Washington is concerned about the exposure of the energy sector to cyber risks

Ten years after in February 2013, President Obama asked the leaders of critical infrastructures, in particular in the gas and oil sectors, to implement procedures to protect against cyberattacks, legislative branch of the US federal government points to vulnerabilities that weaken all information systems offshore energy infrastructure with economic, financial as well as environmental risks.

Software obsolescence

In a report published in October 2022, the Government Accountability Office (GOA) denounces the obsolescence of many of the programs that underpin the operation of some 1,600 offshore installations for gas and oil production/drilling and infrastructure management. y transportation of these hydrocarbons. An investigation by a United States agency led to the characterization of cyberattacks specifically targeting this equipment. The speakers refer to the work of the US intelligence services, which in a March 2022 note even set a list of countries from which cyber threats in this area will come: China, Iran, North Korea and Russia.

The late interconnection of industrial production systems in this sector, their recent connection to relatively open networks such as the Internet, and the gradual consideration of cybersecurity in terms of operational technologies partly explain the global nature of the attack surface assumed by federal experts.

A boon for cybercriminals

In 2021, government auditors found in a GAO white paper that the U.S. Department of Homeland Security (DHS) Bureau of Security and Environment (BSEE), which oversees offshore oil and gas operations, has taken steps to mitigate these cybersecurity risks. but “has not yet taken significant action”.

A conclusion shared by many companies in the industrial sector that must deploy security appliances that can accommodate the combination of several generations of software packages, some of which are often no longer supported by their publishers. While they continue to work without special security measures. A godsend for hackers who have fertile ground for intrusion operations.

A situation that occurs far beyond the geography under the administrative control of the GAO. And therefore, in the vast majority of subjects, they are actively working in this energy market. And not only at sea.

Nicholas Arpagiandirector of cybersecurity strategy at Trend Micro.

Author, Observatory Publications (2022).

Expert opinions are published under the full responsibility of their authors and in no way involve the editors.

Selected for you

GDPR: EDF fined €600,000 by Cnil

Back to top button

Adblock Detected

Please consider supporting us by disabling your ad blocker.