Protecting the Outer Continental Shelf: Cybersecurity Initiatives and Strategies

In a recent communication from the United States Department of the Interior’s Bureau of Safety and Environmental Enforcement (BSEE), a significant emphasis has been placed on the cybersecurity threats faced by offshore energy facilities on the Outer Continental Shelf (OCS). These facilities are vital to the national economy, encompassing over a thousand oil and gas facilities and an increasing number of renewable energy installations. Ensuring their security from cyber threats is paramount to maintaining operational integrity and safety.

The offshore energy sector is recognized as a critical infrastructure, making it a prime target for cyberattacks. The complexity and scale of these operations introduce various vulnerabilities that malicious actors can exploit. The potential impacts of such cyber intrusions range from operational disruptions to environmental hazards and economic losses.

Federal authorities, including BSEE, the U.S. Coast Guard (USCG), and other agencies, are tasked with regulating and protecting OCS activities under several legislative frameworks, such as the Outer Continental Shelf Lands Act, the Maritime Transportation Security Act of 2002, and the Homeland Security Act. These agencies collaborate closely to enforce cybersecurity measures and mitigate vulnerabilities.

A November 2022 report from the Government Accountability Office (GAO) titled “Offshore Oil and Gas: Strategy Urgently Needed to Address Cybersecurity Risks to Infrastructure” underscored the urgency of addressing cybersecurity risks. This report highlighted the critical need for a robust cybersecurity strategy to safeguard offshore infrastructure.

In response, BSEE developed a comprehensive strategy named “BSEE’s Operational Technology (OT) Cybersecurity Strategy for the Outer Continental Shelf.” This strategy aims to reduce vulnerabilities within the offshore energy industry by enhancing coordination and communication among key federal entities, including the USCG, the White House Office of the National Cyber Director, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (DHS CISA), and the Department of Energy.

BSEE has urged lessees, operators, and contractors to rigorously review and update their cybersecurity plans, ensuring that information and operational technology systems are adequately protected. This proactive approach is vital to preempting potential cyber threats and ensuring the resilience of critical infrastructure.

Additionally, BSEE has provided resources such as the Cybersecurity Strategy Executive Summary available on their website and a fact sheet from DHS CISA that addresses specific cybersecurity concerns, particularly those posed by state-sponsored cyber activities from the People’s Republic of China.

BSEE, the USCG, and other federal partners remain committed to minimizing cybersecurity risks to maintain a robust defense against cyber threats. Lessees and contractors are reminded of their obligation to report cybersecurity incidents in compliance with existing laws and regulations. Incidents should be reported to the USCG’s National Response Center and the DHS CISA.

The BSEE’s dedicated efforts to enhance cybersecurity on the OCS reflect a broader commitment to safeguarding critical infrastructure from evolving cyber threats. By fostering collaboration among federal agencies and encouraging industry compliance, BSEE aims to fortify the defenses of offshore energy facilities, ensuring their continued contribution to the nation’s economy and energy security.

For more detailed information, stakeholders are encouraged to visit BSEE’s cybersecurity webpage and review the related documents provided.

By staying vigilant and proactive, the offshore energy sector can better navigate the complex cybersecurity landscape, ensuring safer and more secure operations on the Outer Continental Shelf.