

★ Shenyang Institute of Automation, Chinese Academy of Sciences, National Key Laboratory of Robotics, Tianyu Wang
★ Northeast Branch of the National Petroleum and Natural Gas Pipeline Group Co., Ltd., Shenyang Oil and Gas Transportation Company, Su Chen
★ Daqing Oilfield Co., Ltd., Gang Wang
★ National Robot Innovation Center, Minghao Wang
★ Shenyang Institute of Automation, Chinese Academy of Sciences, Bowen Zhang
★ Oil and Gas Regulation Center, National Petroleum and Natural Gas Pipeline Group Co., Ltd., Tieliang Sun, He Huang, Feng Lü
Abstract:In response to the multiple security threats and complex challenges faced by the communication links of oil and gas pipeline industrial control systems, this paper constructs a four-dimensional collaborative deep defense system based on “identity-data-network-address”. This system integrates technologies such as identity verification access control, TLS protocol optimization for transmission reinforcement, firewall boundary isolation, and IP address tracing defense, proposing a lightweight authentication mechanism based on dynamic key negotiation and a layered encryption strategy, forming a complete protection loop covering “access control – transmission protection – boundary isolation – tracing defense”. This research breaks through key technologies such as secure communication channel construction under resource-constrained conditions of industrial control devices, trusted key exchange, and resistance to man-in-the-middle attacks, meeting the core requirements for confidentiality and resistance to replay attacks as specified in standards such as GB/T 32919, achieving the triple protection goals of “trusted link, verifiable identity, and controllable data”, providing systematic security assurance for the stable operation of oil and gas energy infrastructure.

The oil and gas pipeline network, as the “artery” of national energy transmission, directly affects the lifeblood of the national economy and strategic security. With the deep application of technologies such as industrial internet, 5G, and intelligent sensing, the pipeline system is accelerating its transformation towards openness and intelligence. However, the ubiquitous access of massive devices and high-frequency data interactions have exposed severe security shortcomings—risks such as inherent vulnerabilities in industrial control protocols, wireless communication link hijacking, and cross-domain data leakage are continuously escalating. In recent years, there have been frequent cyber attack incidents targeting oil and gas pipelines globally, ranging from malicious tampering of control systems to satellite communication data theft, with threat methods continuously upgrading. Traditional protection systems centered on boundary isolation and static encryption are increasingly unable to cope with new dynamic and collaborative attack modes.
In this context, constructing a data security technology system that adapts to complex network environments has become an industry necessity. This paper focuses on three core dimensions: “communication link – data entity – network boundary”, systematically exploring the upgrade path from passive defense to active immunity for oil and gas pipelines, combining cutting-edge technologies such as lightweight encryption, zero-trust architecture, and intelligent traffic analysis. By strengthening the access defense through identity verification and dynamic key negotiation, reinforcing transmission through protocol deep analysis and encrypted traffic control, and innovatively integrating mechanisms such as blockchain tracing and quantum-resistant algorithms to address future threats. These technologies not only provide practical support for the implementation of policies such as the “Regulations on the Security Protection of Critical Information Infrastructure”, but also assist the oil and gas industry in balancing security and efficiency during digital transformation, providing a reference paradigm for the resilient development of global energy infrastructure.
1 Oil and Gas Pipeline Data Security Assurance Technology
The oil and gas pipeline network, as a core component of the national critical information infrastructure, faces severe security threats such as network attacks, data leakage, and unauthorized access in its communication system under open interconnection scenarios. To address the challenges of wide exposure of communication links, high sensitivity of data, and blurred network boundaries, this chapter constructs a multi-layered deep defense system based on the security logic mainline of “access control – transmission protection – boundary isolation – tracing defense”: implementing legitimate access authentication for devices and users through identity verification technology, ensuring the anti-eavesdropping and anti-tampering capabilities of transmission content through data information encryption technology; establishing network traffic filtering and abnormal behavior blocking mechanisms through firewall technology, and preventing address forgery and network tracking attacks through IP address protection technology. The above technologies work in synergy, meeting the requirements of the “Guidelines for Information Security Protection of Industrial Control Systems” for access control and data confidentiality of pipeline communication systems, while forming a four-dimensional protection loop covering “identity – data – network – address”, providing reliable security assurance for the stable operation of oil and gas energy arteries.
