The US Government Accountability Office (GAO) recently released a report that stresses that offshore oil and gas infrastructure faces significant cybersecurity risks. The report urges the Department of Interior to address the security risks immediately. The offshore oil and gas infrastructure consists of more than 1,600 facilities and is split between exploitation and drilling and midstream. The GAO states that cybersecurity risks to these facilities are increasing as threat actors continue to hone their skills and attack methods and new vulnerabilities are discovered.
The GAO states that threat actors have been observed launching cyberattacks against offshore critical infrastructure and will likely continue this trend. Additionally, China, Iran, North Korea, and Russia are identified as posing the largest cyber threat. Furthermore, the offshore oil and gas infrastructure relies on remotely connected operational technology. These systems were formerly isolated from the internet, however, they are not frequently connected. This means that they are more exposed to attacks that originate in business IT systems.