Utilizing Blockchain Technology for Oil and Gas Industry

During the last two decades, all fields, including the oil sector, depended mainly on technological progress to keep pace with the developments in this field. This technological progress was accompanied by an increase in hacking attempts. Cyber-attacks are defined as the hacking of a computer by a person or group of people over the Internet, causing a lot of damage, especially to devices and equipment that depend on the Internet; This leads to substantial financial losses. Therefore, it is very important to understand these attacks and try to overcome them. In the oil sector, cyber-attacks can be scanned in three areas (upstream, midstream, and downstream). This paper discusses how to secure cyber security for the oil sector by making plans for Internal and external cybersecurity by creating and securing separate loops by using blockchain technology and creating a smart contract for each loop to protect it information. As well as using the simulation and control system to increase the effectiveness of cyber security, and after this survey process. This paper aims to classify the cyber-attacks that affect the oil and gas sectors. Create a strong system against any type of cyber-attack, and thus provide higher protection for oil and gas companies and equipment through the work of special programs to protect systems and equipment from hacking.


Introduction:
Due to increased automation based on modern technologies, companies are becoming increasingly vulnerable to cybersecurity dangers as computer networks become more connected, the use of Internet of Things devices grows, and the use of cloud computing services grows. Incident Command System (ICS) was operating in isolation, without infrastructure passing over it.
Engineers can manage Supervisory Control and remote Data Acquisition (SCADA) systems and monitor operations in real time thanks to the industry's capacity to integrate a wide range of industrial technologies into information and communication technology (ICT) [1]. Noting these risks and the damage they cause. Oil and Gas companies need to be more aware of current cyber threats. Planning to establish comprehensive security systems to protect its assets on all fronts and enable it to defend itself against these threats [2].
The oil sector can divide into three stages [3]:

Upstream.
These operations include the production of oil and gas and their facilities, as well as exploration work for potential fields of oil and gas, whether underground or underwater, drilling experimental wells and then operating those wells and extracting crude oil and pumping it to the surface. The success rates of oil and gas exploration and allied businesses are partly due to technological advancements, particularly in the imaging of oil and gas reservoirs.

midstream
It is one of the major stages of the oil industry, Transportation, storage, and marketing of petroleum products and natural gas liquids are all included. Transportation is carried to the final stage of the oil industry(downstream) through a network of pipelines for petroleum products.

downstream
Typically, the term "downstream" refers to the refining of crude oil and natural gas, as well as the marketing and distribution of the finished goods created from these raw materials. In the downstream sector, Petrochemicals and petroleum products such as gasoline and kerosene, as well as jet fuel, diesel oil, heating oil, fuel oils, lubricating waxes, asphalt, natural gas, and LPG, all have a direct impact on customers. 102 These are the stages that must be secured against electronic piracy operations. This insurance is called cyber security, which can be defined as the process of protecting the system from electronic piracy operations that cause heavy losses. For companies and systems, it can also be defined as, Cyber security refers to the process of protecting an organization's information systems from unlawful or unauthorized use of electronic data, as well as the steps used to attain this level of protection, cyber security is a subdivision of information security that focuses on defending organizations computer systems, cyber security aims to protect the companies and systems [4]. Previously, operational technology networks within the oil industry were confined off the internet as opposed to today's desire for efficiency and real-time decision making which remove that freedom, A cyber-attack on an operational technology environment can result in serious consequences, such as protracted service disruptions caused by a Denial-of-Service (DoS) attack, damages to the hole system, cyber-attack can be either be active attacks or passive attacks based on the intentions and motive of the attackers. cyber threats aimed at compromising the cyber security that a company has put in place to against launch a cyber-attack [5], shows in Figure (1).

Fig. (1): Upstream, Midstream, Downstream Stages[6].
Blockchain technology is the most important technology used at present to provide a high level of protection and security for various types of digital data. The decentralized environment provided by Blockchain technology can also be integrated to manage data for applications outside of financial systems. Therefore, most of the global programming companies such as Microsoft, IBM, Accenture, and others have moved to establish organizations whose mission is to develop Blockchain-based technologies that can be adopted by their industrial partners [7]. The Blockchain enables authentication, confidentiality, accountability, and data sharing while handing out privacy-related information, providing energy resources and facilities to customers, and making it a smart [8].

Literature Review
In the beginning, must know who the cyber attacker is and where these attacks come from? and the most famous types of attacks, and then define the necessary defensive plans to protect from these attacks, apply cyber security, and answer all these questions through the attack maps provided by Internet service providers, and perhaps the most famous of these maps it [5] [10]: 1-Kaspersky cyber-attack map. This is the first tool that must be obtained to start understanding the problem, and then start defining defensive plans against any attack. The second tool that must be obtained is the processing maps against any attack, the third tool is to identify the gaps in the system (the oil sector), which previously Divide it into three stages, and trying to link these gaps with the electronic attack maps as well as the processing maps. Figure (3) shows Examples for cyber-attack maps.