1.1 Identity Verification Technology
In the context of the rapid development of the industrial internet, identity verification technology has become a core link in the security protection of oil and gas pipelines. As a national critical infrastructure, oil and gas pipelines encompass key nodes such as remote monitoring systems (SCADA), pump station control terminals, and intelligent sensors, where strict control of operational permissions directly relates to the safety of energy transmission. Traditional industrial control networks often use static password authentication, such as logging into valve controllers or pressure monitoring devices with preset account passwords, but static passwords are vulnerable to brute force cracking or leakage, making it difficult to meet security needs in open interconnection scenarios. With the intelligent upgrade of oil and gas pipelines, dynamic password technology (such as one-time passwords (OTP) based on hardware tokens or mobile apps) is gradually becoming popular, effectively preventing password interception and replay attacks, especially suitable for remote secure access by pipeline operation personnel across regions.
Biometric technology further enhances the reliability and convenience of identity verification in oil and gas pipelines. For example, in critical areas such as high-pressure pump stations, operators must complete identity verification through fingerprint recognition or live face verification before entering the control room. Fingerprint recognition, relying on its uniqueness and non-replicability, can eliminate the risk of illegal intrusion caused by the loss of traditional access cards; while face recognition systems equipped with 3D structured light and infrared live detection functions can effectively defend against forged attacks such as photos and videos, and have been piloted in a domestic natural gas trunk line, successfully intercepting multiple security incidents of identity impersonation entering the control system. Additionally, for identity management of pipeline inspection drones and mobile terminals, multi-modal fusion authentication (such as “voiceprint + dynamic password” and “face + industrial control USB key”) is becoming a new trend. This not only meets the compliance requirements for “two-factor authentication” as specified in the “Guidelines for Information Security Protection of Industrial Control Systems”, but also adapts to the special needs for low latency and high robustness in outdoor operation environments.
Looking to the future, identity verification technology for oil and gas pipelines should evolve towards adaptive security: constructing a zero-trust model based on device behavioral fingerprints (such as PLC instruction cycles, sensor data characteristics), analyzing operational mode anomalies of login devices in real-time, and dynamically adjusting authentication levels; at the same time, combining lightweight national secret algorithms and quantum-resistant cryptography to enhance the security of the key negotiation process, ensuring identity trustworthiness in complex transmission environments such as satellite communication and 5G private networks. Through multi-layered protection of “biometric features – dynamic passwords – behavioral analysis”, the identity verification system for oil and gas pipelines will achieve a leap from “passive defense” to “active immunity”, solidifying the first line of security for energy arteries.
1.2 Data Information Encryption Technology
In the digitalization process of the oil and gas pipeline, data security is a core element in ensuring the stability of energy transmission and national security. In response to the high dynamics of communication links, complex data interaction scenarios, and strict privacy protection requirements, modern encryption technology constructs a three-dimensional security barrier through multi-layered and multi-dimensional protection mechanisms. From dynamic encryption of transmission channels to secondary reinforcement of data terminals, from privacy computing of cloud data to anti-tampering verification of blockchain, various encryption technologies achieve full lifecycle protection of data from generation, transmission, storage to processing. The following six key technologies jointly support the anti-attack capability of the oil and gas pipeline communication system, ensuring the confidentiality, integrity, and availability of sensitive information in open network environments.
1.2.1 Dynamic Encryption Technology for Network Communication
For wireless communication between the oil and gas pipeline SCADA system and RTU (Remote Terminal Unit) (such as satellite, 5G private networks), a dynamic encryption mechanism combining the national secret SM9 algorithm and quantum key distribution (QKD) is adopted:
(1) In the transmission of control instructions for long-distance pipeline valve rooms, the session key is dynamically updated every 15 minutes to prevent man-in-the-middle (MitM) attacks from tampering with valve opening instructions;
(2) For drone inspection video streams, low-latency encryption is achieved through the lightweight TLS 1.3 protocol, ensuring that the transmission delay of 1080P high-definition images is less than 50ms while resisting traffic sniffing.
1.2.2 Secondary Reinforcement Technology for Data at the National Secret Level
For the data acquisition link between intelligent sensors and edge computing nodes, a “end-edge” dual-level encryption is implemented:
(1) First layer: The sensor side uses the SM4-ECB mode to encrypt pressure and temperature data, adapting to the computational limitations of low-power chips (such as ARM Cortex-M series);
(2) Second layer: The edge gateway performs secondary encryption of aggregated data using the SM2 algorithm and completes two-way certificate authentication with the control center to prevent malicious nodes on the PLC side from injecting forged data.
