Energy industry on alert for cyber-attacks

05 September 2012

Recent malware attacks on Saudi Aramco and RasGas is worrying sign for region’s oil companies

The recent cyber-attacks on two of the Middle East’s largest energy companies has reminded all of the region’s hydrocarbons giants that extra vigilance is going to be needed to combat malicious software (malware).

Saudi Aramco was the first company to report an attack on its main network service in mid-August that affected 30,000 workstations. Since that time Aramco has said that all systems have been cleared, but remote online access is still restricted.

The attack prompted Aramco’s chief executive office Khalid al-Falih to make statement saying that the company’s operational activities regarding oil and gas production as well as downstream operations were unaffected.

“Saudi Aramco is not the only company that became a target for such attempts and this was not the first nor will it be the last illegal attempt to intrude into our systems, and we will ensure that we will further reinforce our systems with all available means to protect against a recurrence of this type of cyber-attack,” he said in a company statement.

The attack on Aramco was followed in late August by malware infecting part of the computer system at Qatar’s Ras Laffan Liquefied Natural Gas Company (RasGas). RasGas said that, like Aramco, the computers of employees were hit, but its operational activities were not affected. Qatar Petroleum was unaffected by the malware.

Iran has been accused as being the source of the malware that attacked Aramco and RasGas, but there has been no direct evidence as yet to support this.

Energy companies in the region have been forced to become extra vigilant in the last two years, especially when it comes to protected the supervisory control and data acquisition (scada) systems that control their operational activities.

In 2011 computer malware attacked the scada systems of Iran’s nuclear facilities, instructing them to instruct process machinery at the plant to operate outside its capabilities. This caused extensive damage to a number of facilities.

This attack has caused all of the Middle East’s hydrocarbons companies to isolate their scada system networks from the internet in order to protect them from attacks. This along with greater password protection and firewall systems has made it more difficult for external malware attacks to affect operations.  

MEED reported in July that most energy companies spend in excess of $10m per annum protecting their computer systems, but that figure is expected to rise as the malware becomes more advanced and the attacks become more frequent.

“The amount of damage malware can do to a badly protected system is incredible,” says Tareque Choudhury, chief security officer and head of the UK’s BT Advise MEA. “These attacks are going to get more commonplace and the malware more sophisticated, so companies will have to become much more vigilant.”

With Saudi Arabia and Qatar being targeted, other national oil companies in the region will be bracing themselves for further malware infections. However, no reports from major oil producers such as Iraq, Abu Dhabi or Kuwait have emerged that indicate they have also been targeted.

Cyber-terrorism is now regarded as big a threat as a conventional terrorist attack on an industrial facility or oil pipeline. Undetected malware could mean major oil producers in the region could see output grind to a halt if targeted. Power stations and industrial facilities could also shut down and national grids fail as a result of a cyber-terrorist attack.

The intended purpose of malware differs from case to case. In May 2012 reports emerged that another sophisticated worm called Flame had been targeting corporations, in particular, global energy companies working in the Middle East.

Flame’s prime directive was to harvest sensitive information from the databases of energy firms across the Middle East, such as project financing accounts, production figures for oil and gas fields, and details of the technology used to operate plants.

Flame monitored keystrokes and Skype calls, harvested contact information from Bluetooth devices and could even switch on computer microphones to listen to nearby conversations. It collected data and sent it back through encrypted pathways to its creators.

A MEED Subscription...

Subscribe or upgrade your current MEED.com package to support your strategic planning with the MENA region’s best source of business information. Proceed to our online shop below to find out more about the features in each package.