More than 1,600 U.S. offshore oil and gas facilities are at “increasing” and “significant” risk of cyberattacks and must therefore be properly protected, a new report said.
The warning from the US Government Accountability Office (GAO) comes from a report submitted to the US Congress, adding that these facilities produce a “significant” amount of the country’s oil and gas.
To prepare the report, GAO took a close look at the network of facilities and their operational technologies (OT) used to run the equipment installed there.
Apparently, an attack on the OT would cause a disaster to rival the blowout prevention failure of Deepwater Horizon in 2010. At the time, the offshore rig’s OT was crippled, resulting in an explosion and sinking. A total of 11 people lost their lives and some were seriously injured. In addition, the US has experienced the largest marine oil spill in its history.
But the Deepwater Horizon incident is not the only event the GAO is referring to. The Colonial Pipeline ransomware, which took place last year, disrupted the supply of gas and gas-derived products to much of the southeastern part of the country. In addition, the company had to pay a $5 million ransom to get the system working again.
> What IT security teams can learn from the Colonial Pipeline ransomware attack
> Colonial Pipeline paid a $5 million ransom to hackers
> These are the best malware removal tools right now
In addition to local incidents, the report also mentions (albeit tentatively) events around the world, which should be closely monitored. The Russian invasion of Ukraine has disrupted gas distribution, and as Russia is one of the largest exporters of natural gas to Europe, the Old Continent is now facing significant price shocks. Russian hackers have also been busy, especially since February this year. GAO says cybercriminals, especially state-sponsored groups, are well equipped to attack electric utilities and similar service providers.
Turning a blind eye to these facilities creates “considerable liability,” the report concludes. Instead, the US government should focus on developing a cybersecurity strategy for its oil and gas structures, including risk assessment, performance measures, effort coordination and assessment of required resources.
- Check out the best endpoint security services now
Via: The Registry