1.2.3 Homomorphic Encryption Technology
To support joint analysis of oil and gas dispatch data across countries (such as collaborative pressure forecasting for Central Asian pipelines), semi-homomorphic encryption (Paillier algorithm) is deployed in the cloud:
Operators from various countries upload encrypted pipeline flow data to a shared platform, where the cloud can directly perform summation and averaging calculations on the ciphertext, outputting statistical results without disclosing the original data;
Combining with the SGX trusted execution environment, it ensures that the decryption key is only used within the hardware enclave, meeting the EU GDPR cross-border data privacy requirements.
1.2.4 Blockchain Encryption Technology
Based on asymmetric encryption and smart contracts, a tamper-proof audit chain for pipeline valve operation logs is constructed:
(1) Each valve control instruction (such as open/close) is signed with the SM2 private key and then uploaded to the chain, with the public key open for verification by regulatory parties;
(2) Deploying a Fabric consortium chain to achieve cross-organizational collaborative evidence storage among the National Pipeline Group, local dispatch centers, and third-party operation and maintenance providers, where tampering with any node record requires controlling the consensus mechanism among the majority of nodes/weights.
1.2.5 Technical Compliance and Industry Adaptation
(1) National secret compliance: The entire system prioritizes the use of SM2/SM3/SM4/SM9 algorithms, meeting the requirements of the “Guidelines for Information Security Protection of Industrial Control Systems” (GB/T 32919);
(2) Performance balance: Hardware acceleration (such as national secret chips) is used to address encryption computational consumption, with actual measurements indicating that encryption-induced SCADA instruction delays increase by ≤7%;
(3) Scenario coverage: Successfully piloted in a domestic natural gas trunk network, effectively blocking three attempts of forged attacks on compressor control signals, with cross-border data sharing compliance improved by 90%.
1.3 Firewall Technology
In the complex network environment of oil and gas pipelines, industrial firewalls are not only “gatekeepers” but also “quality inspectors” for control instructions. Taking the long-distance pipeline SCADA system as an example, there exists a large amount of communication using industrial protocols such as OPC and Modbus between the station control center and the valve rooms, where traditional IT firewalls’ deep packet inspection (DPI) mechanisms struggle to identify industrial control-specific risks such as “abnormal valve opening values written” and “sudden changes in pressure sensor data”. Therefore, the new generation of industrial firewalls deeply integrates protocol semantic analysis and business logic modeling—when a pump station PLC suddenly sends an “emergency close valve” instruction to an adjacent pipeline segment, the firewall will simultaneously retrieve real-time data on pipeline pressure and flow, and if it finds that the current operating state contradicts the instruction logic (such as pressure values being within safe thresholds), it will immediately trigger an alarm and block the instruction, while marking the abnormal IP address as a high-risk object. This dual verification mechanism of “protocol compliance + business rationality” has successfully intercepted multiple man-in-the-middle attack incidents disguised as legitimate protocols in a certain natural gas trunk network in Northwest China.
In the face of the trend of OT and IT network integration, oil and gas pipeline firewalls are upgrading from “one-way isolation” to “intelligent perception”. For example, zero-trust firewalls deployed at cross-border data gateways no longer rely on fixed IP whitelists but assess the trustworthiness of visitors through continuous identity authentication (such as dynamic tokens + device fingerprints). Even if an attacker steals an operation and maintenance account, if the model of the login device, geographical location, and historical records do not match, they will still be forcibly logged out. Additionally, for unstructured data streams such as compressor vibration monitoring data and drone inspection images, firewalls equipped with lightweight AI models can identify abnormal transmission patterns in encrypted traffic (such as sudden large file uploads during low-load nighttime periods) and automatically associate with digital twin systems for attack simulation and deduction. Actual measurements indicate that this solution reduced the false positive rate by 67% in a certain LNG receiving station in South China, and the lateral movement blocking time for ransomware was shortened to 800 milliseconds, providing a protective paradigm of “dynamic boundaries + endogenous immunity” for the “national one network” strategy.
