Offshore oil and gas rigs are at significant risk of cyberattacks, according to a new report Government Accountability Office.
A network of 1,600 offshore oil and gas rigs provides much of the country’s energy.
“Cyber attacks on these facilities could cause physical, environmental, and economic damage. Disruptions to oil and gas production and transmission could affect supply and markets,” the report reads.
The report found significant security gaps in the operational technology (OT) that rigs use to monitor and control their machines, potentially allowing cybercriminals to remotely control their machines.
The report focused on legacy OT equipment used on many rigs, noting that a lack of software updates left them unprepared for cyberattacks.
“Some legacy devices do not have the ability to log commands sent to the device, making it more difficult to detect malicious activity,” the report reads. “Additionally, older legacy systems often rely on unsupported operating systems that no longer receive modern software security patches to address vulnerabilities.”
SEE ALSO: China vastly outpaces U.S. in increasingly belligerent cyber shootout
This highThe report calls for the Department of the Interior’s Bureau of Security and Environmental Enforcement to step up efforts to maintain the security of the U.S. offshore energy network.
“Since recognizing the need for action in 2015, the scale and scope of cybersecurity risks has grown, driving the bureau to respond with greater urgency,” the report concluded. “However, BSEE has struggled to address offshore oil and gas infrastructure cybersecurity risk, and until recently steps were taken to launch a new program.”
This high The Bureau is encouraged to develop a cybersecurity policy that includes “(1) risk assessment, (2) objectives, activities, and performance measures, (3) roles, responsibilities, and coordination, and (4) identification of required resources and investments. “
The report comes a year after the Colonial Pipeline, an offshore oil rig in the United States, suffered the largest cyber attack yet. The ransomware attack shut down the pipeline, a system that originated in Houston and provides energy to millions of Americans, to contain the attack.