In a report released in late October 2022, the Government Accountability Office (GAO), the audit, evaluation and investigation arm of the U.S. Congress, points to the obsolescence of many of the software systems that control the nation’s 1,600 offshore oil and gas platforms, as well as the associated transportation infrastructure.
In addition, in March 2022, the U.S. Secret Service identified a list of countries attempting to take advantage of these vulnerabilities: China, Iran, North Korea, and Russia.
Federal experts warn about the size of the potential attack surface of these critical infrastructures, which can be explained by their relatively recent interconnections to digital networks (including the Internet), as well as the weakness of their cyber defense by design. But also because their operators do not sufficiently take into account the cyber risk.
The GAO is also concerned about the lack of cyber investment by these operators. This is despite repeated federal recommendations to improve the cybersecurity of these infrastructures: modernizing control software, adopting new cyber protection tools and recruiting cyber specialists.