A new report shows an increased risk to offshore natural gas and oil from cybercriminals and state actors.

According to the U.S. Government Accountability Office (GAO) report, the federal government identified the oil and gas sector as one of the targets of the malicious state actors since exploration and production (E&P) operations majorly rely on remote operations technology, which is vulnerable to cyberattacks.

According to the report, the potential impact of cyberattacks on oil and gas infrastructure could be similar to the 2010 Deepwater Horizon disaster. GAO researchers said that disruption to oil and gas production or transmission could change the state of energy supplies and markets.

In 2010, B.P. plc's Deepwater Macondo well explosion left 10 people dead, destroyed the Deepwater Horizon drilling rig, and led to the largest oil spill in U.S. history. An extensive investigation by B.P. and federal officials discovered that Macondo's blowout preventer failed, causing safety lapses.

However, little has been done to address the growing cybersecurity risk in the energy industry, despite the Department of the Interior's Bureau of Safety and Environmental Enforcement (BSEE) emphasizing the need to address the cybersecurity risks.

In 2015 and 2020, BSEE's efforts to address cybersecurity resulted in no substantial action. In early 2022, BSEE hired a cybersecurity specialist for a new initiative, but bureau officials said the initiative was paused until the specialist was well aware of relevant issues.

 "Absent the immediate development, and implementation of an appropriate strategy, offshore oil and gas infrastructure will continue to remain at significant risk," said GAO researchers.

Colonial Pipeline Co.'s servers ransomware attack by members of the DarkSide hacker group on May 7, 2021, underpins the vulnerability of energy infrastructures. The attack led to an unprecedented shutdown of the 5,500-mile pipeline, which supplies about 45% of gasoline, diesel, and jet fuel to the U.S.'s East Cost.

The attack cost Colonial Pipeline a ransom of about $5 million (75 bitcoin) in untraceable cryptocurrency, a decrypting tool used to restore the company's I.T. network. A month later (June 7, 2021), the U.S.

Department of Justice announced it had recovered (63.7 bitcoins), more than half of the ransom payment.
"GAO is making one recommendation: BSEE should immediately develop and implement a strategy to address offshore infrastructure risks. Such a strategy should include an assessment and mitigation of risks; and identify objectives, roles, responsibilities, resources, and performance measures, among other things.

In an email, we were informed that Interior generally concurred with our findings and recommendation," the researchers said.