Operators in the Middle East oil and gas sector have been urged to do more to defend themselves against cyber attack as they move to adopt digitalisation across their systems.
Saudi Aramco and US-based security contractor Raytheon have agreed to establish a joint venture company to develop, market and provide cybersecurity services in the kingdom and in the region.
Middle East oil and gas
Coincidentally, the oil giant made the announcement a few days after Italian oil and gas contractor Saipem confirmed that hundreds of its servers in Saudi Arabia, the United Arab Emirates and Kuwait have been shut down due to a cyber attack originating in Chennai, India.
A few days later, a second oil field services contractor, UK-based Petrofac, confirmed its servers in the Middle East were also attacked.
Both contractors work extensively with Saudi Aramco – one of the top targets of the millions of cyber attacks the region receives every year – and other oil and gas companies in the region.
Following the first attack in 2012, in which Shamoon virus, a computer malware, disabled Saudi Aramco’s operations for several days by destroying 30,000 PCs – and a more benign second attack in late 2016 – the oil giant has implemented measures to minimise the reoccurrence of such attacks on its servers, networks, systems and desktops.
The presence of a stronger cybersecurity defence and regulations at the oil giant means attackers are now turning to their suppliers and contractors, with the goal of inflicting substantial disruption and damages to the oil giant’s assets, whether those targets are refineries, offshore oil fields or pipelines.
Fortunately, this week’s attacks appear to have been confined to the contractors’ servers and computers and have not impacted project sites or resulted in major data losses.
The attack highlights the need for employees with the contractors to be informed and vigilant about the many forms of cyber threats they face if they are to prevent a reoccurrence of such attacks in future.
The most recent attacks also highlight the risks, and the higher level of security required, as energy companies embrace internet-enabled and cloud-enabled technology, as well as big data, in an effort to move towards a more integrated supply chain.
The billions of dollars that these technologies promise to generate oil and gas clients in terms of customer savings, lower water consumption and emissions, and potentially higher profit, will be moderated by the significant investments required on threat protection software, compliance, risk management, intrusion detection and prevention systems, and a robust cybersecurity incident response plan, among others.
This article is sourced from Power Technology sister publication www.meed.com, a leading source of high-value business intelligence and economic analysis about the Middle East and North Africa. To access more MEED content register for the 30-day Free Guest User Programme. https://www.meed.com/registration/