Kuwait’s oil ministry issues cybersecurity tender

MEED    28 August 2020 (Last Updated August 28th, 2020 15:14)

Kuwait’s oil ministry issues cybersecurity tender

Concerns increasing about attacks in the Middle East energy sector

Kuwait’s Ministry of Oil has issued a tender for cybersecurity equipment amid growing concerns about electronic attacks within the Middle East’s energy sector.

In the tender documents, the Ministry of Oil said that it was looking to acquire a firewall network protection device.

A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules.

Firewalls are a first line of defence in network security and establish a barrier between secured and controlled internal networks that can be trusted and untrusted outside networks.

In a separate tender, the ministry said that it was looking to purchase Veeam Backup licences for a three-year period.

Veeam Backup is a specialist software that provides backup, restore and replication functionality for virtual machines, physical servers and workstations as well as cloud-based workload.

The software provides a range of data recovery options that could be used if data is lost during a cyber attack.

The stated closing date for companies to submit bids for both tenders is 3 September 2020.

Email protection

State-owned downstream operator Kuwait National Petroleum Company (KNPC) has also issued a tender for cybersecurity software.

It is seeking consultancy services for Proofpoint email protection.

Proofpoint is an enterprise security company based in California that provides software and products for inbound email security, outbound data loss prevention, digital risk and email encryption.

The contract being tendered by KNPC will extend from 2021 to 2024 and bids are due to be submitted on 24 September.

Five companies have prequalified for the KNPC tender. These are:

  • Diyar United Trading & Contracting Company (Kuwait)
  • Kuwait Digital Computer Company (Kuwait)
  • Computer Data Networks Company (Kuwait)
  • Arabesque Group for General Trading and Contracting Company (Kuwait)
  • ZAK Solutions for Computer Systems (Kuwait)

Cyber attacks

The prospect of possible cyber attacks on energy infrastructure is becoming an increasing concern across the Middle East.

In February, Saudi Aramco said it had seen an increase in attempted cyber attacks since the last quarter of 2019.

All of the cyber attacks mounted against Saudi Aramco at the beginning of 2020 were successfully countered, the state oil giant’s chief information security officer, Khalid al-Harbi, said at the time.

Saudi Arabia has been the target of frequent cyber attacks, including the “Shamoon” virus, which cripples computers by wiping their disks and has hit both government ministries and petrochemicals firms.

Aramco, which pumps 10% of global oil supply, experienced its biggest cyber attack to date in August 2012, when a Shamoon virus attack damaged about 30,000 computers. It was aimed at stopping oil and gas production at the biggest Opec exporter.

In August 2018, a petrochemicals company with a plant in Saudi Arabia was hit by an innovative cyber attack that investigators said was meant to sabotage the firm’s operations and trigger an explosion.

The identity of the company and the country where it was based has not been released by investigators, who are worried that the attack could be replicated in other countries.

Thousands of industrial plants all over the world rely on the same US-engineered computer systems that were compromised in the August 2018 attack.

The August 2018 attack is one of a string of attacks on oil and gas sector plants in Saudi Arabia.

In January 2017, computers went down at the National Industrialisation Company (Tasnee), a privately owned Saudi petrochemicals companies.

Computers also crashed 15 miles away at Sadara Chemical Company, a joint venture of Saudi Aramco and Dow Chemical.

During the January 2017 attack, the hard drives of the Tasnee’s computers were destroyed, data was deleted and replaced with an image of Alan Kurdi, the small Syrian child who drowned off the coast of Turkey during his family’s attempt to escape that country’s civil war.

This article is published by MEED, the world’s leading source of business intelligence about the Middle East. MEED provides exclusive news, data and analysis on the Middle East every day. For access to MEED’s Middle East business intelligence, subscribe here.