U.S. offshore oil and gasoline infrastructure faces “significant and increasing” cybersecurity dangers that require “urgent” consideration, a U.S. authorities’s watchdog has warned.
The Government Accountability Office stated in a brand new report that the community of over 1,600 offshore amenities that produces a good portion of U.S. home oil and gasoline are at a rising danger of cyberattacks. The warning comes greater than a yr after ransomware actors focused Colonial Pipeline, bringing the U.S. oil pipeline system relied on by hundreds of thousands of Americans to a standstill.
The watchdog warned that not solely has the federal government recognized the offshore oil and gasoline sector as a goal of malicious state actors, notably these backed by China, Iran, North Korea, and Russia, however stated operational expertise (OT) — usually utilized by these amenities to watch and management bodily tools — accommodates a number of safety flaws that might permit attackers to remotely take management of assorted capabilities, together with as these important to security.
U.S. cybersecurity company CISA has launched a number of advisories about OT vulnerabilities this yr alone, detailing points like weak encryption and insecure firmware updates, and urged impacted customers to determine baseline mitigations for lowering potential dangers.
The GAO famous in its new report that legacy OT infrastructure nonetheless in use at many amenities can be weak on account of a scarcity of each built-in cybersecurity measures and software program safety patches. The report notes that older units “do not have the capability to log commands sent to the devices, making it more difficult to detect malicious activity.”
The U.S. watchdog is looking on the Department of the Interior’s Bureau of Safety and Environmental Enforcement (BSEE), which oversees offshore oil and gasoline operations, to deal with these rising safety dangers. It says that the company had initiated efforts to deal with these cybersecurity dangers way back to 2015, however has but to take any “substantial” motion virtually a decade later.
The GAO notes that the BSEE began one other such initiative earlier this yr and employed a cybersecurity specialist to guide it, however the company later stated the trouble was placed on maintain till the specialist is “adequately versed in the relevant issues.”
“Absent the immediate development and implementation of an appropriate strategy, offshore oil and gas infrastructure will continue to remain at significant risk,” the GAO stated, noting {that a} profitable cyberattack on offshore oil and gasoline infrastructure may have catastrophic penalties, together with “deaths and injuries, damaged or destroyed equipment, and pollution to the marine environment.”
The U.S. watchdog is urging the BSEE to urgently develop and implement a cybersecurity technique that features danger assessments, aims, actions, and efficiency measures; roles, obligations, and coordination; and the identification of required assets and investments.
BSEE “generally concurred” with the report and its suggestions. TechCrunch contacted BSEE for remark however didn’t hear again.