1.4 IP Address Protection Technology
In the digital architecture of oil and gas pipelines, once an IP address is exposed, it may become an entry point for hackers’ targeted attacks. For example, the SCADA system of a certain eastern crude oil pipeline previously used fixed IP addresses for communication with hundreds of RTUs along the line. Attackers could scan and lock the IP through satellite communication links, injecting false pressure data packets into the system, nearly triggering valve misclosure. Therefore, the pipeline upgraded and deployed dynamic IP disguise technology—when communicating between the control center and valve rooms, the IP address dynamically rotates every 10 minutes according to a preset algorithm, combined with geographical fence verification, making it difficult for attackers to continuously locate effective targets even if they intercept the IP, ultimately reducing the occurrence rate of such attack incidents by 82%.
In the face of increasingly complex network environments, IP protection for oil and gas pipelines is shifting from “static defense” to “intelligent game”. For example, a cross-border natural gas pipeline’s cross-border data gateway introduced an IP honeypot trap system: constructing a virtual IP address pool next to the real operation network, disguised as key nodes such as compressor control interfaces and pressure sensors. When foreign IP attempts to scan and penetrate, 98% of probing attacks are induced towards the honeypot, triggering false data feedback disguised as “valve opening logs”, leading attackers to only locate to foreign cloud servers when tracing the source IP. Meanwhile, the micro-isolation strategy of core routers divides the SCADA network into dozens of IP security domains, ensuring that even if a pressure transmitter’s IP is compromised, attackers cannot cross-domain access the flow meter’s IP in adjacent segments. This “dynamic concealment – active deception – regional lockdown” technical framework successfully compressed the average blocking time for lateral penetration attempts to 1.2 seconds in a certain refined oil pipeline test in Southwest China, building a solid defense for energy arteries.
2 Comprehensive Protection System for Oil and Gas Pipeline Communication Data
The oil and gas pipeline industrial control system, as the nerve center of energy transmission, faces multiple security threats such as physical exposure, protocol vulnerabilities, and key leakage in its communication links. To address challenges such as resource constraints of industrial control devices, high real-time communication requirements, and complex attack surfaces, this chapter systematically constructs a protection system covering the entire communication process based on a progressive security logic of “risk identification – transmission reinforcement – trust establishment – data protection”: first analyzing the inherent vulnerabilities of industrial control protocols, network architecture, and device terminals, and on this basis proposing a method for constructing secure communication channels based on the TLS protocol, achieving trusted key exchange in dynamic environments through optimized key negotiation mechanisms; further combining lightweight identity authentication technology and layered data encryption strategies to form a triple protection loop of “trusted link, verifiable identity, and controllable data”. The above technologies are tightly coupled, jointly meeting the core security requirements for confidentiality, resistance to replay attacks, and resistance to man-in-the-middle attacks as specified in the “Guidelines for Information Security Protection of Industrial Control Systems” (GB/T 32919) for oil and gas pipeline communication systems.
2.1 Vulnerability Analysis of Oil and Gas Pipeline Industrial Control Systems
The oil and gas pipeline industrial control network is a solution at the lower two layers of the OSI model, which can use other communication protocols (such as TCP/UDP/IP clusters) or adopt industrial networks’ custom real-time data transmission protocols. Most protocols were designed primarily for data transmission efficiency and practicality, without considering security issues. The network itself provides no protection for information security, and the TCP/UDP/IP protocol cluster cannot provide security services such as identity authentication, data integrity, and confidentiality, leading to transparent transmission of control information and industrial data throughout the network in energy system applications (as shown in Figure 1).

Figure 1 Example of Energy Industrial Control Network
The lack of identity authentication allows unauthorized users to establish communication sessions with on-site devices, disrupting control processes; the lack of data integrity checks prevents the receiving party from judging the correctness of received information, allowing even tampered information to be received and executed normally; the lack of encryption means that transmitted instructions and data are in plaintext form, making it easy for attackers to intercept and analyze.
The information security issues faced by energy industrial networks mainly include data listening, theft, tampering, and forgery. These attack methods have high risk coefficients, significant threat levels, and strong destructiveness, necessitating protective measures against these threats in practical applications of energy industrial networks.
Current attack methods primarily target the lack of comprehensive authentication mechanisms, data integrity verification, and data confidentiality processing in the transmission process of energy industrial networks. With the integration of industrial networks and the Internet, information security for industrial Ethernet can reference security protection technologies in IT networks (such as authentication and authorization technologies, access control technologies, encryption, and data verification technologies).
Typically, a single security measure cannot defend against multiple security threats, necessitating a defense-in-depth strategy to provide layered or gradual security protection for information.
