,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":91,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"53","last_page":"60"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10917","display_name":"Smart Grid Security and Resilience","score":0.9965000152587891,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10917","display_name":"Smart Grid Security and Resilience","score":0.9965000152587891,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.994700014591217,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9922999739646912,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/industrial-control-system","display_name":"Industrial control system","score":0.7903069257736206},{"id":"https://openalex.org/keywords/incident-response","display_name":"Incident response","score":0.7409778237342834},{"id":"https://openalex.org/keywords/petroleum","display_name":"Petroleum","score":0.6034889817237854},{"id":"https://openalex.org/keywords/petroleum-industry","display_name":"Petroleum industry","score":0.5733613967895508},{"id":"https://openalex.org/keywords/control-system","display_name":"Control system","score":0.49445104598999023},{"id":"https://openalex.org/keywords/control","display_name":"Control (management)","score":0.46845102310180664},{"id":"https://openalex.org/keywords/defense-industry","display_name":"Defense industry","score":0.4511791467666626},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.4441162049770355},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3688380718231201},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.3283582329750061},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.32368671894073486},{"id":"https://openalex.org/keywords/manufacturing-engineering","display_name":"Manufacturing engineering","score":0.29456305503845215},{"id":"https://openalex.org/keywords/electrical-engineering","display_name":"Electrical engineering","score":0.13203105330467224},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.08753505349159241},{"id":"https://openalex.org/keywords/chemistry","display_name":"Chemistry","score":0.07666429877281189}],"concepts":[{"id":"https://openalex.org/C40071531","wikidata":"https://www.wikidata.org/wiki/Q2513962","display_name":"Industrial control system","level":3,"score":0.7903069257736206},{"id":"https://openalex.org/C2985105721","wikidata":"https://www.wikidata.org/wiki/Q13479512","display_name":"Incident response","level":2,"score":0.7409778237342834},{"id":"https://openalex.org/C548895740","wikidata":"https://www.wikidata.org/wiki/Q22656","display_name":"Petroleum","level":2,"score":0.6034889817237854},{"id":"https://openalex.org/C526740375","wikidata":"https://www.wikidata.org/wiki/Q862571","display_name":"Petroleum industry","level":2,"score":0.5733613967895508},{"id":"https://openalex.org/C17500928","wikidata":"https://www.wikidata.org/wiki/Q959968","display_name":"Control system","level":2,"score":0.49445104598999023},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.46845102310180664},{"id":"https://openalex.org/C2987301392","wikidata":"https://www.wikidata.org/wiki/Q392933","display_name":"Defense industry","level":2,"score":0.4511791467666626},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.4441162049770355},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3688380718231201},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.3283582329750061},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.32368671894073486},{"id":"https://openalex.org/C117671659","wikidata":"https://www.wikidata.org/wiki/Q11049265","display_name":"Manufacturing engineering","level":1,"score":0.29456305503845215},{"id":"https://openalex.org/C119599485","wikidata":"https://www.wikidata.org/wiki/Q43035","display_name":"Electrical engineering","level":1,"score":0.13203105330467224},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.08753505349159241},{"id":"https://openalex.org/C185592680","wikidata":"https://www.wikidata.org/wiki/Q2329","display_name":"Chemistry","level":0,"score":0.07666429877281189},{"id":"https://openalex.org/C87717796","wikidata":"https://www.wikidata.org/wiki/Q146326","display_name":"Environmental engineering","level":1,"score":0.0},{"id":"https://openalex.org/C178790620","wikidata":"https://www.wikidata.org/wiki/Q11351","display_name":"Organic chemistry","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3643662.3643958","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3643662.3643958","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2024 