US offshore oil and gas platforms at ‘significant’ risk of cyberattacks, government watchdog warns • CableFree TV

The US offshore oil and gas infrastructure faces “significant and growing” cybersecurity risks that require “urgent” attention, the US government’s oversight body has warned.

This is stated in the message of the Accounts Chamber of the Government. new report that the network of more than 1,600 offshore facilities that produce a significant portion of US oil and gas is at increasing risk of cyberattacks. The warning comes more than a year after ransomware attackers targeted colonial pipelinewhich brought to a halt the US oil pipeline system that millions of Americans rely on.

The watchdog warned that the government has not only identified the offshore oil and gas sector as a target of malicious state actors, especially those backed by China, Iran, North Korea and Russia, but also said that the operational technologies (OT) often used by these monitoring tools and control of physical equipment – contains many security flaws that can allow attackers to remotely gain control over various functions, including security-critical ones.

The US Cybersecurity Agency CISA published some advice about OT vulnerabilities this year alone, detailing issues such as weak encryption and insecure firmware updates, and urging affected users to identify basic mitigation measures.

In its new report, the GAO noted that the legacy OT infrastructure that is still in use at many sites is also vulnerable due to a lack of both built-in cyber security measures and software security patches. The report notes that older devices “do not have the ability to log commands sent to devices, making it difficult to detect malicious activity.”

The US watchdog is calling on the Department of the Interior’s Bureau of Safety and Environmental Protection (BSEE), which oversees offshore oil and gas operations, to address these growing security risks. It says the agency initiated efforts to address these cybersecurity risks as early as 2015, but has yet to take any “substantial” action nearly a decade later.

The GAO notes that the BSEE launched another such initiative earlier this year and hired a cybersecurity specialist to lead it, but the agency later said the work had been put on hold until the specialist “sufficiently understands relevant issues.”

“If an appropriate strategy is not developed and implemented immediately, offshore oil and gas infrastructure will continue to be at significant risk,” the GAO said, noting that a successful cyber attack on offshore oil and gas infrastructure could have catastrophic consequences, including “death and injury, damaged or destroyed equipment and pollution of the marine environment”.

The US watchdog urges the BSEE to urgently develop and implement a cybersecurity strategy that includes a risk assessment, goals, actions, and performance indicators; roles, responsibilities and coordination; and determining the required resources and investments.

The BSEE “generally agreed” with the report and its recommendations. TechCrunch contacted BSEE for comment but received no response.

By Peter Kavinsky

Peter Kavinsky is the Executive Editor at