According to an October 2022 report from the US Government Accountability Office, (GAO), the country’s “offshore oil and gas infrastructure faces significant and increasing cybersecurity risks in the form of threat actors, vulnerabilities, and potential impacts.” The infrastructure is regulated by the Department of the Interior’s Bureau of Safety and Environmental Enforcement (BSEE). GAO recommends that BSEE “develop and implement a strategy to address offshore infrastructure risks. Such a strategy should include an assessment and mitigation of risks; and identify objectives, roles, responsibilities, resources, and performance measures.”
- The trick here is finding a cost-effective way to raise the bar without overly increasing the operational costs. One of the attack vectors which has to be considered is the interface between IT and OT systems, which is an increasingly used as an attack vector. Examine these connections with an eye to preventing the trust relationship being used as a superhighway to your OT systems.
- Establishing a common and prioritized set of safeguards to achieve a baseline cybersecurity posture across all sectors should be a national imperative. The CIS Critical Security Controls, starting with implementation group 1 are measurably effective against the top five attacks being used against every industry sector, why not start there.
Read more in