Cyber attacks are increasingly becoming a cause for concern for oil and gas companies operating in the Middle East, information technology and security experts say.
“We are aware these attacks are happening all the time,” said Morgan Eldred, Research Director at American information technology research and advisory Gartner, by phone.
Last year, Saudi Arabia’s national oil company Saudi Aramco was hit by a virus that infected as many as 30,000 of its machines. It took nearly two weeks for Saudi Aramco to recover from the damage, disrupting the world’s largest oil producer.
This week British multinational defence and security firm BAE Systems released a new military grade solution, IndustialProtect, to safeguard industrial control systems. BAE Systems rolled out the product globally this week and expects to cash in on companies in the Arab Gulf, Australasia and North America, according to company executives.
“The threat is very real,” said James Clark, Director of Energy & Utilities from BAE Systems Applied Intelligence, in Dubai this week.
The Saudi Aramco incident is just one example of cyber attacks in the region and the same malware, named Shamoon, was also used to attack Qatar’s RasGas, one of the largest liquefied natural gas producers, according to reports.
Several months after the attack, Saudi Aramco said the malware had tried to disrupt the company’s flow of oil and gas supplies to international markets. However, by Saudi Aramco’s estimates losses attributed to the attack were around $15 million. In 2012, the company turned over $311 billion, the same year of the breach.
“We do see an awful lot of attack on oil and gas [companies in the Middle East],” said Eldred.
Adding that securing against cyber attacks is becoming “a major priority for oil and gas companies in the region.”
Cyber attacks in the region are thought to be a mixture of hacktivism, which is hacking used as a form of process to promote political ends, chiefly free speech, human rights, and information ethics, as well as state-sponsored attacks.
“We have economic war and information technology is one of the weapons to get the information,” said Vincent Lavergne, Director, Field System Engineering for South Europe, Middle East and Africa, at F5, a company that provides data protection services to multinationals, by phone.
In 2012, the United States and Israel were behind the Stuxnet attack against Iran, which reportedly ruined a fifth of the Islamic Republics nuclear centrifuges.
Lavergne said one of the issues oil and gas companies around the world is that they’re primarily reacting to attacks rather than being proactive. He said companies can be cautious of high expenditure when it comes to risk mitigation.
However, said a lot of companies in the Middle East have “beefed up their security” since 2012.