"The U.S. oil industry has a lot of redundancy," said Amy Myers Jaffe, senior fellow for energy at the Council on Foreign Relations.
U.S. refineries go offline often after accidents or storms, with little impact to the market, Jaffe said. Even production in the country's biggest oil field, the Permian Basin in Texas and New Mexico, is spread across thousands of wells in a 75,000- square-mile (194,250-square-kilometer) region. The kind of gas-oil separation facility hit in the attacks in Saudi Arabia is done in smaller plants located across U.S. oil fields.
"It's pretty hard to imagine some group having people here and they're going to fly a drone over the Houston Ship Channel or over Newark and somehow it's not going to be noticed," Jaffe said. "Could you knock out one company's crude processing unit and throw them offline? I suppose. You'd have to go down to Midland, Texas, and get away with it."
"I would be more concerned about cyber vulnerability," Jaffe added.
The United States has more of a geographic buffer than Saudi Arabia and lacks hostile neighbors, said Ben West, security analyst with the intelligence firm Stratfor. The most vulnerable infrastructure, pipelines, can be repaired quickly, West said.
"Even if there were an attack, it's unlikely to knock out half the U.S. oil and gas production," West said. "I think Iran is much more likely to be able to successfully carry out a cyber attack than a cruise missile or drone attack, and it's still an unlikely scenario."
Security for U.S. energy infrastructure was tightened in the years following the Sept. 11, 2001 attacks to include tighter inspection standards and better backgrounding and credentialing of workers, said Henry Willis, a senior policy researcher at the RAND Corporation.
"We do know that once someone figures out a way, others learn," said Willis. "I imagine if you're responsible for facilities security and you haven't done it already, you're assessing how you account for drone threats."
(Reporting by Jennifer Hiller; Editing by Sandra Maler)