The Department of the Interior – which is responsible for overseeing the infrastructure of offshore domestic oil and gas facilities – must immediately develop and implement a cybersecurity strategy to protect these facilities against growing threats, the Government Accountability Office (GAO) said in a new report.
In response to the GAO report, the Interior Department said it will start to take action on creating the needed security strategy.
More than 1,600 offshore oil and gas facilities produce significant domestic oil and gas for the United States. However, “these facilities, which rely on technology to remotely monitor and control equipment, face a growing risk of cyberattacks,” GAO said.
“A cyberattack on these facilities could cause physical, environmental, and economic harm,” the government watchdog agency warned. Successful cyberattacks also could disrupt oil and gas production and transmission and impact domestic supplies and markets, GAO said.
The Interior Department’s Bureau of Safety and Environmental Enforcement (BSEE) has long recognized the need to address these cybersecurity risks, but it has taken few actions on the matter, the report says.
GAO found that in “2015 and 2020, BSEE initiated efforts to address cybersecurity risks, but neither resulted in substantial action.”
Then, earlier this year, BSEE again started another similar cyber initiative and hired a cybersecurity specialist to lead it. However, the agency paused the effort until the specialist is “adequately versed in the relevant issues,” GAO reported.
The lack of an appropriate cybersecurity strategy puts the infrastructure of offshore oil and gas facilities at significant risk. According to GAO, a cybersecurity strategy would require an assessment of cybersecurity risks and mitigating actions and the identification of objectives, roles, responsibilities, resources, and performance measures.