Hackers Could Cause Next Deepwater Horizon-Level Disaster

Molly Taft

November 23, 2022 at 1:45 PM·3 min read

The Deepwater Horizon platform burns on April 21, 2010.

The network of offshore oil and gas facilities in the U.S. is at serious and increasing risk of a potentially devastating cyberattack, a government watchdog says. The Government Accountability Office (GAO) released a new report last week finding that if a cyberattack successfully hits the nation’s offshore infrastructure, it could cause a catastrophe with impacts similar to those of the Deepwater Horizon disaster.

According to the GAO, there are currently more than 1,600 structures on the outer continental shelves involved in oil and gas production dotting the Atlantic, Pacific, and Alaskan coasts, as well as the Gulf of Mexico. Those structures are overwhelmingly reliant on operational technology that is controlled remotely. These systems, the GAO found, are particularly vulnerable to being hacked or otherwise breached by bad-faith actors, especially older systems that have fewer security measures in place. What’s more, previous government efforts to beef up the industry’s cybersecurity have resulted in little action.

“Absent the immediate development and implementation of an appropriate strategy, offshore oil and gas infrastructure will continue to remain at significant risk,” the GAO stated in the report.

Last year, the security of oil and gas infrastructure was thrown into the national spotlight after hackers with the group DarkSide breached the systems of the Colonial Pipeline, the biggest gasoline pipeline in the cUnited States. The attack prompted the pipeline to shut down for nearly a week, spurring a small gas panic on the East Coast, and was the largest breach of critical infrastructure in U.S. history. The hack was especially embarrassing given that the leak was a result of a single compromised password, and a tech audit conducted three years before the breach found that Colonial’s system could have been hacked by “an eighth-grader,” one of the auditors later told AP. The attack prompted a larger reckoning over the security of oil and gas systems—as well as the federal government’s lax attitude towards those systems.

The nation’s network of offshore oil and gas facilities and infrastructure is regulated by the Bureau of Safety and Environmental Enforcement (BSEE). In a wide-ranging review of BSEE policies, which include reviews of reports of what happened during previous operational technology failures on oil and gas facilities as well as interviews with federal employees and industry stakeholders, the GAO found that oil and gas operations are increasingly moving to remote work and “unmanned oil and gas production is becoming increasingly common.” At the same time, many operational technology systems are outdated or connect to larger business and IT systems within a company that can be accessed remotely.

Bad actors—like other nations, transnational criminal groups, or hackers—can increasingly access systems like these through the business end, the report states, and they can migrate those attacks more easily to the platforms and drilling infrastructure themselves. While the BSEE has made two efforts in 2015 and 2020 to address cybersecurity in drilling infrastructure, the report notes that “neither resulted in substantial action.”

As far as we know, there hasn’t yet been a deliberate attack on a U.S. oil and gas drilling technology network by a malicious actor, officials told the GAO. But we have seen what the failure of an operational technology system can look like—and how devastating it can be. The failure of an automatic safety system was part of the cascade of issues that led to the 2010 Deepwater Horizon explosion, the biggest oil spill in U.S. history that killed 11 people.

“Threat actors are becoming increasingly capable of carrying out attacks on critical infrastructure, including offshore oil and gas infrastructure,” the report finds. “At the same time, the infrastructure is becoming more vulnerable to attacks. More specifically, the [operational technology] in oil and gas infrastructure is increasingly vulnerable to being exploited in cyberattacks that could result in serious harm to human safety, the environment, and the economy.”

News

Life

Entertainment

Finance

Sports

New on Yahoo

Hackers Could Cause Next Deepwater Horizon-Level Disaster

Recommended Stories

2024 NFL Draft grades: Denver Broncos earn one of our lowest grades mostly due to one pick

NFL Power Rankings, draft edition: Did Patriots fix their offensive issues?

Formula 1: Miami Grand Prix sends cease and desist letter to prevent Donald Trump fundraiser during race

Does castor oil really help with hair growth? We asked the experts, and their answer may surprise you

NFL Draft grades for all 32 teams | Zero Blitz

NFL Draft: Packers fan upset with team's 1st pick, and Lions fans hilariously rubbed it in

CVS stock plunges after earnings numbers one analyst 'did not even believe'

The best RBs for 2024 fantasy football according to our experts

New details emerge in alleged gambling ring behind Shohei Ohtani-Ippei Mizuhara scandal

NBA playoffs: Luka Dončić leads Mavericks in blowout win over Clippers to take 3-2 series lead

Canelo Álvarez and Oscar De La Hoya erupt in heated exchange ahead of title bout with Jaime Munguía

NFL to allow players to wear protective Guardian Caps in games beginning with 2024 season

Wide receiver rankings for 2024 fantasy football

Ex-Florida State QB and 1999 Fiesta Bowl starter Marcus Outzen dies at 46

MLB Power Rankings: Braves move into the top spot followed by Dodgers, Phillies as injuries take a toll across the league

2024 NFL Draft grades for all 32 teams

The expanded 12-team College Football Playoff is here — and it already has problems

Columbus Crew, MLS' gold standard, does what Messi and Miami couldn't in Mexico

U.S. Congress asks F1 for formal explanation after rejecting Michael Andretti's bid to own a team

MLB odds: Elly De La Cruz on pace for historic season, and his MVP odds are dropping