Analysis by Sydney Casey
It is no secret that cybersecurity is a rapidly growing concern. A recent report from the U.S. Government Accountability Office (GAO) claimed that the 1,600 offshore drilling facilities responsible for 15% of American crude oil production are at risk for cyberattacks, which could cause “significant and potentially catastrophic damage.” These cyberattacks could materialize as threat actors, vulnerabilities, and potential impacts. So, what would an attack look like, and what does that mean for fleets reliant on fuel to stay running?
The question posed is not if, but when a cyberattack on an offshore production site will occur. Not only could it cause supply shortages and affect the oil markets at large, but even more catastrophic would be the environmental and economic losses. The report warns that a cyberattack could bring consequences such as the 2010 Deepwater Horizon leak, which caused 11 deaths, the spill of 4.9 million barrels of oil, and severe ecological damage. Imagine that happening across numerous oil rigs or pipelines – the impacts could be catastrophic.
More and more offshore sites are being controlled remotely with technology. Property damage, lost revenue, reduced safety, and lack of control are just some of the potential consequences. The bottom line is that while it seems unlikely, with the increase in technology and reliance on the internet for everyday tasks, there is no way to rule out the possibility of such an incident occurring.
Unfortunately, the oil and gas sector has been identified as a target for threat actors. Simply put, a threat actor is an attacker such as a nation, criminal group, or hacker with malicious intent to compromise security or data. These threat actors could bring about environmental damage and potential loss of life. Chinese, Russian, and Iranian cyber threat actors have previously targeted the U.S. energy sector— including oil and gas companies—through attacks on critical infrastructure sectors such as utilities or industrial control systems.
Because offshore sites rely heavily on technology for their operations, they are particularly vulnerable to cybersecurity breaches. If the technology is not up to date with the latest protection measures, they are even more susceptible to a threat. Attackers may attempt to exploit vulnerabilities through “spear phishing” emails, direct access to operational technology systems, or obtaining access to a private network. In addition, there is a risk that cybercriminals could gain access to industrial control systems and manipulate or disrupt them. For example, they may cause an explosion at a gas pipeline or damage equipment in an oil refinery.
What does this mean for you?
The cyberattack on the Colonial Pipeline in 2021 shows that an attack can come at any time. Federal agencies have not developed or deployed any official strategies to mitigate offshore cybersecurity concerns; however, they are formalizing relationships with pertinent entities to address these controversies. Although there’s no immediate concern or reason to panic, fleets should be prepared for supply disruptions.
The good news is that US fuel markets are resilient. An attack on offshore oil rigs would disrupt supplies, but markets have enough inventories to cover any short-term outage. Of course, a prolonged outage could mean a market deficit, which would cause crude oil prices (and therefore fuel prices) to rise.
So how can you prepare? Visit Mansfield’s Emergency Fuel Response page for resources on preparing your company for a market disruption. It’s always better to plan ahead rather than being caught off-guard after a cyberattack starts. Check out the program options, and tune into Mansfield’s webinar with best practices for fuel supply continuity.