Offshore oil and gas at risk of potentially catastrophic cyberattack: GAO – Cybersecurity Dive




The 2021 Colonial Pipeline ransomware attack disrupted much of the nation’s supply of gasoline for nearly a week, causing runs on fuel, temporary price spikes and outages in stations across the Southeast and Mid-Atlantic states. 
Following that incident and the later ransomware attack on meatpacking firm JBS USA, the Biden administration highlighted the risk of cyberattacks or breaches across a core group of 16 critical infrastructure sectors. The offshore oil and gas industry is part of a larger risk to the U.S. energy sector, which has come under scrutiny in part due to Russia’s invasion of Ukraine, which has led to even greater pressure on global oil and gas prices and attacks on energy facilities. 
The Bureau of Safety and Environmental Enforcement at the Interior Department previously launched efforts in 2015 and 2020 to address cybersecurity risks, but failed to take substantive action in both cases, according to the report. 
The BSEE launched another plan earlier this year to address cybersecurity and hired a specialist to lead the effort, but later put that plan on pause to offer more time for the official to get up to speed on the issues, the report stated. 
“Interior officials, specifically the [BSEE] leadership, has been aware of cyberthreats to offshore infrastructure, but have simply not acted on those threats in a sufficient or timely fashion,” Frank Rusco, director of national resources and environment at GAO, said via email.
While Rusco said the agency cannot specifically rank what type of cybersecurity attack poses the biggest risk, he reiterated “environmental and worker safety damages are potentially very large” in light of the multi-billion dollar cost of the Deep Water Horizon disaster. 
The explosion and 87-day oil spill resulted in 11 deaths and 134 million gallons of oil leaked into the Gulf of Mexico. A federal judge in 2016 approved a record $20.8 billion settlement in the case. 
A spokesperson for the National Ocean Industries Association, which serves offshore oil, gas, wind and ocean minerals industries, said cybersecurity is a “critically important issue” for the group, but they were in the process of reviewing the report.
A spokesperson for BSEE said the agency does not have any further comments beyond what was printed in the report.
Correction: This article has been updated to clarify the nature of the Deepwater Horizon incident. 
 
Get the free daily newsletter read by industry experts
Threat actors lean heavily on phishing attacks, vulnerabilities in software and containers, and stolen credentials, according to top cyber vendor research.
Rising ransomware attacks and higher payout demands have battered the insurance industry, leaving many organizations exposed and vulnerable. 
Subscribe to Cybersecurity Dive for top news, trends & analysis
Get the free daily newsletter read by industry experts
Threat actors lean heavily on phishing attacks, vulnerabilities in software and containers, and stolen credentials, according to top cyber vendor research.
Rising ransomware attacks and higher payout demands have battered the insurance industry, leaving many organizations exposed and vulnerable. 
The free newsletter covering the top industry headlines

source


CyberTelugu

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top