The United States relies on numerous offshore oil and natural gas rigs, which are considered critical infrastructure due to their significant contribution to the national economy. The increasing integration of internet-connected devices and control systems in the drilling industry has introduced new cybersecurity vulnerabilities. This report identifies key threat actors, including nation-states, transnational crime groups, hacktivists, and insiders, all of whom pose risks such as property damage, productivity losses, safety breaches, service disruptions, and malicious system manipulation. Such cyber threats could lead to severe environmental disasters, akin to the 2010 Deepwater Horizon explosion, and have profound economic consequences. While the Bureau of Safety and Environmental Enforcement (BSEE) is responsible for regulating these private entities, its current oversight and regulatory measures remain insufficient in addressing cybersecurity challenges. The Government Accountability Office (GAO) recommends (1) conducting a comprehensive risk assessment, (2) establishing new performance measures, (3) clarifying roles and responsibilities to enhance coordination, and (4) identifying necessary resources to strengthen cybersecurity efforts. This report contributes to the current system state of US security from a governmental regulation standpoint.
