Coast Guard Commandant Addresses Cybersecurity Vulnerabilities on Offshore Oil Rigs

At a CSIS event on the Coast Guard’s new cybersecurity strategy this past Tuesday, Commandant of the Coast Guard, Admiral Zukunft, highlighted a case in which workers on a mobile offshore drilling unit (MODU) in the Gulf of Mexico had inadvertently introduced malware to the rig’s computer system. Once inside the system, the malware disabled the signals to the dynamic positioning thrusters, which caused the floating unit to drift off of the well site. As a result, the well was temporarily shut down. It turns out that the MODU’s navigational control system is the same system that workers use to plug in smartphones and other personal computer devices. Unsuspecting individuals had downloaded infected files from online music and pornography sites, which then crossed over to the rig’s computer systems when the devices were plugged in.

Oil rig networks are both complex and poorly protected, making them easy targets for pirates and other cyber criminals. In one recent incident, hackers caused an oil rig off the coast of Africa to tilt to one side, shutting down production for a week as engineers worked to identify and fix the issue. In another instance, it took network experts 19 days to rid an oil rig on its way from South Korea to Brazil of malware that had taken the rig’s system offline. None of the workers knew the ins and outs of the computer system they were using to operate the rig, which contributed to the delayed response.

In targeted attacks, hackers may take advantage of security flaws in the Programmable Logic Controllers (PLCs) within the rig’s Supervisory Control and Data Acquisition (SCADA) systems. These systems are ubiquitous in industrial operations, making them convenient targets for hackers. And with plunging oil prices hurting Russia’s and Iran’s economies, cyber experts report that targeted attacks from these two countries have become even more aggressive. According to a security executive at Siemens, Stuxnet, the computer worm, was discovered on the PLCs in at least two oil rigs in Angola and Indonesia before it made headlines for disrupting production in Iranian nuclear facilities.

At a cybersecurity conference in 2013, researchers used a model oil rig to demonstrate their ability to hack PLCs and remotely turn oil pumps on and off, which could cause the pipeline to rupture if turned on in an already high pressure system. According to the researchers, most PLCs found in oil rigs use Ethernet modules that operate on easily exploitable old versions of the Linux operating system. Once inside, hackers can overwrite the PLC’s safety logic, which prevents the oil rig from executing dangerous commands. Although industry executives are aware of these vulnerabilities, they also face financial incentives to minimize downtime, which would be necessary to update the rig’s computer systems.