Saudi Aramco last month denied another cyber attack on their systems, but Oil & Gas industries across the Middle East region are now a prime target for cyber terrorists of the new digital world, as well as a host of other IT-based threats, according to research analysts at Gartner research.
“Cyber terrorists are only one of several threats—IT-centric enterprises are also concerned about corporate espionage, criminal acts and internal threats, among others.
The appeal that the Oil & Gas industry has for cyber terrorists is rooted in the ability to deliver maximum damage to the most people, the largest ecosystem, or the financial infrastructure of enterprises.
Exploration, refining, pipeline services all have their advantages and disadvantages to cyber terrorists, as well as their respective strengths and weakness,” said Earl Perkins, research vice president, Gartner.
Mohammad Amin Hasbini, senior security researcher, Global Research & Analysis Team, Kaspersky says that a piece of document or few lines of code might be worth millions to cyber terrorists if taken from the right place or people at the right time.
“Industrial companies are often way behind in terms of digital data protection, mainly because they were not really seen as targets for hackers until recently.
In addition sometimes hackers don’t even need to steal any information, disruption of service in case of industrial espionage on Oil & Gas or other life-dependent industries like water, energy and nuclear facilities, is enough to cause much damage and chaos to companies, countries or even continents,” he said.
Article continues on next page …
The doomsday scenario
Many cyber security companies have hinted at a type of doomsday scenario, where cyber terrorists take over SCADA systems and destroy cities and countries, however, Gartner and Kaspersky say this type of scenario is remote.
“While there is always a possibility that successful attacks can wreak considerable damage as described above, the doomsday scenario is remote. Such an attack would require an extraordinary degree of sophistication, collaboration and opportunity to be feasible, and even countries acting as cyber terrorists would be challenged to achieve this type of attack.
In addition, the Oil & Gas industry is better organised and equipped for IT security,” said Perkins.
Kaspersky says there are two sides for the threats, network or internet connectivity and digital file sharing using transportable media.
“SCADA systems and related industrial equipment or critical infrastructures can be protected and isolated from public networks; they can operate normally regardless of what is happening in the cyber space” said Hasbini.
If well maintained, protected, isolated, and controlled, industrial systems can be extremely difficult to penetrate.However, according to strategic security consultancy helpAG, many SCADA systems are controlled by IT systems, and if they can be manipulated the SCADA environment can also be manipulated.
“In the wrong installation this can have a very big impact, not just from an economical point of view, but also from an environmental one.
What one needs to understand is that when our reliance on such systems becomes higher and higher, and the criticality of the installations grows, even under a cyber attack we may not be able to allow stop production or fall back to manual controlled production,” said Nicolai Solling, director of Technical Services, helpAG, Middle East.
