Saudi Aramco, the world’s largest oil company, has said that its systems were attacked by a computer virus yesterday, confirming swirling rumours that surfaced since yesterday afternoon.
“An official source of Saudi Aramco confirmed that it had isolated electronic systems for the entire company today and cut off external access as an early precaution,“ a statement on the Arabic language version of Aramco’s site translated by Reuters said last night. The Aramco Arabic site is down at the time of writing.
In a statement in English on the company’s Facebook page, Aramco says the virus affected “some of the sectors of its electronic network.”
The company said the attack reached Aramco’s network from personal computers. Aramco says its systems will return to normal soon, without giving a estimate.
Oil production has not been affected, thanks to “advanced protection systems,” and that the virus struck some computers but did not penetrate critical production systems
“The company employs a series of precautionary procedures and multiple redundant systems within its advanced and complex system that are used to protect its operational and database systems,” Aramco said.
Most oil companies manipulate all or part of their physical oil operations through programmable logic controllers wired into central management systems, raising the possibility that cyber attacks could physically affect oil fields.
The Armco attack emphasisises the growing threat to energy IT infrastructure security, as energy assets are on the front line of a covert security conflict thought to be between between nation states.
Aramco’s physical operations are not the only threat to the company from virus attacks. The company’s estimates of its production rates, shipments, production capacity and reserves are all confidential. The Flame virus identified earlier this year aims to steal confidential information.
Iranian oil sites and the country’s main export terminal at Kharg were taken off line after a cyber attack in April. Experts branded the attack the most sophisticated computer worm they had ever seen, and said it was targeted at specific sites and individuals Iran, the West Bank, Lebanon and the United Arab Emirates.
The Stuxnet virus, which disrupted Iran’s nuclear enrichment program in 2010, was the first to highlight the severe impact cyber attacks can have on the energy industry by targeting supervisory control and data acquisition (SCADA) systems which are critical to running everything from oil wells to refineries.
A New York Times article attributed the Stuxnet virus to the US and Israeli governments.
