As we continue in Infrastructure Security Month, we’re sharing a recent report from the U.S. Government Accountability Office (GAO), which highlights that a cyber-attack on offshore facilities could cause physical, environmental, and economic harm to the U.S. This report also provides recommendations for executive action as they seek a strategy to address cybersecurity risks to oil and gas infrastructure.
The report includes the following findings from the GAO:
Offshore oil and gas infrastructure faces significant and increasing cybersecurity risks in the form of threat actors, vulnerabilities, and potential impacts.
Threat actors: State actors, cybercriminals, and others could potentially conduct cyberattacks against offshore oil and gas infrastructure. The federal government has identified the oil and gas sector as a target of malicious state actors.
Vulnerabilities: Modern exploration and production methods are increasingly reliant on remotely connected operational technology—often critical to safety—that is vulnerable to cyberattack. Older infrastructure is also vulnerable because its operational technology can have fewer cybersecurity protection measures.
Potential impacts: A successful cyberattack on offshore oil and gas infrastructure could cause physical, environmental, and economic harm, according to federal officials. For example, officials said that the effects of a cyberattack could resemble those that occurred in the 2010 Deepwater Horizon disaster. Disruptions to oil and gas production or transmission could also affect energy supplies and markets.
The full report can be found here.