2.2 Security Communication Technology Based on TLS Protocol
TLS (Transport Layer Security) is a widely used connection-oriented security communication protocol based on TCP/IP on the Internet. The TLS protocol provides identity authentication, data integrity verification, and data encryption services for both parties in communication, effectively preventing data eavesdropping, tampering, and forgery. Applying the TLS protocol in energy industrial networks is one of the effective solutions to address information security issues in the energy industry.
The TLS protocol consists of two parts: the TLS handshake protocol and the TLS record protocol. Figure 2 illustrates the secure communication process of energy industrial networks based on the TLS protocol.

Figure 2 Secure Communication Process of Energy Industrial Networks Based on TLS Protocol
Figure 3 shows the format of secure Ethernet data packets protected by the TLS protocol. The sequence number prevents replay attacks; the message authentication code (MAC) protects data integrity; encryption of application layer data ensures data confidentiality. The header part of the TLS header includes the upper layer protocol type, TLS version number, and data length.

Figure 3 Format of Secure Ethernet Data Packets (TLS Record Layer Illustration)
This paper’s design approach addresses the information security issues present in energy industrial networks by selecting targeted security measures. Digital signature technology is used to achieve identity authentication and data integrity verification between both parties in the energy industrial network; symmetric encryption is employed to ensure data confidentiality; key negotiation is used to establish keys, ensuring the secure execution of digital signatures and data encryption. This design focuses solely on the application layer data of energy industrial networks, with each functional module being relatively independent, allowing for targeted configuration based on specific industrial scenarios, making it easy to implement and maintain, with strong flexibility.
2.3 Key Negotiation Technology
Applying communication security technology to energy industrial networks to address information security issues in industrial production processes, key negotiation is a very important process. Keys are the security foundation for digital signatures or encryption/decryption. If the key is not secure, then the cryptographic algorithms using that key are also insecure. This paper employs the ECDH algorithm for key negotiation. This method requires a small key length, has a fast computation speed, and is easy to implement in software and hardware. The specific steps of the algorithm are as follows, assuming that both parties in communication A and B choose a shared set of curve parameters (elliptic curve E, order n, base point G, etc.).
(1) Node A generates a random number rA and calculates QA = rAG;
(2) Node B generates a random number rB and calculates QB = rBG;
(3) Node A sends QA to Node B;
(4) Node B sends QB to Node A;
(5) Node A receives QB and calculates rAQB = rArBG;
(6) Node B receives QA and calculates rBQA = rBrAG = rArBG.
At this point, both communication parties A and B have the same key KAB = rA*rBG. Even if an attacker intercepts QA and QB transmitted over the public channel, relying on the discrete logarithm problem on the elliptic curve, they cannot reverse-engineer the random numbers rA and rB. Only one message exchange is needed between both parties to complete the negotiation, having minimal impact on the system. The key KAB generated in this process is used for subsequent encryption and distribution of the public keys required for digital signatures and the encryption of industrial data.
2.4 Identity Authentication Technology
This paper uses a lightweight end-to-end secure communication authentication method based on identity passwords. The identity-based digital signature algorithm is integrated into the SSL/TLS handshake protocol and applied in industrial control systems, completing the authentication process based on identity identification between the engineer station and terminal devices. At the same time, when the terminal device first establishes a connection with the engineer station, identity authentication can be performed through a challenge/response method to ensure the correctness of the engineer station’s identity. During the identity authentication process, both parties also achieve the exchange of symmetric encryption keys. The engineer station uses its identity identifier as its public key, eliminating the need for the existence of a public key certificate, significantly reducing the complexity of public key certificate management and maintenance. The industrial control system with added authentication functionality can effectively block unauthorized access by illegal users to the industrial control system, preventing terminal devices from being compromised and protecting the system’s sensitive resources. The secure communication authentication method is illustrated in Figure 4.

The secure communication authentication method mainly includes the following steps:
Initialization phase: The key generation server first calculates the signature master key pair, then generates the private key for the engineer station and sends it to the engineer station through a secure channel. The engineer station locally securely stores its private key, while the terminal device locally stores the engineer station’s public key.
Establishing a logical connection: The terminal device first sends a message to the engineer station requesting to establish a connection. The engineer station determines the encryption and digest algorithms used from the received message and generates a random number.
Authenticating the engineer station’s identity: The terminal device sends a challenge value to the engineer station, which uses its private key to sign the challenge value, generating a digital signature. The terminal device receives the digital signature generated by the engineer station and verifies its correctness. Upon successful verification, a random number is generated using the engineer station’s identity ID (public key), which is then encrypted with the engineer station’s identity ID to generate the PreMaster Key.
