Working on an offshore oil rig can be dangerous, exhilarating, profitable, fun, exhausting, and yes, sometimes even boring. It's the boring part that has oil executives and IT departments concerned.
According to a report released earlier this year, malicious software (malware) unintentionally downloaded by some offshore oil workers during their downtime has disabled computer networks on some rigs and platforms, revealing gaps in security which could pose severe risks to both people and the environment, not to mention compromising the financial and product security of the individual rigs.
According to industry experts, a worst-case scenario could theoretically end up as catastrophic. An out-of-order rig and accompanying safety systems could very easily cause a well blowout, explosion, oil spill and lost lives.
To fully understand how something like this can (and does) happen, let's take a look at potential openings for such a thing to occur.
First, most populated rigs and platforms, certainly the ones where personnel are stationed there for months at a time, have satellite systems which allow the onboard personnel to have internet access so they can Skype with their families, check email, sports scores, and pretty much everything that we all do when we're online.
Secondly, most often, the satellite lines are secure from the potential of downloaded malware thanks to firewalls and company "blocks" of certain websites. But in many cases, the workers will bring their own laptops onboard and connect with the satellite system. In these cases, if the user has downloaded malware (intentionally or not) while they were at home, that infected software can very easily make its way into the onboard systems.
And if a hacker happened to be aware of who was working on a rig, it doesn't take a rocket scientist to figure out how to hack the system. In the instances referred to in the recently released report, some of the infected files – from online sources featuring pornography or music piracy, for example – were downloaded directly through the satellite connections. But other malware was brought aboard on laptops and USB drives that were infected on land.
So far, everyone has been pretty lucky. While malware has been found on numerous rigs, and even has caused systems to lock up or go offline, there has not yet been a malicious attack which compromised safety. The operative word there is yet.
Rig operators and oil companies can make great strides toward guarding their networks by making sure software is up-to-date, and also by implementing additional cybersecurity processes. But the truth is that many companies have been reluctant to spend the bucks involved in doing that, and as a result, they are still vulnerable to the possibility of a targeted attack.
As was proven recently on a rig in the Gulf of Mexico, networks don't even have to be connected to onshore locations to cause problems. Just this year, an infected device was connected to an isolated network and the malware spread causing the entire rig-based system to lock up.
A typical malware infection on a rig or platform would more than likely cause no serious long-term problems. It's generally more of a headache for the IT department, and of course, a loss of production time for the workers. But an attack which has been carefully designed to target a specific rig through the use of widely distributed malware, could have dangerous repercussions.
And it's not out of the realm of possibility. So what's the solution?
Well, for starters, companies need to accept the fact that cybersecurity is as much a part of doing business as benefits packages and office furniture. As a Department of Homeland Security update said earlier this year, 40 percent of the intentional cyberattacks last year targeted the energy industry. It's time for companies to start making the investment in cybersecurity before they don't have the rigs for workers to get bored on.
Posts
No comments:
Post a Comment