More than 1,600 offshore oil and gas facilities belonging to the United States are at “increasing” and “significant” risk of cyberattacks, and as such must be properly protected, a new report has said.
The warning from the US Government Accountability Office (GAO) comes in a report submitted to the US Congress, adding that these facilities, produce a “significant” amount of the country’s oil and gas.
To draft the report, GAO took a closer look at the network of facilities and their operational technologies (OT) used to run the equipment installed there.
Apparently, an attack on the OT would trigger a disaster that would rival the 2010 failure of Deepwater Horizon’s blowout preventer. Back then, the offshore drilling’s rig has had its OT crippled, which resulted in an explosion and sinking. In total, 11 people lost their lives, and some were seriously injured. Furthermore, the US has had to handle the largest marine oil spill in its history.
But the Deepwater Horizon incident is not the only such event that the GAO refers to. The Colonial Pipeline ransomware, which happened last year, disrupted the delivery of gas and gas-derived products to a hefty portion of the country’s southeast. What’s more, the company was forced to pay $5 million in ransom demands just to get the system up and running again.
Besides local incidents, the report also mentions (albeit tentatively) events around the world, which should be closely monitored. Russia’s invasion on Ukraine has disrupted the distribution of gas, and with Russia being one of the biggest exporters of natural gas to Europe, the Old Continent now faces significant price shocks. Russia’s hackers have also been busy, especially since February this year. GAO says cybercriminals, especially state-sponsored groups, are well equipped to target electricity utilities and similar service providers.
Turning a blind eye on these facilities creates “significant liability”, the report concludes. Instead, the US government should focus on building a cybersecurity strategy for its oil and gas structures, which would include risk assessment, performance measures, effort coordination, and required resources assessment.
Check out the best endpoint protection services right now
Via: The Register