Who would have suspected that there's a downside when offshore workers put in long and grueling 14-day shifts at sea. Well, it turns out that instead of hitting the sack at night, they've disrupted computer networks on rigs in the Gulf of Mexico after unintentionally downloading malicious software - malware - in their spare time. Employees have inadvertently exposed vulnerabilities in network security that pose serious long-term threats. It's far too easy to imagine a worst case scenario: targeted cyber attacks, a blowout, a spill - all possible, security experts told FuelFix.com. While a covert USB drive was the culprit for a security breach at Saudi Aramco, this time, relaxing workers downloaded infected porn and music files from the Internet as easily as ordering Domino's pizza. Since viruses and worms were also stowed aboard on laptops, rig companies have a problem to fix: to stop underestimating the motility of malware, which acts like it's on constant Spring Break, hopping promiscuously from laptop to server to control system. (It's a Viruses Gone Wild scenario, you might say.) In one vivid example: after an "infected device" was connected to an isolated network out in the Gulf, the malware spread, creating problems severe enough to lock up the system. Although there was no mention serious damage or lost production time, the situation got very dicey:
"They literally had a worm that was flooding their network, and they're out in the middle of the ocean," one expert said.
Targeted attacks haunt cyber-security experts
Rigs in the Gulf could be better protected by keeping cyber security up to date, security experts told writer Zain Shauk, but many companies have been reluctant to invest in those services and are still vulnerable and open to a "targeted attack." Left unsaid - but part of the problem - is that a company may feel that being isolated "offshore" means being protected. With about 4,000 active rigs in the Gulf, the odds of another incident are stacked pretty high and inversely proportional to making offshore rigs porn-free zones.
One security expert had a mixed appraisal about industry attempts to secure the rigs: "The tide is slowly rising and incrementally making things better, but... it's not fast enough to limit the risk," said Misha Govshteyn, co-founder of Alert Logic, a network security company. Fortunately, so far, all the mishaps have just been recreational, but the problem has become fairly wide-spread. After Shauk finally made the disruptions public, it felt like Viruses Gone Wild had posted their Spring Break photos on Facebook, and they're now going viral.
Of course, this brings up the specter of Stuxnet. Jack Whitsitt, principal tactical analyst for the National Electric Sector Cybersecurity Organization, told Shauk that while a typical malware infection might be a nuisance on an oil rig, it shouldn't cause serious problems, but a targeted attack - now considered a possibility by experts - could have disastrous consequences.
"It's probably a safe assumption that something like that could potentially happen," Whitsitt said.
Now it's just a matter of time and human error before the next malware disruption. And the unintended consequences spreading like Stuxnet (wildfire), crippling rigs in the Gulf. For example, after the Stuxnet malware disabled an Iranian uranium enrichment facility at Natanz, it went on to infect PCs around the world. Much later, thousands of Stuxnet infections, all resulting from the first targeted attack, surfaced. Last November, after waiting two years, Chevron finally became the first U.S. company to admit that it had been infected by Stuxnet soon after the virus was released into the wild in 2010.