ACM/IEEE 4th International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS) and 2024 IEEE/ACM Second International Workshop on Software Vulnerability","raw_type":"proceedings-article"},{"id":"pmh:oai:ntnuopen.ntnu.no:11250/3163255","is_oa":true,"landing_page_url":"https://hdl.handle.net/11250/3163255","pdf_url":null,"source":{"id":"https://openalex.org/S4306401716","display_name":"Duo Research Archive (University of Oslo)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I184942183","host_organization_name":"University of Oslo","host_organization_lineage":["https://openalex.org/I184942183"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"info:eu-repo/semantics/bookPart"}],"best_oa_location":{"id":"doi:10.1145/3643662.3643958","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3643662.3643958","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2024 ACM/IEEE 4th International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS) and 2024 IEEE/ACM Second International Workshop on Software Vulnerability","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G8179350644","display_name":null,"funder_award_id":"326717","funder_id":"https://openalex.org/F4320323299","funder_display_name":"Norges Forskningsr\u00e5d"}],"funders":[{"id":"https://openalex.org/F4320323299","display_name":"Norges Forskningsr\u00e5d","ror":"https://ror.org/00epmv149"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":12,"referenced_works":["https://openalex.org/W2031911638","https://openalex.org/W2767171997","https://openalex.org/W2890471059","https://openalex.org/W2906151105","https://openalex.org/W2985250423","https://openalex.org/W3040915855","https://openalex.org/W3101345798","https://openalex.org/W3111749540","https://openalex.org/W4205700270","https://openalex.org/W4285024120","https://openalex.org/W4285259005","https://openalex.org/W4297792532"],"related_works":["https://openalex.org/W2296721859","https://openalex.org/W2379993415","https://openalex.org/W4243621685","https://openalex.org/W4385440266","https://openalex.org/W1569978046","https://openalex.org/W3047086230","https://openalex.org/W2058626071","https://openalex.org/W2025663274","https://openalex.org/W2841928204","https://openalex.org/W2380601683"],"abstract_inverted_index":{"The":[0,57,128],"number":[1],"of":[2,78,117,141],"significant":[3],"cyberattacks":[4],"targeted":[5],"by":[6,25],"national":[7],"state":[8],"actors":[9],"is":[10],"growing":[11],"in":[12,53,81],"critical":[13],"infrastructure.":[14],"Companies":[15],"rely":[16],"on":[17],"detecting":[18],"and":[19,27,48,88,104,120,138,155,159],"responding":[20],"appropriately":[21],"to":[22,43],"such":[23,91],"attacks":[24],"practicing":[26],"developing":[28],"procedures":[29],"for":[30,113,124],"the":[31,37,54,75,132,146,153],"cyber-incident":[32,51,79],"response.":[33],"This":[34],"paper":[35],"presents":[36],"findings":[38],"from":[39,145],"seven":[40],"semi-structured":[41],"interviews":[42],"identify":[44],"distinct":[45],"practices,":[46],"challenges,":[47],"roles":[49,137],"regarding":[50],"response":[52,80,102,136],"petroleum":[55],"industry.":[56],"literature":[58],"has":[59,72],"previously":[60],"addressed":[61],"specific":[62],"IT,":[63],"security,":[64],"or":[65],"Operational":[66],"Technology":[67],"(OT)":[68],"teams":[69],"only,":[70],"but":[71],"not":[73],"considered":[74],"holistic":[76],"view":[77],"industrial":[82],"control":[83],"systems":[84],"between":[85],"internal":[86],"roles,":[87],"external":[89],"actors,":[90],"as":[92,122],"Security":[93,97],"Operations":[94],"Centers,":[95],"Computer":[96],"Incident":[98],"Response":[99],"Teams,":[100],"emergency":[101],"teams,":[103],"on-site":[105],"personnel.":[106],"To":[107],"address":[108],"this,":[109],"a":[110,139],"novel":[111],"framework":[112],"empirical":[114],"inquiry":[115],"consisting":[116],"document":[118],"analysis,":[119],"workshops":[121],"preparation":[123],"interviews,":[125],"were":[126],"conducted.":[127],"stakeholder":[129],"diagram":[130],"displays":[131],"most":[133],"relevant":[134],"incident":[135],"list":[140],"current":[142],"challenges":[143],"extracted":[144],"interviews.":[147],"Future":[148],"research":[149],"should":[150],"consider":[151],"extending":[152],"sample,":[154],"include":[156],"other,":[157],"organizational":[158],"procedural":[160],"factors.":[161]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":3}],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2025-10-10T00:00:00"}