Offshore Oil and Gas demanding Cybersecurity Strategy as GAO explains! How?
New4Hackers got an amazing newsletter driven crazy by the high alerts returning from the mess that traveled along. This time GAO met a hazardous incident that went far by including a huge number of victims. As we know about marine life, they all are dependent on seawater, if anything happens to the sea, those creatures will have to suffer from the consequences of man’s wrongdoing.
Gao’s incident is related to the event that put the sea animals lives at stake. What made it like that? That happens via the system’s improper security measures. Also, you need to know that if organization lack in protecting its assets from such unwanted damages, then a lot of their resources can get at a risk. Let’s see what happened at the event.
Coast Guard Official, U.S., 2015
He mentioned a cybersecurity incident including malware that unintentionally hurt a mobile offshore drilling unit. As he was saying, malware infected the dynamic positioning system that resulted in need of skillsets to avoid an accident that was going to happen if not taken care well enough.
BSEE began a new cybersecurity initiative and employed professionals to handle it, where bureau officials told GAO – initiative would be stopped until the experts get habitual the relatable issues.
“Program has just begun and is still at a developing stage. BSEE doesn’t expect to started creating key programmatic decisions/ drafting programmatic documents. Also, policies too will have to wait by the year 2023.
GAO Actions● Government Accountability Office has already asked Department of Interior to develop and deploy cybersecurity strategy for offshore oil and gas facilities, asap. ● A significant amount of U.S. Domestic oil and gas are produces with a network of around 1,600 offshore facilities. ● Oil and Gas sectors has come in the spotlight and are being treated as malicious state actors by federal government. ● With other critical infrastructure, such offshore facilities, rely on tech to monitor and access equipment, that eventually get surrounded by risk of cyber-attacks. GAO, 2015 It observed that one of Coast Guard Officials left a statement related to cybersecurity events where malware was unintentionally shared onto a mobile offshore drilling unit. ● GAO observed on May, 2022 is that BSEE begun a new cybersecurity initiative and employed a specialist to run it. ● It further commented – “BSEE take an oath to reduce resources and lack of urgency in addressing cybersecurity risks that reflect cybersecurity’s relatively low priority within the bureau.” ● Gao mentioned in its report that BSEE started pulling efforts to find out cybersecurity risks in 2015, then again in 2020. However, neither reverted in immediate actions. ● From that time, BSEE issued 2 Safety Alerts to the sectors suggesting that operators should follow Cybersecurity and Infrastructure Security Agency (CISA) rules and regulations. Sep, 2020 BSEE alerted that CISA was aware of various loopholes allowing adversaries to take access of various OTs, like that open and close valves/ access system flow rates & pressures. ● Now GAO needs an urgent strategy that could support in other things as well such as 1) Assessment of cybersecurity risks and mitigating actions 2) Identification of objectives, roles, responsibilities, resources, and performance measures. ● It reported that it was on high-alert via email, that the interior usually concurred with the GAO’s findings & suggestions. |
Risk at Bar
UpToDate exploration and production techniques are rapidly reliable on remotely tagged operational tech (OT) that is often critical to safety and is vulnerable to cyber-attack. Previous versions were also vulnerable cuz its OT can have lesser cyber security protections measures.
An event could create physical, environmental, and economic harm. Continuous mess in production and transmission of oil & gas could affect supplies and markets. If an adversary succeeds in attacking the system it will replica the OT system events that happened earlier.
Such events could possibly cause:
- Deaths
- Injuries
- Damaged or Destroyed Equipment
- Pollution of Marine Habitat
But, if we think about the worst-case OT failure scenario, such effects can come multiple times.
E.g.
2010, the failure of the mobile offshore drilling unit Deepwater Horizon’s blowout preventer—an OT system—contributed to its explosion and sinking, as well as 11 deaths, serious injuries, and the largest marine oil spill in the history of the U.S. |
Latest Scenario
The latest report from GAO explains – Department of Interior’s BSEE has long realized the need of observing cybersecurity risks, however has started various initiatives for better implementation of ideas.
March, 2022
Due to potential & possible increased risks to U.S. infrastructure related with war in Ukraine, BSEE motivated OCS operators to enhance and customize their cybersecurity security with regular observation of guidance from CISA.
This year’s begging, in the 2023 annual budget justification, BSEE introduced a proposal for the development of foundation cybersecurity capability in the shape of an offshore cybersecurity safety threats program in order to work with the sector on reducing cybersecurity risks to OT and offshore infrastructure.
Annual Threat Assessment of the U.S. Intelligence Community, 2022
Following countries pose a great threat of cyber-attacks.
- China,
- Iran,
- North Korea,
- and Russia
As per individual concern, mentioned countries could potentially launch cyber-attacks allowing disruptive effects on critical infrastructure.
E.g.
According to the Cybersecurity and Infrastructure Agency (CISA) and the Federal Bureau of Investigation, from December 2011 to 2013, state-sponsored Chinese actors conducted a spear phishing and intrusion campaign targeting U.S. oil and gas pipeline companies. Of the 23 targeted pipeline operators, 13 were confirmed compromises. Hackers, hacktivists, and insiders also pose significant cyber threats to offshore oil and gas infrastructure. Without an appropriate strategy, this infrastructure remains at significant risk. |
As you can see, such industries are also not able to protect themselves from unwanted online threats, then a better suggestion would be to learn what is cybersecurity, and how to implement the techniques and tools to enhance security measures.
For more amazing facts & information like this, you can follow us on News4Hackers. Leave a comment if you have any queries.
Kindly read more articles:
23 Nov AIIMS Server Hijacked via Ransomware Attack Pulling Strings over Patients
Malicious Browser Extensions Steal Users’ Passwords & Cryptos which was deployed via malware