Journal of Petroleum Technology October 2012 : Page 68

CYBER SECURITY Middle East Attacks Raise Cyber Security Questions Abdelghani Henni, Middle East Staff Writer Cyber attacks on Saudi Aramco and resentatives from the Saudi Arabian to us can happen to anyone. Working Qatar’s RasGas have forced oil and gas government and the country’s largest together, we can increase our collec-companies in the Middle East to height-corporations to discuss the issues and tive defense.” en their computer system security con-share best practices. trols to prevent security breaches and Saudi Aramco talked about its Widespread Threat to protect their assets. Companies oper-reaction to the cyber attack and shared The cyber security threat to energy ating in the region are also reviewing installations is widespread from utili-their security software and firewalls to ties and distribution networks to gen-ensure that they are updated and able to eration, refining, and drilling and withstand more attacks. exploration operations. “Most securi-Both Saudi Aramco and RasGas ty professionals now say that if you were hit with the Shamoon (also think you have not had your securi-known as Disstrack) trojan, which ty breached, then you just have not led to serious network disruptions. detected it,” said Paul Dorey, direc-Shamoon takes control of a system tor of CSO Confidential, a risk and connected to the Internet before security consultancy. “Wher-spreading to personal comput-ever there is digital technol-ers in an organization’s net-ogy, there is the potential of work. The second stage over-cyber threat.” “Most security professionals now writes files and the master Security experts said the boot record of a machine, cyber attacks on Saudi Aram-say that if you think you have not had which makes a personal com-co and RasGas were deliber-your security breached, then you just puter unbootable. Comput-ate sabotage. “We have been er systems at Saudi Aram-investigating further reports have not detected it.” co and RasGas were shut of infections of Disstrack, the down for weeks into Septem-threat used in the Shamoon Paul Dorey, ber after the first attacks in attacks,” said Justin Doo, Director of CSO Confidential mid-August, but oil and gas security practice director of Symantec MEFA. production was not affected. Internet security firm Kuwait Petroleum was not hit by Kaspersky dubbed the originators of the the attack but immediately increased security to protect its information information about its crisis manage-Shamoon malware “script-kiddies.” It technology systems. ment and response strategies to coun-said that while the Saudi Aramco attack The attacks were similar to those ter cyber security threats. “We always was an act of sabotage, there were carried out against Iranian computers realized that no matter what protec-“beginner-level bugs in the code” of the earlier this year that wiped numerous tions we had in place, we cannot be virus, suggesting an attack by “hacktiv-hard drives. Security officials said they 100% sure that our information sys-ist” saboteurs rather than a state actor. The recent attacks were different believe the attacks were unrelated and tems will not be breached,” said Khalid believe it was a copycat virus. Al-Falih, president and chief execu-from those at Iran’s oil sites and its main After the attacks, Saudi Aramco tive officer of Saudi Aramco. “So we export terminal at Kharg, which were organized an information technology developed incident response plans to taken off line after a cyber attack in cyber security and protection response deal with different kinds of scenari-April. “The recent attacks were very tar-workshop in September, inviting rep-os and contingencies. What happened geted, sophisticated,” said Doo. “W32. 68 JPT • OCTOBER 2012

Cyber Security • Middle East Attacks Raise Cyber Security Questions

Abdelghani Henni, Middle East Staff Writer

Cyber attacks on Saudi Aramco and Qatar’s RasGas have forced oil and gas companies in the Middle East to heighten their computer system security controls to prevent security breaches and to protect their assets. Companies operating in the region are also reviewing their security software and firewalls to ensure that they are updated and able to withstand more attacks. Both Saudi Aramco and RasGas were hit with the Shamoon (also known as Disstrack) trojan, which led to serious network disruptions. Shamoon takes control of a system connected to the Internet before spreading to personal computers in an organization’s network. The second stage overwrites files and the master boot record of a machine, which makes a personal computer unbootable. Computer systems at Saudi Aramco and RasGas were shut down for weeks into September after the first attacks in mid-August, but oil and gas production was not affected. Kuwait Petroleum was not hit by the attack but immediately increased security to protect its information technology systems. The attacks were similar to those carried out against Iranian computers earlier this year that wiped numerous hard drives. Security officials said they believe the attacks were unrelated and believe it was a copycat virus. After the attacks, Saudi Aramco organized an information technology cyber security and protection response workshop in September, inviting representatives from the Saudi Arabian government and the country’s largest corporations to discuss the issues and share best practices. Saudi Aramco talked about its reaction to the cyber attack and shared information about its crisis management and response strategies to counter cyber security threats. “We always realized that no matter what protections we had in place, we cannot be 100% sure that our information systems will not be breached,” said Khalid Al-Falih, president and chief executive officer of Saudi Aramco. “So we developed incident response plans to deal with different kinds of scenarios and contingencies. What happened to us can happen to anyone. Working together, we can increase our collective defense.” Widespread Threat The cyber security threat to energy installations is widespread from utilities and distribution networks to generation, refining, and drilling and exploration operations. “Most security professionals now say that if you think you have not had your security breached, then you just have not detected it,” said Paul Dorey, director of CSO Confidential, a risk and security consultancy. “Wherever there is digital technology, there is the potential of cyber threat.” Security experts said the cyber attacks on Saudi Aramco and RasGas were deliberate sabotage. “We have been investigating further reports of infections of Disstrack, the threat used in the Shamoon attacks,” said Justin Doo, security practice director of Symantec MEFA. Internet security firm Kaspersky dubbed the originators of the Shamoon malware “script-kiddies.” It said that while the Saudi Aramco attack was an act of sabotage, there were “beginner-level bugs in the code” of the virus, suggesting an attack by “hacktivist” saboteurs rather than a state actor. The recent attacks were different from those at Iran’s oil sites and its main export terminal at Kharg, which were taken offline after a cyber attack in April. “The recent attacks were very targeted, sophisticated,” said Doo. “W32. Disstrack uses a hard-coded wiping date. These attacks are more individual.” Catalin Cosoi, chief security researcher at Bitdefender, said the Shamoon/Disstrack virus is a new and unusual threat. “Obviously once an attacker has full control of a system, he stands a fair chance to compromise other systems, up to and including supervisory control and data acquisition (SCADA),” Cosoi said, adding that he believes the attacks were politically motivated. Regardless, antivirus developers urge oil and gas companies to prepare for a system breach because the motivation behind a cyber attack against a company or a nation’s energy infrastructure is often unclear, he said. The attacks could come from other nations, criminals, terrorists, hackers, or disgruntled employees. “Companies should change their way of thinking. They must admit that their system will be attacked and therefore must build security awareness and create a crisis risk management team to deal with cyber attacks,” said Doo. Cyber security is fast rising to the forefront of industry concerns. “Choosing an IT security solutions provider with the appropriate technology, experience, and know-how to manage the security of large-scale virtualized infrastructure is perhaps the most important security decision facing CIOs today,” Cosoi added. SCADA Under Threat The threat of such viruses was highlighted by the discovery in 2010 of the most sophisticated cyber attack to date: Stuxnet. It was a vicious computer worm with highly specialized malware coded to target specific SCADA systems and disrupt operational activities, but without the operators being aware of any system changes. “SCADA networks are widely used in all industrial sectors and provide essential services and commodities in a very efficient manner,” said Nick Coles, the founder and organizer of the International Forum, which discussed cyber security in the Middle East energy and utilities sectors earlier this year in Abu Dhabi. To avoid any breaching of SCADA systems, Honeywell has launched a security notification program for its clients in the region to help block the virus.

Previous Page Next Page

Publication List
Using a screen reader? Click Here