US offshore oil and gas infrastructure at ‘significant risk’ from cyber attacks, report claims

A US Government Accountability Office (GAO) review found “significant and increasing cybersecurity risks” to the nation’s network of more than 1,600 offshore facilities, which rely on technology to remotely monitor and control equipment.

The GAO warned the US Department of the Interior (DOI) to take immediate action to address the “significant risk” that cybersecurity threats posed to offshore oil and gas infrastructure in the US.

Officials told the GAO that a successful cyber attack could have an impact on a level seen after the 2010 Deepwater Horizon disaster.

The DOI’s Bureau of Safety and Environmental Enforcement (BSEE) is responsible for overseeing offshore infrastructure, and it has long recognized the need to address cybersecurity risks. However, in the labyrinthine world of US governmental departments, responsibilities and budget allocation, few tangible steps have been taken to address the issue. The BSEE initiated efforts to address cybersecurity risks in 2015 and 2020, but the GAO said that neither of these resulted in substantial action. A third initiative was undertaken earlier this year, which included hiring a cybersecurity expert, but once again nothing has really happened as a result.

The GAO warned that “absent the immediate development and implementation of an appropriate strategy, offshore oil and gas infrastructure will continue to remain at significant risk. Such a strategy would call for, among other things, an assessment of cybersecurity risks and mitigating actions; and the identification of objectives, roles, responsibilities, resources, and performance measures.”

The GAO has recommended that the BSEE immediately develop and implement a strategy to address offshore infrastructure risks.

“Such a strategy should include an assessment and mitigation of risks; and identify objectives, roles, responsibilities, resources, and performance measures, among other things,” the GAO said, noting that the DOI generally agreed with its findings and recommendation.