offshore spar

File Photo: Harris Hamdan / Shutterstock

U.S. Offshore Oil and Gas Infrastructure at ‘Significant Risk’ from Cyber Attacks -Report

Mike Schuler
Total Views: 1438
November 18, 2022

The U.S. Department of the Interior has been told to take immediate action to address the “significant risk” that cybersecurity threats pose to critical offshore oil and gas infrastructure in the United States.

A Government Accountability Office review found “significant and increasing cybersecurity risks” to the nation’s network of more than 1,600 offshore facilities, which rely on technology to remotely monitor and control equipment.

A cyber attack on these facilities could cause significant environmental and physical harm, not to mention economic impacts from the disruption of oil and gas production. Officials told the GAO that a successful cyber attack could even potentially resemble the effects of 2010 Deepwater Horizon disaster.

While the DOI’s Bureau of Safety and Environmental Enforcement (BSEE), which is responsible for overseeing offshore infrastructure, has long recognized the need to address cybersecurity risks, few steps have been taken to address the issue. The BSEE initiated efforts to address cybersecurity risks in 2015 and 2020, but neither resulted in substantial action, according to the GAO. Another initiative to undertaken earlier this year, which included hiring a cybersecurity expert, also has yet to yield any results.

“Absent the immediate development and implementation of an appropriate strategy, offshore oil and gas infrastructure will continue to remain at significant risk,” the GAO said. “Such a strategy would call for, among other things, an assessment of cybersecurity risks and mitigating actions; and the identification of objectives, roles, responsibilities, resources, and performance measures.”

The GAO is recommending that the BSEE immediately develop and implement a strategy to address offshore infrastructure risks.

“Such a strategy should include an assessment and mitigation of risks; and identify objectives, roles, responsibilities, resources, and performance measures, among other things,” the GAO said.

The GAO report notes that the DOI generally agreed with its findings and recommendation.

Back to Main