author photo
By Cam Sivesind
Mon | Nov 21, 2022 | 11:48 AM PST

The U.S. Government Accountability Office (GAO) is recommending the Department of the Interior's Bureau of Safety and Environmental Enforcement (BSEE) immediately develop and implement a strategy to address offshore oil and gas infrastructure risks.

A cyberattack on the network of more than 1,600 facilities that produce much of U.S. domestic oil and gas "could cause physical, environmental, and economic harm," according to the report. "And disruptions to oil and gas production and transmission could affect supplies and markets."

The GAO identified risks, vulnerabilities, and threats, including:

  • Threat actors: State actors, cybercriminals and others who could initiate cyberattacks against offshore oil and gas infrastructure.
  • Vulnerabilities: New production methods and modern exploration technologies have lead to more remotely connected operations; that remoteness leads to additional risk. Aging infrastructure, additionally, also puts operations at risk.
  • Potential impacts: The report identifies potential harm from an attack on oil and gas infrastructure, adding "the effects of a cyberattack could resemble those that occurred in the 2010 Deepwater Horizon disaster"; a catastrophic fire to the offshore drilling operation.

According to the report: "GAO interviewed officials from agencies with offshore and cybersecurity responsibilities. It also obtained the perspectives of nonfederal stakeholders representing the offshore oil and gas industry."

As a specific vulnerability example, an earlier SecureWorld News article reported on a separate and previous study identifying vulnerabilities in the oil and gas industry, specifically to flow computers that regulate and calculate volume and flow rates of substances such as natural gas, crude oils, and other hydrocarbon fluids.