Bridging IT and OT: Cybersecurity Risks, Zero-Trust Solutions, and Industrial Resilience in Oil & Gas Downstream

Article Sidebar

PDF
Published: Apr 30, 2026
DOI: https://doi.org/10.55164/ajstr.v29i5.262008
Keywords:
IT-OT convergence cyber security zero trust industry 4.0

Main Article Content

Santanu Purohit
Bharat Petroleum Corporation Limited, Mumbai, Maharashtra, India

Abstract

Internet of Things platforms are rapidly transforming the downstream oil & gas sector, specifically City Gas Distribution networks, by enabling automation, real-time telemetry, and secure remote operations across geographically dispersed and safety-critical assets. These platforms integrate diverse field devices, such as city gate stations, compressed natural gas filling facilities, industrial meters, and sectionalizing valves, through edge gateways that normalise industrial protocols and connect to cloud services for storage, analytics, and visualisation. At the heart of the architecture is where IT and OT meet, thereby enabling a sociotechnical hybrid that unleashes operational efficiencies and data-driven decision-making while introducing never-before-seen cyber-physical attack surfaces. There are numerous examples of cyber intrusions that have led to cascading physical, economic, and societal damage. In response, state-of-the-art CGD platforms embrace cybersecurity by design and integrate Zero-Trust principles, least-privilege access, strong authentication, micro segmentation, and continuous verification, in line with formal standards for industrial automation. This paper presents an integrated, scholarly examination of IT/OT convergence for CGD and similar critical infrastructures. It synthesises foundational theory, surveys the literature on industrial cybersecurity and resilience, and proposes a methodological frame for evaluating technical solutions, data practices, and organisational controls. Through a structured analysis of telemetry, security telemetry, and operational metrics, the article maps how Zero-Trust-aligned architectures can reduce downtime, limit lateral movement, and strengthen resilience, while acknowledging persistent challenges in legacy integration, workforce capability, and compliance. The contribution is both conceptual and practical, grounded in a sector-based framework for designing, governing, and scaling secure, resilient, and data-intelligent CGD platforms.

Article Details

Issue
Vol. 29 No. 5 (2026): May
Section
Research Articles
Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

References

Schwab, K. The Fourth Industrial Revolution; Crown Business, 2017.

Boyes, H.; Hallaq, B.; Cunningham, J.; Watson, T. The Industrial Internet of Things (IIoT): An Analysis Framework. Comput. Ind. 2018, 101, 1–12. https://doi.org/10.1016/j.compind.2018.04.015

Harkat, H.; Camarinha-Matos, L. M.; Goes, J.; Ahmed, H. F. T. Cyber-Physical Systems Security: A Systematic Review. Comput. Ind. Eng. 2024, 188, 109891. https://doi.org/10.1016/j.cie.2024.109891

Li, X.; Liang, X.; Lu, R.; Shen, X.; Lin, X.; Zhu, H. Securing Smart Grid: Cyber Attacks, Countermeasures, and Challenges. IEEE Commun. Mag. 2012, 50, 38–45. https://doi.org/10.1109/MCOM.2012.6257525

Bellamkonda, S. Ransomware Attacks on Critical Infrastructure: A Study of the Colonial Pipeline Incident. Int. J. Res. Comput. Appl. Inf. Technol. 2024, 7, 1423–1433. https://doi.org/10.5281/zenodo.14191113

Kindervag, J. No More Chewy Centers: Introducing the Zero Trust Model of Information Security; Forrester Research, 2010.

National Institute of Standards and Technology. Zero Trust Architecture (SP 800-207); NIST: Gaithersburg, MD, 2020. https://doi.org/10.6028/NIST.SP.800-207

ISA/IEC 62443. Security for Industrial Automation and Control Systems; International Society of Automation/International Electrotechnical Commission, 2018.

European Union Agency for Cybersecurity (ENISA). NIS2 Directive: An Overview of Obligations and Measures; ENISA, 2022.

