Digitalization and remote monitoring have in the past years been hailed as the next big thing in the offshore oil and gas industry. However, these advancements have made offshore drilling rigs more vulnerable to cyber-attacks, potentially resulting in serious process safety incidents, a report by Naval Dome has shown.
Cyber defense firm Naval Dome said Thursday it had, together with an offshore division of an unnamed supermajor, completed a joint project to identify and mitigate cyber risks common to offshore deepwater drilling rigs.
The findings of the two-year investigation show that the minimum industry guidelines, regulations, and security techniques are out of pace with current platform technology, connectivity requirements, and cyber-attack tactics.
Adam Rizika, Head of Strategy, Naval Dome, said: “Where systems installed on offshore platforms had traditionally been isolated and unconnected, limiting cyber hack success, the increase in remote monitoring and autonomous control, IOT and digitalization has made rigs much more susceptible to attack.”
USB stick
Rizika explained how the test rigs' operation technology networks were breached using a software installation file for dynamic positioning (DP) and workstation charts.
Naval Dome simulated an OEM service technician unwittingly using a USB stick with malicious software containing three zero-day exploits.
According to Kaspersky, "Zero-day" is a term used to describe newly found security flaws that hackers can exploit to attack systems, before developers have a chance to address the flaw.
Describing the cyber attack test on an offshore rig using a USB stick loaded with malicious software, Rizika said: "The modified file was packaged in a way that looked and acted like the original one and passed anti-virus scanning without being identified as a cyberattack or picked up by the installed cyber network traffic monitoring system."
Although the attack was carried out internally, Rizika said that remote execution was feasible using the rig’s externally facing network connections.
“Penetration testing confirmed how a targeted cyberattack on a deepwater drilling rig could result in a serious process safety incident, with associated financial and reputational impact,” he said.
According to Naval Dome, the tests have confirmed that traditional, “perimeter type” IT transplanted OT cyber security solutions, such as anti-virus, network monitoring, and firewalls, are not enough to protect critical safety and processing equipment from attack, leaving rigs vulnerable.
“It is abundantly clear that more advanced purpose-built solutions are needed to better protect an offshore platform from exposure to external and internal cyber attacks, whether targeted or otherwise,” reported Rizika.
The investigation found that there is a shortage of OT cyber domain skilled staff, and that regulation and controls that are slow to evolve and be implemented, an IT-centric approached being applied to an OT environment, with a mismatch between drilling rig systems and equipment and their supporting software.
Findings from the two-year project resulted in the oil major installing Naval Dome’s Endpoint cyber defense system aboard drilling rigs in the Gulf of Mexico.