Drilling advances

Like everyone who has managed to evolve—in my case, hesitantly at times—past rotary phones and floppy discs, I have suffered through a few computer viruses. Each time a bug hit, full recovery was preceded with a few choice words, which I would never have wanted my mother to hear, directed at the cyber-goons who think it is such good fun to play havoc with the primary tool of one’s livelihood.

For me, the fallout normally meant recreating work lost, perhaps having to shell out for a tech doctor, and generally just staying in a bad mood for a day or two. However, those mere annoyances pale considerably when stacked up against the possible repercussions of having a goon-created electronic worm slither through a computer network a bit more vital than mine. Like a petrochemical plant or a utility distribution system, where lives literally are at stake? While cyber security in electrical grids, refining and other process-heavy downstream sectors has been an issue ever since Al Gore invented the Internet, it now is making its way into the drilling side of the equation.

Over the last few months, a number of media reports have put the issue of rig cyber-vulnerability in the spotlight, citing recent malware infections on offshore drilling rigs and the ongoing threat of a cyber-contagion targeting operators in the Canadian oil sands. Steady advancements in the remote monitoring of drilling, and the host of new-generation deep and ultra-deepwater rigs preparing to enter the global fleet, will place even more pressure on companies’ cyber-experts.

In January, the U.S. Department of Homeland Security said that cyber attacks against the industry grew at an “alarming rate” in 2012, with 40% of documented infections directed at international energy infrastructure. The agency’s Industrial Control Systems Cyber Emergency Response Team reported the attacks followed myriad approaches, such as emailing workers who would innocently click on an infected link and download malware.

While the percentage that specifically targeted drilling rigs is anybody’s guess, cyber security experts told the Houston Chronicle in February that rigs were among the targets the federal agency cited. Documented malware infections, they told the newspaper, have occurred “at several offshore rigs and platforms, knocking some offline.” Misha Govshteyn, co-founder of network security company Alert Logic, told of one Gulf of Mexico facility, where an infection locked up the entire electronic system. “They literally had a worm that was flooding their network, and they’re out in the middle of the ocean.”

The operational and, more importantly, the safety systems of mobile offshore rigs depend heavily on complex computer systems. Suffice it to say that unknowingly allowing a virus to have its way with one of those critical systems could have ramifications that none of us wish to contemplate.

Often, experts say, the carrier of an eventual onboard infection is an unwitting partner. Typically, a rig hand, whose job requires system access, returns offshore after home leave, plugs in the laptop or USB drive and instantly spreads an infection picked up on break. Viruses can also be spread, when a rig hand connects to an infected site and downloads an infection directly from onboard satellite connections.

With sufficient information about a rig, a cyber-attack using distributed malware could target a critical area of the control network and cause physical damage, Jack Whitsitt, principal tactical analyst for the National Electric Sector Cybersecurity Organization, told the Chronicle. “It’s probably a safe assumption that something like that could potentially happen,” he said.

According to the cyber-gurus, a single infection germinated by someone with too many brains, too much time and too little respect could be isolated quickly with limited repercussions. The problem, according to Whitsitt and others, reaches the danger zone, when it is a concerted, tailored attack with widely distributed malware aimed at a specific target.

One such target is the Alberta oil sands. In an Aug. 27, 2012, article, Bloomberg reported that the Royal Canadian Mounted Police and other Canadian agencies continue to investigate threats by a hacker gang calling itself Anonymous. The group had  warned of its intent to infect the networks of operators, such as Imperial Oil Ltd.

What to do? The most erudite cyber security specialists concede that the battle to eradicate malware is a losing one. When an infected computer or external drive is connected to even a closely isolated network, as on offshore rigs, and the worm is released, the malware can spread quickly and create all manner of havoc, they say. Whitsitt said the only viable steps that an operator or contractor can take, to at least limit a malicious infection, are to continually update software and attempt to reduce access to control systems.

“The tide is slowly rising and incrementally making things better, but the exposed area is really so high that it’s not really fast enough to limit the risk,” Govshteyn told the Chronicle.

Not so long ago, I had the opportunity to visit with the retired president of a former service company, who had unintentionally conceived a fail-safe methodology that guaranteed he would never be laid up with a computer infection. Despite the raised eyebrows of his peers, he said he managed to get through his entire career “without having a computer on my desk.” He said when colleagues asked how he kept track of inventory, he replied, “I pick up the telephone and make a call.”

Oral communication may be horribly passé in today’s cyber-dependent business world, and no one among us would even consider sacrificing the efficiencies of a clean computer. But still.....

If you will excuse me, I need to replace the ribbon on my typewriter.