Feature

The New Threat to Oil Supplies: Hackers

Offshore drilling rigs are increasingly computer-dependent and remote-controlled. That could make them vulnerable to attacks from hackers from around the globe.

Oddvar Walle Jensen/AFP/Getty Images
Oddvar Walle Jensen/AFP/Getty Images

Earlier this year, a sullen, 28-year-old contractor in California was charged in federal court with sabotaging the computerized controls on oil-rig sitting off the coast, allegedly out of spite for not being hired full time. Prosecutors say the contractor hacked into a shore-to-rig communications network that, among other functions, detected oil leaks. He caused thousands of dollars worth of damage, they charge, though, fortunately, no leaks. 

A research team from the SINTEF Group, an independent Norwegian think tank, recently warned oil companies worldwide that offshore oil rigs are making themselves particularly vulnerable to hacking as they shift to unmanned robot platforms where vital operations — everything from data transmission to drilling to sophisticated navigation systems that maintain the platform’s position over the wellhead — are controlled via wireless links to onshore facilities. 

The usual threat of a takeover of the massive oil platforms is in the form of seaborne raiders; Britain’s Royal Marines commandos still regularly train for hostage rescue on rigs that dot the North Sea. But now, according to SINTEF scientist Martin Gilje Jaatun, with the advent of robot-controlled platforms, a cyberattacker with a PC anywhere in the world can attempt to seize control of a rig, or a cluster of rigs, by hacking into the "integrated operations" that link onshore computer networks to offshore ones. "The worst-case scenario, of course, is that a hacker will break in and take over control of the whole platform," Jaatun said. That hasn’t happened yet, but computer viruses have caused personnel injuries and production losses on North Sea platforms, he noted.  

Today, most new oil-field discovery, such as off the coasts of Brazil and Nigeria, occurs in deep ocean waters. Work on the massive metal platforms towering hundreds of feet above the ocean is notoriously dangerous for the "roughnecks," and specialized labor costs, not to mention feeding, providing care, and keeping fleets of helicopters and boats on standby to evacuate rig crews in the event of fire or hurricanes, is hugely expensive for oil companies; hence, the move to robot-operated platforms.  

Although the newest oil rigs, which cost upward of $1 billion apiece, might be loaded with cutting-edge robotics technology, the software that controls a rig’s basic functions is anything but. Most rely on the decades-old supervisory control and data acquisition (SCADA) software, written in an era when the "open source" tag was more important than security, said Jeff Vail, a former counterterrorism and intelligence analyst with the U.S. Interior Department. "It’s underappreciated how vulnerable some of these systems are," he said. "It is possible, if you really understood them, to cause catastrophic damage by causing safety systems to fail."   

The list of potential cyberattackers includes ecowarriors aiming to jack up an oil firms’ production costs, extortionists drawn to oil firms’ deep pockets, and foreign governments engaging in a strategic contest for ever more scarce global oil reserves, Vail said. Insurgents, such as Nigeria’s Movement for the Emancipation of the Niger Delta, which is waging a war against oil firms operating in that country’s waters, could hire mercenary cyberwarriors to mount full-scale assaults on rigs in the delta. Despite obvious network vulnerabilities, oil firms have not made security a priority, said SINTEF’s Jaatun, "leaving many of us feeling like ‘chicken little’ chirping on that the sky is about to fall." 

Earlier this year, a sullen, 28-year-old contractor in California was charged in federal court with sabotaging the computerized controls on oil-rig sitting off the coast, allegedly out of spite for not being hired full time. Prosecutors say the contractor hacked into a shore-to-rig communications network that, among other functions, detected oil leaks. He caused thousands of dollars worth of damage, they charge, though, fortunately, no leaks. 

A research team from the SINTEF Group, an independent Norwegian think tank, recently warned oil companies worldwide that offshore oil rigs are making themselves particularly vulnerable to hacking as they shift to unmanned robot platforms where vital operations — everything from data transmission to drilling to sophisticated navigation systems that maintain the platform’s position over the wellhead — are controlled via wireless links to onshore facilities. 

The usual threat of a takeover of the massive oil platforms is in the form of seaborne raiders; Britain’s Royal Marines commandos still regularly train for hostage rescue on rigs that dot the North Sea. But now, according to SINTEF scientist Martin Gilje Jaatun, with the advent of robot-controlled platforms, a cyberattacker with a PC anywhere in the world can attempt to seize control of a rig, or a cluster of rigs, by hacking into the "integrated operations" that link onshore computer networks to offshore ones. "The worst-case scenario, of course, is that a hacker will break in and take over control of the whole platform," Jaatun said. That hasn’t happened yet, but computer viruses have caused personnel injuries and production losses on North Sea platforms, he noted.  

Today, most new oil-field discovery, such as off the coasts of Brazil and Nigeria, occurs in deep ocean waters. Work on the massive metal platforms towering hundreds of feet above the ocean is notoriously dangerous for the "roughnecks," and specialized labor costs, not to mention feeding, providing care, and keeping fleets of helicopters and boats on standby to evacuate rig crews in the event of fire or hurricanes, is hugely expensive for oil companies; hence, the move to robot-operated platforms.  

Although the newest oil rigs, which cost upward of $1 billion apiece, might be loaded with cutting-edge robotics technology, the software that controls a rig’s basic functions is anything but. Most rely on the decades-old supervisory control and data acquisition (SCADA) software, written in an era when the "open source" tag was more important than security, said Jeff Vail, a former counterterrorism and intelligence analyst with the U.S. Interior Department. "It’s underappreciated how vulnerable some of these systems are," he said. "It is possible, if you really understood them, to cause catastrophic damage by causing safety systems to fail."   

The list of potential cyberattackers includes ecowarriors aiming to jack up an oil firms’ production costs, extortionists drawn to oil firms’ deep pockets, and foreign governments engaging in a strategic contest for ever more scarce global oil reserves, Vail said. Insurgents, such as Nigeria’s Movement for the Emancipation of the Niger Delta, which is waging a war against oil firms operating in that country’s waters, could hire mercenary cyberwarriors to mount full-scale assaults on rigs in the delta. Despite obvious network vulnerabilities, oil firms have not made security a priority, said SINTEF’s Jaatun, "leaving many of us feeling like ‘chicken little’ chirping on that the sky is about to fall." 

Greg Grant is a freelance writer.

More from Foreign Policy

The Taliban delegation leaves the hotel after meeting with representatives of Russia, China, the United States, Pakistan, Afghanistan, and Qatar in Moscow on March 19.

China and the Taliban Begin Their Romance

Beijing has its eyes set on using Afghanistan as a strategic corridor once U.S. troops are out of the way.

An Afghan security member pours gasoline over a pile of seized drugs and alcoholic drinks

The Taliban Are Breaking Bad

Meth is even more profitable than heroin—and is turbocharging the insurgency.

Sviatlana Tsikhanouskaya addresses the U.N. Security Council from her office in Vilnius, Lithuania, on Sept. 4, 2020.

Belarus’s Unlikely New Leader

Sviatlana Tsikhanouskaya didn’t set out to challenge a brutal dictatorship.

Taliban spokesperson Zabihullah Mujahid

What the Taliban Takeover Means for India

Kabul’s swift collapse leaves New Delhi with significant security concerns.