The current attack against Saudi Aramco oil facilities damaged the largest oil producer of the world and delayed oil production, gas markets, and roiling oil. The government of Saudi Arabia and the intelligence officials of the United States claimed the incident is the doing of Iran, whereas Iran accused Yemeni rebels.
It is a real-world continuance of a long-simmering cyber war between the two nations which had dropped over into other international powers. In the past few years, Iran sends destructive computer viruses against the Kingdom of Saudi Arabia. According to experts, the Kingdom and oil & gas industry have slowed to prop up their defenses, raising red flags about the probability of long-term fall-out in the area.
Investors should assume long-standing cyber spying and flare-ups of hateful activity, together with the potential for damaging attacks that hurt firms in the region beyond Aramco. Saudi Aramco denied commenting on this topic.
Saudi Arabia and Iran have cyber warfare showing grounds for over a decade. Activity across the Gulf focused on oil & gas firms that gather data terabytes related to oilfields and drilling. The oil & gas division long relied on possibly susceptible internet of things devices to gather information about the oil availability and to power the composite machinery that finds, extracts and refines it.
Stuxnet Virus hit the Nuclear Facilities of Iran
Nuclear facilities of Iran hit by a virus termed Stuxnet during the mid-2000s. This malicious software sophisticated, developed in a modular format. Attackers use it not only to get intelligence information but also to control and destruct sensitive machinery. Stuxnet mainly termed to the mutual effort by the United States and Israel. Whereas Iran surprisingly responded to Stuxnet, they did not talk about it too much. Scott Applegate, Lieutenant Colonel and expert in the cybersecurity history said that they did take action.
According to one theory, Iran took something from what they learned from Stuxnet and developed a new weapon, which they later launched against the Saudi Aramco in 2012. The Shamoon virus wads multi-faceted and modular just similar to Stuxnet but had the only purpose such as to find and destroy the information. Vice president of cyber threat detection & response for Trustwave, Brian Hussey said that it did all this very successfully. Hussey added, everyone saw at Saudi Aramco that thirty-thousand boxes bricked. He was describing how thirty-thousand computers of the oil agency erased in a single day which destroyed swaths of data.
Applegate said the attack laid out cyber abilities of Iran for the world to realize whereas had a small financial impact on Saudi Aramco, affecting only a little fraction of the daily revenue of the oil giant. However, they made a significant impact on the global stage; they did not bleed over into the broader system. Applegate said that in history, cyberattacks did not play a big role in the oil & gas industry except a hyperbolic rhetoric viewpoint. However, the after-effects of Shamoon are very alarming.
The problem of a slow change
After the Shamoon attack, Aramco too many years to strengthen its defenses. The officials of Saudis interested in installing a system of American-style cybersecurity best practices all over the organization. However, one cybersecurity engineer who worked in response to Shamoon said that he feels a corporate culture all over the Saudi Aramco, and that was difficult to change. It was hard to spark urgency in leaders as well as workers because their duties just weren’t on the line like they are all over else when there is a breach.
Employees, many of whom guaranteed rewarding jobs because of their family tenure or ties, expressed insignificance at some basics of security. The outcome was a slow change problem that made it hard to implement the types of controls that usually required at U.S. companies, especially following a security incident. Two other experts of cybersecurity who worked in the Kingdom of Saudi Arabia at the time corresponded with these observations.