"Watchdog: Agency Overseeing Cybersecurity for Offshore Energy Falling Short"

According to a recent report from the Government Accountability Office (GAO), the federal enforcement office that oversees more than 1,600 offshore oil and gas facilities has done little to address growing cybersecurity risks. GAO highlighted that the Department of Interior's Bureau of Safety and Environmental Enforcement (BSEE) has taken "few actions" to address cybersecurity risks since the agency first planned to address the issue in 2015, despite the fact that an attack on an offshore oil and gas rig could be disastrous. According to Chris Grove, director of cybersecurity strategy at Nozomi Networks, a company that works with offshore oil and gas rigs, there could be serious consequences if an offshore oil rig does not operate as intended. Any type of assistance during an incident can be difficult when a facility is miles from land in the ocean, according to Grove, who cites the 2010 BP Deepwater Horizon oil pipeline collapse as an example of a worst-case scenario. GAO also stated that a worst-case scenario could be fatal. These can include deaths and injuries, damaged or destroyed equipment, and pollution of the marine environment, according to BSEE incident investigation documentation. However, in the worst-case Operational Technology (OT) failure scenario, all of these impacts can occur at the same time and on a large scale. BSEE planned to address cybersecurity risks in 2015 and again in October 2020, but no action was taken. According to GAO, in the fiscal year 2023 budget justification, BSEE proposed developing a foundational cybersecurity capability to collaborate with the industry. BSEE hired a cybersecurity specialist to work on the issue in May, but the agency told GAO that the program's development is on hold until that individual is thoroughly familiar with the relevant issues and entities. The GAO says that the OT used to manage those systems are often found to run on legacy systems increasingly connected to the Internet, increasing the potential for cyberattacks. The watchdog recommended that BSEE develop and implement an immediate strategy to address offshore infrastructure risks. This article continues to discuss GAO's warning on cybersecurity for US offshore energy platforms.

CyberScoop reports "Watchdog: Agency Overseeing Cybersecurity for Offshore Energy Falling Short"