Offshore Oil and Gas Assets Face Increasing Cyber Risk

Offshore oil and gas infrastructure faces significant and increasing cybersecurity risks in the form of threat actors, vulnerabilities, and potential impacts, the U.S. Government Accountability Office (GAO) announced in a study publicly released late last week.

“Modern exploration and production methods are increasingly reliant on remotely connected operational technology, often critical to safety, that is vulnerable to cyberattack,” GAO noted in the study, adding that older infrastructure is also vulnerable “because its operational technology can have fewer cybersecurity protection measures”.

GAO warned in the study that, according to federal officials, a successful cyberattack on offshore oil and gas infrastructure could cause physical, environmental, and economic harm.

“For example, officials said that the effects of a cyberattack could resemble those that occurred in the 2010 Deepwater Horizon disaster,” GAO noted.

“Disruptions to oil and gas production or transmission could also affect energy supplies and markets,” GAO added.

GAO made one recommendation in the study - that the Bureau of Safety and Environmental Enforcement (BSEE) should immediately develop and implement a strategy to address offshore infrastructure risks.

“Such a strategy should include an assessment and mitigation of risks; and identify objectives, roles, responsibilities, resources, and performance measures, among other things,” GAO said in the study.

“In an email, we were informed that Interior generally concurred with our findings and recommendation,” GAO added.

Rigzone has asked the BSEE for comment on GAO’s recent oil and gas cybersecurity study. At the time of writing, the BSEE has not yet responded to Rigzone.

GAO, which highlighted that it was asked to review the cybersecurity of offshore oil and gas infrastructure, noted that its report examined the cybersecurity risks facing offshore oil and gas infrastructure and the extent to which BSEE has addressed them.

GAO revealed it reviewed relevant federal and industry reports on offshore oil and gas cybersecurity risks and analyzed relevant BSEE documentation, as well as interviewing officials from agencies with offshore and cybersecurity responsibilities. It also obtained the perspectives of nonfederal stakeholders representing the offshore oil and gas industry, according to its study.

GAO describes itself as an independent, non-partisan agency that works for Congress. The organization examines how taxpayer dollars are spent and provides Congress and federal agencies with objective, non-partisan, fact-based information to help the government save money and work more efficiently, GAO’s site notes.

The mission of the BSEE is to promote safety, protect the environment, and conserve resources offshore through vigorous regulatory oversight and enforcement, according to the BSEE’s website. The three BSEE OCS regions comprise Alaska, Pacific and Gulf of Mexico. The Gulf of Mexico OCS Region is a major focus of the oil and gas industry, BSEE’s site highlights, adding that this oversees nearly 2,000 facilities and about ​13,135 miles of active pipeline in the Gulf of Mexico.

To contact the author, email andreas.exarheas@rigzone.com