A study conducted by a cybersecurity firm named Naval Dome has discovered that most of the drilling rigs operating in deep waters are vulnerable to cyber attacks. Naval Dome researchers found in their two-year-old study that various companies involved in oil business were mitigating cyber risks with great care. However, most of them were ill prepared and were in a mood to mitigate risks only when their IT infrastructure was targeted and not proactive.
Project findings show the companies cannot mitigate sophisticated risks, as they were lacking the right platforms to tackle the latest cyber attack methodologies.
This was found when Naval Dome installed its Endpoint Cybersecurity Solution in one of the oil rigs operated in the Gulf of Mexico and found that most companies including the one on testing were found to be lacking the basic guidelines, regulations and security tactics to mitigate the risks of the current day.
Naval Dome disclosed its findings in a research paper presented at the Offshore Technology Conference in Houston last week. And most of the attendees agreed that almost all companies operating in the oil and petroleum sector were having shortfalls for facing the real challenges.
So, what do the CTOs and CIOs of such deepwater rigs suggest then?
Well, most of the attendees of the Houston conference agreed that if the budget constraint factor is removed for them, then they can come up with remote monitoring and autonomous control techniques that can help the rig infrastructure from being hit by sophisticated cyber attacks.
Security researchers from Naval Dome suggested that during their testing phase, the rig operational infrastructure was simulated and penetrated with software only to access the defense capabilities of workstations, operational infrastructure, and production machines.
The malware thwarting capabilities were also tested by allowing a white hat hacker to inject a malicious software containing 3 zero day flaws into the network through an USB stick.
As all the attacks were carried out internally and in a controlled manner, no rig faced any kind of digital disruption in its operations while the testing phase was being carried out.
Finally, the researchers found out that the infrastructure needed a more advanced purpose built solution to better protect offshore platforms from getting exposed to external or internal cyber attacks.
Naval Dome researchers recommend that by installing up-to-date software and hardware security solutions, keeping skillful staff on board, and an overall note going with an IT centric approach while operating the drilling rig systems can pave way for a cyber resilient environment.