Classification of cyber-attack:
The first stage includes exploration and drilling operations, while the second stage includes transportation and storage operations, and the third stage includes refining and distribution operations. each one of these stages is vulnerable to threats of cyberattacks. The Figure

Cyber Security:
Cyber security refers to methods for protecting a user's or organization's cyber environment that are frequently recorded in published materials [12]. It oversees the tactics used to prevent unauthorized access to networks, applications, and data.
The problems posed by the integration of information technology and operations technology for any organization in the oil and gas industry are exacerbated by two fundamental issues. First, compared to many other industries, there is more dependency among the stages of the industry chain. The oil industry is a complex ecosystem with upstream, midstream, and downstream enterprises and organizations, as well as organizations involved in various parts of business, complicating the security situation. Private oil corporations, state-owned oil companies, small businesses that specialize in a single commodity, and a variety of service providers and other parties all contribute to this environment. This integration creates a stable environment for many Officer (CIO) and the Chief Information Security Officer (CISO) are responsible for ensuring enterprise security. Digital oilfields linked to cloud platforms for big data analytics, the use of drones to extract oil and gas for surveys or environmental monitoring, and third-party companies that host 3D modeling for quality and field planning are just a few of the new technologies entering the industry that could create additional flaws [13]. Recently, the most common technology used to give a high level of cyber security is blockchain technology which discusses in the next section, and how to use it in the oil industry.

Blockchain Technology:
A Blockchain is a decentralized distributed technology for the ledgers or the records that include all transactions or events that are verified by special algorithms (Proof of Work, Proof of Stake, and Proof of Authority) [14]. Once a transaction has been validated, it cannot be altered or even erased. Digital cryptocurrencies such as Bitcoin, Ethereum are the common application of Blockchain technology, but this technology can be used in other areas such as healthcare and IoT.

Layers of Blockchain Technology
Data Layer: This layer specifies the essential structure of data including digital activities, blocks, and cryptographic keys, arranges them into blockchains, transaction pools, and wallets, and manages a wide range of data functions (read/write/cache/encrypt/decrypt) [15].  [16].

Smart Contract Layer:
The contract layer encompasses a variety of script codes, algorithmic processes, and smart contracts that create regulated and auditable contract specifications [16].
Smart contract flaws include a disordered exception, reentrancy, dependency on timestamps, reliance on block numbers, appeal for a damaging delegate, and freezing, to name a few. Hackers Application layer: The application layer, as the uppermost layer, provides clients, SPs, and developers with trusted application programming interfaces (API), as well as supporting a variety of DApps such as ubiquitous access, edge services, and trusted intelligence [15].

Blockchain Classification
There are several types of Blockchain technology, the most important of which are [18]:

Blockchain Algorithms
In this section, a brief explanation of the most prominent blockchain algorithms is provided. prove that a block is valid and that work has been done, network nodes (known as miners) use their computational power to validate transactions (ensure that a sender has sufficient funds and is not engaging in double-spending) and, more significantly, compete in a race to solve the protocol's cryptographic challenges. The term for this procedure is mining [19].  [20]. To accomplish the leader's election and maintain network consensus, PoS makes use of virtual resources such as a node's stake. Because the mining resources are virtual, the PoS-based consensus process is instantaneous and has no costs [21].

Proof of Authority (PoA):
It is a permissioned blockchain consensus algorithm family that has grown in popularity due to improved efficiency over traditional Byzantine Fault Tolerant (BFT) algorithms due to lighter message exchanges. PoA was first proposed as part of the Ethereum ecosystem for private networks [22]. Because it permits different blocks to be appended to the same index of the chain, the standard Ethereum protocol based on PoW can fork. If not identified early enough, this forking condition can lead to security issues such as double spending.
Alternative protocols aimed at avoiding forks, known as PoA protocols, have recently been implemented into the most extensively deployed versions of Ethereum, parity, and Geth, and are now utilized worldwide. PoA has grown in popularity, and it is currently available from major SaaS providers and used on several blockchain networks [23].

