The Government Accountability Office made a new case for improving the cybersecurity safeguards within offshore drilling and natural gas facilities.
Threats to the U.S.’s critical infrastructure extend to the over 1,600 offshore oil and drilling facilities that support the country’s fuel economy, which are just as much at risk of cyberattacks as onshore utility facilities, according to a new government report.
“Future successful cyberattacks against offshore oil and gas infrastructure could have severe consequences,” the report, published by the Government Accountability Office, notes.
GAO authors identified operational technology vulnerabilities, such as legacy software systems with poor encryption standards and a lack of connectivity, that cybercriminals could exploit. The fallout from hacks on similar entities has proven to cause significant disruptions in the availability of oil and gas products. It cited the 2021 Colonial Pipeline Company hack, which choked gas supply along the eastern seaboard of the U.S., as well as instances in Ukraine and other European nations, as well as Japan.
“A cyberattack on these facilities could cause physical, environmental and economic harm,” the report fact sheet reads. “And disruptions to oil and gas production and transmission could affect supplies and markets.”
The recommendations GAO made were directed at the Department of Interior’s Bureau of Safety and Environmental Enforcement sub office and included the development and implementation of a more advanced, robust cybersecurity infrastructure for offshore drilling sights. Pillars within these frameworks would cover risk assessments for facilities, objectives and performance measures, identification of needed resources and role coordination.
“More than 7 years have elapsed since BSEE explicitly identified the need to address cybersecurity risks to offshore oil and gas infrastructure, but the bureau remains in the early stages of establishing a program to do so,” the report notes. “Our past work has shown that having a strategy is a starting point and basic underpinning for better managing federal programs and activities.”
GAO chronicled several documented incidents of oil and gas drilling sites being disrupted or otherwise damaged by cyberattacks across the world. The report listed China, Iran, North Korea, and Russia as the greatest international cyberthreats to digital systems.