Malware on oil rig computers raises security fears

Malicious software unintentionally downloaded by offshore oil workers has incapacitated computer networks on some rigs and platforms, exposing gaps in security that could pose serious risks to people and the environment, cybersecurity professionals told the Houston Chronicle.

The worst-case scenario could be catastrophic: A malfunctioning rig and safety systems could cause a well blowout, explosion, oil spill and lost human lives, experts said.

Some of the infected files - from online sources featuring pornography or music piracy, for example - have been downloaded directly through satellite connections. But other malware was brought aboard on laptops and USB drives that were infected on land.

Companies can go a long way toward protecting their networks by keeping software up to date and taking other cyber-security measures. But some have been reluctant to invest in such services and remain vulnerable to the possibility of a tailored and targeted attack, security experts and professionals said.

"The tide is slowly rising and incrementally making things better, but the exposed area is really so high that it's not really fast enough to limit the risk," said Misha Govshteyn, co-founder of Alert Logic, a network security company.

Malware infections have occurred at several offshore rigs and platforms, knocking some offline, cybersecurity professionals said.

When infected devices were connected to even isolated networks, the malware spread and created problems. One instance, on a facility in the Gulf of Mexico, caused a system to lock up, Govshteyn said.

"They literally had a worm that was flooding their network, and they're out in the middle of the ocean," he said.

Dangers possible

Other infections have had similarly disruptive effects, though none has involved a malicious attack that has had safety repercussions, cybersecurity professionals said.

Jack Whitsitt, principal tactical analyst for the National Electric Sector Cybersecurity Organization, said a typical malware infection on energy infrastructure would likely cause no serious problems. But he said a tailored attack, engineered to target a facility through widely distributed malware, could have dangerous repercussions.

That is not out of the realm of possibility, especially following the success of the Stuxnet worm in 2010. Stuxnet used malware to infect computers connected to centrifuges at an Iranian nuclear facility.

That malware later was found to be widely distributed on computers in Iran and surrounding countries, where users had unwittingly spread it, according to a report from security and antivirus company ESET. The worm caused computer systems to manipulate the activity of centrifuges, destroying many of them.

With enough know-ledge of a facility like an oil platform, refinery, or pipeline network, a cyber-attack that used distributed malware could lead to physical damage, Whitsitt said.

"It's probably a safe assumption that something like that could potentially happen," Whitsitt said.

Updating software

Preventing malware from getting onto a network is basically impossible, he said. Instead, companies attempting to prevent a malicious infection should focus on updating software and reducing access to control systems, Whitsitt said.

While those steps sound simple, they can be challenging for a company to stay on top of, calling for businesses to spend money on employees or outside services that can provide cyber- security, said Brandon Dunlap, chief marketing officer for EnergySec, a nonprofit cybersecurity organization.

"All of those options are available to companies, and they need to start making that investment," he advised.

Attention to cyber­security has heightened in the energy industry. A Department of Homeland Security update in January said 40 percent of the intentional cyberattacks last year targeted energy infrastructure.

President Barack Obama, in his State of the Union address this month, highlighted cyber-attacks and hackers' attempts to target energy infrastructure.

Major companies have subsequently placed greater emphasis on cybersecurity.

"Our antennas are right up on this," Al Monaco, CEO of Canadian pipeline giant Enbridge, said this week. "Obviously, it's a key issue today and a threat that we're trying to manage."