Ethereum
Ethereum is an open-source computer platform based on Blockchain technology. The key feature of Ethereum is that it allows programmers to create Decentralized Applications (Dapps) that operate on the Ethereum Blockchain [24]. Ethereum's core innovation is Ethereum Virtual Machine (EVM), which is a Turing-complete software that allows anyone to create and run their

Smart Contract
Smart Contract (SC) is a piece of computer code that may run autonomously and perform specific functions when certain conditions are met. A distributed ledger can be used to store and process the code, and any modifications will be written to the ledger [26]. SC's main purpose is to give better protection than traditional contract law while also cutting transaction costs. SC has the following features:  Solely electronic nature.
 Software implementation.
 Conditional nature.
 Self-sufficiency. In Ethereum, a special development transaction is used to deploy an SC. This is the first time a contract has been added to the Blockchain. The contract is given a unique address and its code is uploaded to the Blockchain during this process. It is defined by a contract address once it has been successfully established. Any person involved in the transaction is given an Ethereum address. Each contract is associated with a predefined executable code and contains a certain amount of virtual coins. Since cryptography is used for compliance, it plays a critical role in this. A transaction's initiator pays a charge (gas) for its execution, which is also measured in units of gas.
SC automatically carries out the contract terms based on the information they collect. The parties come to an understanding of the contract's contents, and the contracts are carried out according to the actions written in the computer algorithms. SC is self-executing and self-verifying agents that cannot be modified after they have been deployed on the Blockchain. The SC checks to see if the parties in a transaction follow the SC's rules. The transaction is validated if they do; otherwise, it is denied. SC's may be used to move large amounts of money. As a result, they must be implemented in a secure and bug-free manner [28].

Tools & Devices for cyber-attack treatment:
In this section, reference is made to the most prominent hardware and software that can be used to address cyber-attacks to gain access to a system that is protected from these attacks.

The security tools for a cyberattack:
These tools are software or programs, the goal of which is to protect against any cyberattack, and these tools may differ in strength and function, but their purpose, is protection from electronic piracy,

Cyberattack devises treatment:
Also, the devices used are intended to protect against electronic piracy and achieve cyber security, and each of these devices has an active role in the protection process, but it should be noted that the skill in using and employing these devices is much more important than the number of devices.
Below are the devices used, which represent a system to protect against cyber-attacks:

Discussion and Implementation:
As mentioned above, the oil sector can be divided into three phases: 1-The stage of drilling and production.
2-The stage of refining and storage.

3-The stage of transportation and distribution.
And between these three stages is the stage of transferring between the three stages. After knowing the stages (loops) that can be made making internal security for them, and using the simulation system, it is possible to achieve a higher performance of cyber protection.

Fig. (7): Shown control circle and devises
The idea is to make an internal cyber protection for each stage separately, considering that each stage can be divided into smaller stage (loop) and securing all these stages internally using blockchain technology that includes creating a smart contract for each stage (loop). These smart contracts (SC) are linked to an application for the oil sector, which receives the data, processes it, and then sends the data to the smart contract(SC) for each stage (loop), and the rest of the contracts are notified of the status that took place in this stage. After that, the data is stored in the blockchain network (Ethereum, for example) for the purpose of protecting it. The third contract is for the last stage, which is the downstream stage. As is the case in the previous two contracts, the contract for this stage receives its data from the oil sector application by filling in its fields in the application. After processing the data, it is sent to the smart contract for the downstream stage. Data for the previous two contracts (upstream, midstream) is also received and saved in this contract after verifying the addresses of the previous two contracts are correct. The exchange of data between the smart contracts of the three stages is very important. As based on blockchain technology that does not allow changing or manipulating the data through the immutability feature provided by this technology. The movements between these three stages will be safe and protected and cannot be hacked or tampered.

Economic and technical feasibility (Aims):
The feasibility of cybersecurity from a technical and economic point of view cannot be ignored at all, because it causes severe damage to all sectors, including the petroleum sector, and economic feasibility, of course, means saving a lot of money, as piracy operations have caused losses the trillions, especially in the recent period. Equipment, assets, engineering, and administrative operating systems, which in turn lead to substantial material losses. It is therefore important that the mandatory disclosure of control system incidents and intrusions, the compilation of electronic espionage reports, and their submission to the WTO.
This paper presented a classification of the most prominent cyber-attacks targeting various fields of the oil industry, whether they were websites of companies or oil equipment. And then designing a protection system for companies and equipment that prevents these attacks depends mainly on the principle of the loops and each loop is linked with a separate smart contract that represents a blockchain technology used in the oil industry.

Conclusion:
Protecting oil sector data, especially for oil-producing and exporting countries, is extremely important because of its direct impact on the economy of countries. This paper presented a study of the most prominent electronic attacks on the oil sector and their impact on the three stages of oil production and export (upstream, midstream, and downstream). After that, the paper presented a model for protecting the data of these stages on the use of blockchain technology by creating a smart contract for each stage. Data is exchanged between these contracts to ensure that they are not tampered with by taking advantage of the immutability feature provided by blockchain technology. Communication between these contracts takes place through an application created for the oil sector that represents the data of the three phases. This application represents an ideal model for protecting the data of the oil sector, thanks to the use of the best data protection technology at the present time, which is blockchain technology.