Report warns of urgent need to address cybersecurity in offshore oil and gas infrastructure – SiliconANGLE News




UPDATED 19:32 EST / NOVEMBER 22 2022
by Duncan Riley
A recent report from the U.S. Government Accountability Office warns that there’s an urgent need to address cybersecurity risks to offshore oil and gas infrastructure.
The findings came after GAO was asked to review the cybersecurity of the more than 1,600 U.S. offshore oil and gas facilities that produced significant amounts of domestic oil and gas. Arguably stating the obvious, the main finding in the report was that offshore oil and gas infrastructure faces significant and increased cybersecurity risks in the form of threat actors, vulnerabilities and potential impacts.
Offshore oil and gas exploration and production methods were found to be increasingly reliant on remotely connected operational technology critical to safety, leaving them vulnerable to cyberattacks. Older infrastructure was highlighted as particularly vulnerable because older OT can have fewer cybersecurity protection measures.
As demonstrated in the attack on Colonial Pipeline Co. in May 2021, the report notes that a successful cyberattack could cause physical, environmental and economic harm. The report specifically mentions that a cyberattack could result in a repeat of the 2010 Deepwater Horizon disaster, a disaster that resulted in the largest oil spill in the history of the petroleum industry.
While not holding back, GAO also noted that the Department of the Interior’s Bureau of Safety and Environmental Enforcement has long recognized the need to address cybersecurity risks but has taken few actions to address the issue. BSEE initially made efforts in 2015 and 2020 to address cybersecurity in oil and gas production but “neither results in substantial actions.” BSEE is said to have started a new initiative earlier this year but this was then paused.
“Absent the immediate development and implementation of an appropriate strategy, offshore oil and gas infrastructure will continue to remain at significant risk,” the report states. “Such a strategy would call for, among other things, an assessment of cybersecurity risks and mitigating actions; and the identification of objectives, roles, responsibilities, resources and performance measures.”
Edward Liebig, global director of cyber-ecosystem at information technology company Hexagon AB’s Asset Lifecycle Intelligence division, told SiliconANGLE that the report claims that the severity of these impacts could be mitigated by onsite manual controls that can override automated systems. But he said that a shutdown’may not be immediate or simple to execute.
“There are residual actions such as purging pipelines, pressures and systems that need to take place to truly ‘stop’ a process,” Liebig explained. “There remains a real and present physical, ecological and supply chain danger whenever a ‘shutdown’ command is performed. By the time a cyber attack manifests into a ‘detectable event,’ it is too late in the attack cycle to ‘start to react.’”
Liebig added that “system failures that are an indication of attack come well after malware or command and control has taken root” and that “short of a full plant shutdown, stopping processes is like playing ‘Whac-A-Mole’ to keep in front of potentially serious consequences.”
Click here to join the free and open Startup Showcase event.
We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.
Click here to join the free and open Startup Showcase event.
New Black Basta ransomware campaign is actively targeting US companies
Why a recession is great for companies with high cloud computing bills
Report warns of urgent need to address cybersecurity in offshore oil and gas infrastructure
VMware’s earnings and revenue fall short of Wall Street’s expectations
Autodesk shares drop on lower-than-expected outlook
HP to cut 10% of its staff in wake of PC market slowdown
New Black Basta ransomware campaign is actively targeting US companies
SECURITY – BY DUNCAN RILEY . 39 MINS AGO
Why a recession is great for companies with high cloud computing bills
CLOUD – BY GUEST AUTHOR . 2 HOURS AGO
Report warns of urgent need to address cybersecurity in offshore oil and gas infrastructure
SECURITY – BY DUNCAN RILEY . 5 HOURS AGO
VMware’s earnings and revenue fall short of Wall Street’s expectations
CLOUD – BY MIKE WHEATLEY . 5 HOURS AGO
Autodesk shares drop on lower-than-expected outlook
CLOUD – BY DUNCAN RILEY . 6 HOURS AGO
HP to cut 10% of its staff in wake of PC market slowdown
INFRA – BY MIKE WHEATLEY . 6 HOURS AGO
Forgot Password?
Like Free Content? Subscribe to follow.

source


CyberTelugu

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top

Adblock Detected

Please consider supporting us by disabling your ad blocker

Refresh Page