Key exchange: The terminal device sends the generated PreMaster Key to the engineer station, which uses its private key to decrypt the PreMaster Key and obtain the random number generated by the terminal device. At this point, both the terminal device and the engineer station have three random numbers, and both sides can generate a key using the same algorithm, after which the data to be transmitted can be symmetrically encrypted using this key.
Handshake completion: The engineer station and terminal device exchange messages to verify whether the keys are consistent. Upon successful verification, all subsequent data to be transmitted can be encrypted using this key before secure transmission.
2.5 Data Encryption Technology
Data encryption technology is one of the important technologies for ensuring communication security in energy industrial systems. It involves re-encoding information to hide the original content, making it impossible for unauthorized users to obtain the real information. This paper uses the SM4 encryption communication technology that complies with national standards, employing lightweight algorithms and hardware storage for keys. In different energy industrial system terminal devices and upper-level machines, devices encrypt sensitive data during transmission, with the specific process illustrated in Figure 5.

Figure 5 Secure Communication Encryption Method
3 Application Prospects Analysis
As the oil and gas industry accelerates its embrace of intelligent transformation, data security technology is transitioning from “basic protection” to “active immunity”. Driven by new scenarios such as digital twins and 5G private networks, the existing technical system will be deeply integrated into the industrial internet architecture, promoting the coexistence of security and efficiency. For example, based on lightweight identity authentication and dynamic key negotiation technology, it will be possible in the future to achieve real-time trusted access for intelligent sensors and inspection drones along thousands of kilometers of pipelines, while combining the protocol deep analysis capabilities of AI firewalls to identify and block APT attacks disguised as legitimate traffic within milliseconds. The integration of blockchain and homomorphic encryption not only ensures that pressure and flow data from cross-border pipelines are “available but invisible” during cross-border sharing but also provides an immutable audit evidence chain for multinational joint regulation. This technological coupling not only breaks the traditional contradiction between security and performance but also enables oil and gas pipelines to possess both “intelligent resilience” and “security toughness” in the era of open interconnection.
However, the large-scale implementation of new technologies also faces practical challenges. Compatibility of industrial protocols and threats from quantum computing compel the industry to build a more forward-looking defense ecosystem. For example, the TLS protocol needs further optimization to meet the real-time requirements of industrial control protocols like Modbus and to avoid delays in control instructions caused by encryption; additionally, continuous identity verification and micro-isolation strategies should dynamically manage every access request from the control center to pump station terminals. It is foreseeable that under the “national one network” pipeline pattern, data security technology will no longer be limited to a single functional module but will become a core infrastructure supporting intelligent scheduling and cross-border cooperation of oil and gas resources, with its value shifting from risk avoidance to business empowerment, ultimately assisting the national energy lifeline in navigating the digital wave steadily and far.
4 Summary and Outlook
The data security technology of oil and gas pipelines has evolved from passive reinforcement to active defense, initially forming a multi-dimensional protection system covering “identity – link – data – boundary”, providing key support for resisting cyber attacks and ensuring the stable operation of energy arteries. Currently, the engineering application of technologies such as lightweight encryption, dynamic identity authentication, and intelligent firewalls has significantly enhanced the real-time security protection capabilities of pipeline communication, while the introduction of emerging technologies such as blockchain and homomorphic encryption has opened new paths for compliant cross-border data circulation and joint operation and maintenance.
However, as the digital transformation of the oil and gas industry enters deeper waters, security technologies still face multiple challenges: on one hand, it is necessary to break the “zero-sum game” of security and efficiency in industrial scenarios, for example, by enhancing the performance of the TLS protocol in industrial control environments through hardware acceleration or developing new encryption algorithms that balance lightweight and quantum-resistant characteristics; on the other hand, it is essential to build a cross-domain collaborative ecosystem, promoting the deep integration of zero-trust architecture, digital twins, and pipeline business, achieving a leap from “point defense” to “system immunity”. In the future, driven by the dual goals of “carbon neutrality” and energy security, data security technology for oil and gas pipelines will continue to iterate towards “endogenous security” and “intelligent evolution”, solidifying the firewall of national critical infrastructure while providing a Chinese solution for global energy interconnection.
References omitted.
