A new report says more than 1,600 US offshore oil and gas facilities are at an “increased” and “significant” risk of cyberattacks, and therefore must be properly protected.
The warning came from the US Government Accountability Office (GAO) in a report submitted to the US Congress, adding that these facilities produce a “significant” amount of oil and gas in the country.
To craft the report, GAO took a close look at the utility network and its operational technologies (OT) used to operate the equipment installed there.
Apparently, an attack on operational Earth would lead to a disaster that would rival the 2010 failure of the Deepwater Horizon blowout preventer. At that time, the offshore rig was crippled, resulting in an explosion and sinking. In total, 11 people lost their lives, and some were seriously injured. Moreover, the United States had to deal with the largest marine oil spill in its history.
But the Deepwater Horizon incident is not the only event referred to by the GAO. The colonial pipeline ransomware, which occurred last year, disrupted the delivery of gas and gas-derived products to much of the country’s southeast. On top of that, the company had to pay $5 million in ransom just to reboot the system.
Besides local incidents, the report also mentions (albeit tentatively) events around the world, which should be watched closely. Russia’s invasion of Ukraine has disrupted gas distribution, and with Russia being one of the largest exporters of natural gas to Europe, the old continent is now facing major price shocks. Russian hackers have also been busy, especially since February this year. The Government Accountability Office says cybercriminals, especially state-sponsored groups, are well equipped to target electric utilities and similar service providers.
The report concludes that turning a blind eye to these facilities creates “great responsibility”. Instead, the US government should focus on building a cybersecurity strategy for its oil and gas structures, which includes risk assessment, performance measures, coordination of efforts, and assessment of required resources.
- scan the The best endpoint protection services now