Energy companies at constant risk of cyberattack

Tue, 2019-10-08 07:57

DUBAI: The region’s top tier oil and gas companies are at risk
of cyberattack at a rate of up to one every second, an industry
expert said.

The drone attacks on the Aramco facilities in Saudi Arabia on
Sept. 14 are well documented, but Marcus Josefsson, director for
Middle East, Africa and Russia at Nozomi Networks, said cyber
criminals were always lurking in the background.

Nation-states, terror groups and organized crime circles can
shutdown pumping stations with something as basic as a laptop
computer with an Internet connection.

“There is one threat every second — or every couple of
seconds — but the real question is how many of them are
successful,” he said.

Josefsson’s employer, Nozomi Networks, is a cybersecurity
company that works on ensuring industrial control systems are
secure.

“We’ve seen them many times in this region before. There’s
a specific malware that gets into these systems, and then they can
target the centrifuge or they can target the pumps, the valves, and
just break things down completely,” he told Arab News on the
sidelines of GITEX Technology Week.

In 2012, 30,000 computers were hacked in Aramco facilities, but
oil production was not affected.

Josefsson said often the attacks come from “people who are in
it for the money.”

“One thinks now that organized crime has almost the same
turnover as the cybersecurity industry, if not bigger.”

But countries “definitely play a big part to it,” Josefsson
said. “Imagine you are a nation-state — you have a number of
friends and enemies, no matter what. You have spies and
intelligence gathering so when something goes wrong, you want to be
able to deploy and do something quickly. That’s exactly what goes
on in oil and gas companies, airports — all these critical
national infrastructures,” he said.

Josefsson said attackers are always lurking in these important
systems, “scanning, finding out information” for when an attack
is called for.

“If there were a red alert at some point, if it escalated
between two countries, they would want to be able to play that card
— to take out an oil rig, to take out a pipeline, most
importantly to take out electricity or water,” he added.

Although the amount of “internal and external threats towards
these oil and gas companies is staggering,” Josefsson said that
the success rate is very low, and that the region is “catching up
very quickly” in improving its cyber capabilities.

He said the region has worked over the years to improve the
security of information technology (IT) – this involves network
firewalls and anti-viruses. However, there’s still a need “to
do a lot more” in securing operational technology (OT), a
collective term that refers to computer-run machines including oil
pipelines, power grids, and railway systems.

He added the problem with existing OT is that it was not built
with cybersecurity in mind.

“These systems were built 20 years ago — for uptime
purposes, safety of personnel, pumping as much oil as possible,
that’s how it was built. The same holds for things like the
electrical grid system — cybersecurity wasn’t even there,”
Josefsson said.

He noted how Saudi Arabia is “getting ready fast” in
ensuring it has the sufficient security measures to respond to such
threats.

“They have a good plan in place. The Kingdom is mobilizing
quickly. They are taking all the right steps, and I don’t see any
other country moving as fast as Saudi Arabia at the moment. Saudi
Arabia takes it seriously,” he said.

He emphasized how “securing critical national infrastructure
is arguably more important here than it is in Sweden or in the UK.
Take Aramco for instance, it’s such a massive part of the
economy.”

In 2018 alone, Nozomi Networks, which has an office in Dammam
and has worked with big oil and gas, utilities, and mining
companies, recorded a customer growth of 500 percent in the region,
according to Jossefson, who is predicting a whopping 1000 percent
increase this year, in light of the recent attacks.

“They are a hundred percent aware,” he said. “Especially
after the things that happened very recently, it became even more
topical.”

Although “99 percent (of the threats) are very basic,” Josefsson
said: “It’s the one percent that organizations need to look out
for.”

“Attackers only need to be lucky once.”

Saudi energy minister lauds Kingdom’s response to Aramco strikes
at global oil industry conferenceSaudi Aramco plans to pay base
dividend of $75bn in 2020
Source: FS – All-News-Economy
Energy companies at constant risk of cyberattack