Author Profiles
Tianyu Wang (1990-), male, from Shenyang, Liaoning, associate researcher, PhD, currently employed at the National Key Laboratory of Robotics, Shenyang Institute of Automation, Chinese Academy of Sciences, mainly engaged in research on industrial control security, industrial IoT, and complex network analysis.
Su Chen (1992-), male, from Shenyang, Liaoning, engineer, bachelor, currently employed at the Northeast Branch of the National Petroleum and Natural Gas Pipeline Group Co., Ltd., Shenyang Oil and Gas Transportation Company, mainly engaged in research on instrumentation and automation in the oil and gas pipeline industry.
Gang Wang (1986-), male, from Daqing, Heilongjiang, bachelor, currently employed at Daqing Oilfield Co., Ltd., mainly engaged in research on industrial internet and big data.
Minghao Wang (1994-), male, from Changchun, Jilin, engineer, bachelor, currently employed at the National Robot Innovation Center, mainly engaged in research on industrial internet and industrial information security.
Bowen Zhang (1994-), male, from Shenyang, Liaoning, engineer, master, currently employed at the Shenyang Institute of Automation, Chinese Academy of Sciences, mainly engaged in research on industrial internet and artificial intelligence.
Tieliang Sun (1967-), male, from Dezhou, Shandong, senior engineer, bachelor, currently employed at the Oil and Gas Regulation Center, National Petroleum and Natural Gas Pipeline Group Co., Ltd., mainly researching automation control, communication, and industrial control system network security.
He Huang (1984-), male, from Yongchuan, Chongqing, senior engineer, master, currently employed at the Oil and Gas Regulation Center, National Petroleum and Natural Gas Pipeline Group Co., Ltd., mainly researching automation control and industrial control system network security.
Feng Lü (1969-), male, from Weihai, Shandong, senior engineer, bachelor, currently employed at the Oil and Gas Regulation Center, National Petroleum and Natural Gas Pipeline Group Co., Ltd., mainly researching automation control and industrial control system network security.
· end ·
Source | “Automation Expo” July 2025 issue
Editor | Qiao Jun

Recommended Reading
Heavyweight | The first issue of “Automation Expo” 2025 and the “Special Issue on Information Security of Industrial Control Systems (Volume 11)” is online
Heavyweight | The second issue of “Automation Expo” 2025 and the “Edge Computing 2025 Special Edition” is online
Heavyweight | The July 2025 issue of “Automation Expo” is online! Focused on digital intelligence, medicine, and health~
Heavyweight | Enhancing digital security technology capabilities and accelerating the development of new quality productivity–The 2024 Industrial Automation Security Conference was successfully held
Review | 2023 Cover Story, Insights into Industry Development, Listening to Siemens, ABB, Yokogawa Electric, Delta, Dongtu Technology… Voices from many industry leaders!
Control Weekly | 2025 Issue 14, focusing on “Food and Beverage, Industrial Software”
Boundary·Intelligence | Boundary·Intelligence 2025-7——Intelligent Manufacturing Electronic Journal
Academician Talks | Academician Ding Han: Research progress of collaborative robots and thoughts on humanoid robots, with PPT attached
Control Special | Embodied Intelligence: The “Industrial Engine” of New Quality Productivity
Recommended Reading | Beizhi Institute: 5G Empowering AMR in Warehouse Logistics Systems
Cover Story | Holley: From Replacement to Beyond, the Localization Breakthrough and Intelligent Leap of Industrial Software + AI
Academician Talks | Academician Zhang Bo: A Review and Outlook on the Development of Artificial Intelligence
Recommended Reading | Research on Firewall Security Management Strategies and Risk Assessment Paths
Essentials | 58 New Quality Productivity Industry Chain Map, recommended for collection!
Cover Story | Yokogawa Electric GS2028: Writing the Future Picture of Harmony between Humanity and the Earth
Insights | Prospective Industry Research Institute: Blue Book on Opportunities for Development of China’s Intelligent Manufacturing Equipment Industry
White Paper | 2024 Artificial Intelligence Development White Paper, with PDF download attached
Recommended Reading | Research on the Application of Artificial Intelligence in Photovoltaic Safety Inspection
Recruitment | Recruitment report for guests at the 2024 Industrial Intelligent Edge Computing Conference, welcome recommendations!
Recruitment in Progress | You have an exciting offer waiting for you!
Report | Deloitte’s Survey on the Application of Artificial Intelligence in Manufacturing, with PDF download attached




