Malware Infects Gulf of Mexico Offshore Rigs

Who would have suspected that there's a downside when offshore workers put in long and grueling 14-day shifts at sea. Well, it turns out that instead of hitting the sack at night, they've disrupted computer networks on rigs in the Gulf of Mexico after unintentionally downloading malicious software - malware - in their spare time. Employees have inadvertently exposed vulnerabilities in network security that pose serious long-term threats. It's far too easy to imagine a worst case scenario: targeted cyber attacks, a blowout, a spill - all possible, security experts told While a covert USB drive was the culprit for a security breach at Saudi Aramco, this time, relaxing workers downloaded infected porn and music files from the Internet as easily as ordering Domino's pizza. Since viruses and worms were also stowed aboard on laptops, rig companies have a problem to fix: to stop underestimating the motility of malware, which acts like it's on constant Spring Break, hopping promiscuously from laptop to server to control system. (It's a Viruses Gone Wild scenario, you might say.) In one vivid example: after an "infected device" was connected to an isolated network out in the Gulf, the malware spread, creating problems severe enough to lock up the system. Although there was no mention serious damage or lost production time, the situation got very dicey:

"They literally had a worm that was flooding their network, and they're out in the middle of the ocean," one expert said.

Targeted attacks haunt cyber-security experts

Rigs in the Gulf could be better protected by keeping cyber security up to date, security experts told writer Zain Shauk, but many companies have been reluctant to invest in those services and are still vulnerable and open to a "targeted attack." Left unsaid - but part of the problem - is that a company may feel that being isolated "offshore" means being protected. With about 4,000 active rigs in the Gulf, the odds of another incident are stacked pretty high and inversely proportional to making offshore rigs porn-free zones.

One security expert had a mixed appraisal about industry attempts to secure the rigs: "The tide is slowly rising and incrementally making things better, but... it's not fast enough to limit the risk," said Misha Govshteyn, co-founder of Alert Logic, a network security company. Fortunately, so far, all the mishaps have just been recreational, but the problem has become fairly wide-spread. After Shauk finally made the disruptions public, it felt like Viruses Gone Wild had posted their Spring Break photos on Facebook, and they're now going viral.

Collateral damage

Of course, this brings up the specter of Stuxnet. Jack Whitsitt, principal tactical analyst for the National Electric Sector Cybersecurity Organization, told Shauk that while a typical malware infection might be a nuisance on an oil rig, it shouldn't cause serious problems, but a targeted attack - now considered a possibility by experts - could have disastrous consequences.

"It's probably a safe assumption that something like that could potentially happen," Whitsitt said.

Now it's just a matter of time and human error before the next malware disruption. And the unintended consequences spreading like Stuxnet (wildfire), crippling rigs in the Gulf. For example, after the Stuxnet malware disabled an Iranian uranium enrichment facility at Natanz, it went on to infect PCs around the world. Much later, thousands of Stuxnet infections, all resulting from the first targeted attack, surfaced. Last November, after waiting two years, Chevron finally became the first U.S. company to admit that it had been infected by Stuxnet soon after the virus was released into the wild in 2010.

Will this problem get worse before it gets better?

Images: Offshore oil rigs, Simon Johnston; Offshore rigs in the Gulf, Ocean Explorer Webmaster


Robert S.'s picture

The problem with all security is that it is only as strong as the weakest link - usually human behavior. I know this is something we constantly discuss. Aside from the recreational aspects, when you want to get a lot of data from one location to another while in a facility that may not have functioning email it is very tempting to just stick a USB into the serve "just for a second to copy a spreadsheet". And that is job-related. People make much worse decisions on their off time. There are a lot of shortcuts into a server or DCS and people in the field have access to them all. I feel for those oil-rig workers. Being out there isolated for long stretches, new entertainment and music really helps. Unfortunately, this carries some risk and their employers have a keen interest in preventing that traffic. Doesn't make the living conditions any better.

Kent Harrington's picture

Seems like a losing battle. A USB infected two power facilities in the US last year alone, according to the Dept. of Homeland Security.