Digitalization, Remote Monitoring Makes Offshore Drilling Rigs More Vulnerable to Cyber Attacks

Thursday, August 26, 2021
Credit: Naval Dome

Digitalization and remote monitoring have in the past years been hailed as the next big thing in the offshore oil and gas industry. However, these advancements have made offshore drilling rigs more vulnerable to cyber-attacks, potentially resulting in serious process safety incidents, a report by Naval Dome has shown.

Cyber defense firm Naval Dome said Thursday it had, together with an offshore division of an unnamed supermajor, completed a joint project to identify and mitigate cyber risks common to offshore deepwater drilling rigs.

The findings of the two-year investigation show that the minimum industry guidelines, regulations, and security techniques are out of pace with current platform technology, connectivity requirements, and cyber-attack tactics.

Adam Rizika, Head of Strategy, Naval Dome, said: “Where systems installed on offshore platforms had traditionally been isolated and unconnected, limiting cyber hack success, the increase in remote monitoring and autonomous control, IOT and digitalization has made rigs much more susceptible to attack.”

USB stick

Rizika explained how the test rigs' operation technology networks were breached using a software installation file for dynamic positioning (DP) and workstation charts. 

Naval Dome simulated an OEM service technician unwittingly using a USB stick with malicious software containing three zero-day exploits.

According to Kaspersky, "Zero-day" is a term used to describe newly found security flaws that hackers can exploit to attack systems, before developers have a chance to address the flaw.

Describing the cyber attack test on an offshore rig using a USB stick loaded with malicious software, Rizika said: "The modified file was packaged in a way that looked and acted like the original one and passed anti-virus scanning without being identified as a cyberattack or picked up by the installed cyber network traffic monitoring system."

Although the attack was carried out internally, Rizika said that remote execution was feasible using the rig’s externally facing network connections.

“Penetration testing confirmed how a targeted cyberattack on a deepwater drilling rig could result in a serious process safety incident, with associated financial and reputational impact,” he said.

According to Naval Dome, the tests have confirmed that traditional, “perimeter type” IT transplanted OT cyber security solutions, such as anti-virus, network monitoring, and firewalls, are not enough to protect critical safety and processing equipment from attack, leaving rigs vulnerable.

“It is abundantly clear that more advanced purpose-built solutions are needed to better protect an offshore platform from exposure to external and internal cyber attacks, whether targeted or otherwise,” reported Rizika.

The investigation found that there is a shortage of OT cyber domain skilled staff, and that regulation and controls that are slow to evolve and be implemented, an IT-centric approached being applied to an OT environment, with a mismatch between drilling rig systems and equipment and their supporting software.

Findings from the two-year project resulted in the oil major installing Naval Dome’s Endpoint cyber defense system aboard drilling rigs in the Gulf of Mexico.

Categories: Technology Drilling Activity Rigs Digitalization

Related Stories

COSLInnovator Rig Cleared for Two-Well Drilling Op in North Sea

COSLInnovator Rig Cleared for Two-Well Drilling Op in North Sea

Northern Ocean’s DeepSea Mira Semi-Sub Gets Drilling Job off Namibia

Northern Ocean’s DeepSea Mira Semi-Sub Gets Drilling Job off Namibia

Vår Energi, TechnipFMC to Fast-Track Development of North Sea O&G Fields

Current News

Lloyd's Register Study Identifies Hidden Fatigue Risks in Offshore Wind Tech

Ventyr Enlists DNV to Certify Norway’s First Offshore Wind Farm

Australian Engineering Firm Gets Work on Shell’s Crux Gas Platform

Clean Power Starts Flowing from China’s Furthermost Offshore Wind Project

Subscribe for OE Digital E‑News

Offshore Engineer Magazine