Are Cyber Attacks a Growing Threat to Oil and Gas Vessels?
Maritime cybersecurity risk is increasing globally, Aaron Roth, principal and head of federal strategy at security risk management company the Chertoff Group, and Adam Isles, the company’s head of cybersecurity, told Rigzone in a joint statement.
“Regarding the threat, we have seen the landscape worsen considerably,” the Chertoff Group heads said.
“In terms of vulnerability, maritime oil and gas infrastructure is plagued with aging IT infrastructure, and organizations often lack controls to minimize vulnerabilities in networks, operating systems, processes, and human interactions,” they added.
“This is further complicated by vulnerabilities in even the largest of critical software providers, which are increasingly discovered and exploited by threat actors before the software providers themselves even know about them,” they continued.
“Moreover, shipboard systems are highly integrated, often automated often without security designed within the automation. Lastly, and perhaps most importantly, the oil and gas sector have both IT infrastructure and operational technology complicating the vulnerability landscape making it ripe for both cyber and physical attacks,” Roth and Isles noted.
In their statement, the Chertoff Group representatives highlighted that the global maritime transportation system moves 80 percent of the world’s cargo and that “the EIA estimates that over 60 percent of the world’s energy is transported by sea”.
“Those numbers alone are daunting in terms of potential consequence,” they warned.
“The 2021 attack on the Colonial Pipeline impacted 45 percent of the fuel supply on the east coast of the United States leading to nearly 90 percent of gas stations out of gas,” they added.
A fact sheet posted on the White House website in May 2021 noted that the Colonial Pipeline cyberattack “triggered a comprehensive federal response focused on securing critical energy supply chains”.
“The administration is focused on avoiding potential energy supply disruptions to impacted communities, the U.S. military, and other facilities reliant on gasoline, diesel, jet fuel and other refined petroleum products,” the fact sheet stated.
“The administration is continually assessing the pipeline shutdown’s impact on the U.S. fuel supply, as well as what additional actions are available to mitigate the impact of the pipeline’s shutdown,” it added.
Substantial Increase
Corey Ranslem, the CEO of maritime intelligence company Dryad Global, said Dryad believes cyber attacks on both vessels and floating infrastructure are going to continue to increase substantially in the coming months and years.
“We’ve seen sporadic attacks on vessels and infrastructure including GPS spoofing,” Ranslem told Rigzone.
“Cyber attacks in the future on maritime infrastructure will precede physical attacks,” he added.
The maritime industry as a whole is about 10-15 years behind the rest of the world when it comes to cybersecurity protection, according to Ranslem.
“There are very few companies that understand the dynamics of protecting a vessel as the requirements are much different than a shore based entity,” he said.
“This threat is not only on oil and gas vessels, but other vessels as well,” he added.
According to NAVCEN, on April 12, 2024, the U.S.-flagged container ship APL Eagle reported a possible cyber security attack in the northern Persian Gulf, Dryad noted in a maritime security threat advisory (MSTA) published on April 15.
“The vessel encountered an erratic track line on the chart display, which appeared to try to steer the vessel off course,” Dryad stated in the MSTA.
“The interference lasted a few minutes and then returned to normal. The vessel reported a similar incident a few months ago in the same area,” it added.
“GPS jamming and spoofing pose serious threats to navigation safety, and the risks have increased as a result of regional conflicts and military operations,” it continued.
To contact the author, email andreas.exarheas@rigzone.com
What do you think? We’d love to hear from you, join the conversation on the
Rigzone Energy Network.
The Rigzone Energy Network is a new social experience created for you and all energy professionals to Speak Up about our industry, share knowledge, connect with peers and industry insiders and engage in a professional community that will empower your career in energy.