Ramachandran, K.; Pandi, M.; Pallakku, S. Towards a Zero Trust Cybersecurity Framework: Enhancing Data Protection in Multi-Cloud and Hybrid IT Infrastructures. 2025, 9, 1–13.

Hollnagel, E. Safety-I and Safety-II: The Past and Future of Safety Management; Ashgate, 2015.

Linkov, I.; Trump, B. D. The Science and Practice of Resilience; Springer, 2019. https://doi.org/10.1007/978-3-030-04565-4

Kumar, P. Zero Trust Architecture for SME Cybersecurity: Enhancing Resilience in the Digital Transformation Era. Int. J. Prog. Res. Eng. Manag. Sci. 2025, 5, 2791–2819.

Masum, M. R.; Training, T. Cybersecurity, Zero Trust, and Risk Management Framework (RMF) Implementation Workshop by Tonex. 2024. https://doi.org/10.13140/RG.2.2.20285.27361

Alawi, N. Evergreen OT Security Assurance: A Sustainable Approach to OT Cybersecurity Risk Management. 2025. https://doi.org/10.2118/224964-MS

Mickie, J.; Weng, J. Zero Trust Security: A Proactive Cybersecurity Model for Risk Management. 2025. https://doi.org/10.13140/RG.2.2.20335.55201

Wang, X.; Bhuse, V.; Cheng, Y. A Zero Trust Module for Cybersecurity Education. J. Colloq. Inf. Syst. Secur. Educ. 2025, 12. https://doi.org/10.53735/cisse.v12i1.193

Chang, H.-C.; Lund, B.; Beuerlein, E.; Mote, C. Investigating the Symbiotic Relationship between Artificial Intelligence and Blockchain to Promote Zero-Trust Cybersecurity in an Evolving Information Ecosystem. Inf. Discov. Deliv. 2025. https://doi.org/10.1108/IDD-11-2024-0185

Moses, J.; Emmanuel, F. Zero-Trust Architectures as a Resilience Strategy for Mid-Market Cybersecurity. 2025.

Walsham, G. Doing Interpretive Research. Eur. J. Inf. Syst. 2006, 15(3), 320–330. https://doi.org/10.1057/palgrave.ejis.3000589

Hevner, A.; March, S.; Park, J.; Ram, S. Design Science in Information Systems Research. MIS Q. 2004, 28(1), 75–105. https://doi.org/10.2307/25148625

Slay, J.; Miller, M. Lessons Learned from the Maroochy Water Breach. In Critical Infrastructure Protection; International Federation for Information Processing Digital Library, 2007; Vol. 253, pp 73–82. https://doi.org/10.1007/978-0-387-75462-8_6

Langner, R. Stuxnet: Dissecting a Cyberwarfare Weapon. IEEE Secur. Priv. 2011, 9(3), 49–51. https://doi.org/10.1109/MSP.2011.67

Weill, P.; Ross, J. W. IT Governance: How Top Performers Manage IT Decision Rights for Superior Results; Harvard Business Press, 2004.

Knowles, W.; Prince, D.; Hutchison, D.; Disso, J. F. P.; Jones, K. A Survey of Cyber Security Management in Industrial Control Systems. Int. J. Crit. Infrastruct. Prot. 2015, 9, 52–80. https://doi.org/10.1016/j.ijcip.2015.02.002

Koppichetti, R. K. Convergence of Information Technology (IT) and Operations Technology (OT) in Bio-Pharmaceutical Manufacturing Industry. 2023. https://doi.org/10.5281/zenodo.14866213

Bhushan, B.; Rajgopal, P.; Sharma, K. An Intent-Aware Zero Trust Identity Architecture for Unifying Human and Machine Access. Int. J. Comput. Exp. Sci. Eng. 2025, 11. https://doi.org/10.22399/ijcesen.3886

Cavoukian, A. Privacy by Design: The 7 Foundational Principles; Information and Privacy Commissioner of Ontario, 2010.