EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Securing Oil & Gas Digital Supply Chains: A Vendor Risk Management Framework for IoT and Cyber-Physical Systems

Samuel Grant Quansah ()

Journal of Artificial Intelligence General science (JAIGS) ISSN:3006-4023, 2025, vol. 8, issue 1, 264-280

Abstract: The oil and gas industry’s accelerated digital transformation—driven by cloud computing, IoT, and edge technologies—has significantly expanded the attack surface, with third-party vendors emerging as critical points of vulnerability. Existing frameworks, such as NIST CSF and ISO/IEC 27036, while comprehensive, fall short of addressing the sector’s unique cyber-physical infrastructure and real-time operational demands. This study addresses that gap by proposing the Vendor Cyber Risk Management Framework (VCRMF), a domain-specific model that integrates dynamic vendor tiering, continuous threat monitoring, and sector-aligned controls. Developed through an iterative process combining literature synthesis, threat landscape analysis, expert interviews (n=18), and a validated midstream case study, the VCRMF demonstrated a 72% improvement in vendor risk visibility and reduced incident response times from 14 days to 36 hours. Practitioners across cybersecurity, OT, and procurement domains rated the framework highly (average rating: 4.7/5), citing its adaptability across upstream and downstream operations and alignment with evolving standards like IEC 62443 and DORA. The VCRMF offers a practical, validated approach to mitigating vendor-related cyber risks in the digital supply chain, contributing both operational value and regulatory readiness.

Keywords: Supply Chain Cybersecurity; Vendor Risk Management; Oil and Gas Digital Transformation; Third-Party Risk; Industrial Cybersecurity Framework (search for similar items in EconPapers)
Date: 2025
References: Add references at CitEc
Citations:

Downloads: (external link)
https://newjaigs.com/index.php/JAIGS/article/view/389 (application/pdf)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:das:njaigs:v:8:y:2025:i:1:p:264-280:id:389

Access Statistics for this article

Journal of Artificial Intelligence General science (JAIGS) ISSN:3006-4023 is currently edited by Justyna Żywiołek

More articles in Journal of Artificial Intelligence General science (JAIGS) ISSN:3006-4023 from Open Knowledge
Bibliographic data for series maintained by Open Knowledge ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-07-23
Handle: RePEc:das:njaigs:v:8:y:2025:i:1:p:264-280:id:389