Cyber-attacks were once common on major oil companies in the Gulf Cooperation Council (GCC), but investment in cyber defense has helped reduce such incidents.
Companies must be proactive and agile in safeguarding their digital systems from viruses and hackers, similar to the main characters in Edgar Allan Poe’s classic “The Masque of the Red Death” attempting to isolate themselves from a deadly virus.
As reported by the Financial Times, investment in defense startups and cybersecurity firms has surged to $3 billion in 2022, up from $1.1 billion in the previous year. Advancements in technology, such as artificial intelligence, cloud computing, and smart robots, have made these young firms attractive.
Governments must adapt to the Fourth Industrial Revolution, according to the UAE’s Minister of Cabinet Affairs Mohamed Al-Gergawi. Public and private institutions must embrace innovation and stay vigilant against cyber threats.
External attacks on the eastern front continued, despite the general perception of peace.
The tensions that arose in the Middle East after the Great Recession led to the creation of viruses such as Stuxnet, Flame, and Mini-flame. Allegedly, these viruses were designed to disrupt critical infrastructure in the region. In 2012, Saudi Aramco fell victim to a virus called Shamoon, which caused 30,000 workstations to malfunction for over a week. Recently, in May 2020, Israel confirmed a cyber-attack on its already frail water systems.
To address these concerns, Saudi Aramco, the world’s biggest oil producer in relation to daily crude production, has developed a third-party cybersecurity compliance certificate. This program mandates that all third-party firms obtain certification from authorized audit firms confirming their adherence to the cybersecurity requirements, as specified in the third-party cybersecurity standard. The company’s example highlights two significant aspects:
- First, there is never room for complacency, even as we make advances in cyber defense; we must remain vigilant.
Most of the oil industry’s critical infrastructure operates on the office level, which means that oil companies should regularly perform background checks on their workstations, change passwords, and do random checks on saved files and files sent via email and other messaging apps.
In March 2021, a US citizen from Nebraska faced a two-year sentence after being found guilty of stealing his employer’s confidential data for commercial exploitation. This case underscores the need for top-notch cybersecurity protocols across all industries.
Protecting the upstream
Each oil rig now has a digital twin for upstream protection, which is a virtual copy of the physical plant. With Saudi Arabia having over 42,000 rigs and pipelines, a disruption in any element of the production chain can cause the whole portfolio to fail. Cyber defence measures are now crucial for everyone, not just limited to big corporations. Diversifying protection measures by including multiple nations in oil exploration is vital.
The concept of cyber defense is no longer restricted to only large organizations. It has become a global issue that involves startups and young innovators.
Security diversification is essential to provide protection. The UAE has taken initiatives to safeguard itself against threats including the inclusion of multiple nations like Austria, Japan, Malaysia, and Canada in its oil exploration. This helps in enhancing the cybersecurity standards of the country. A
DNOC has made deals with 25 leading domestic and international players worth $9.52 billion for the production of various oil and gas industry products within the emirate of Abu Dhabi. It is crucial to maintain a permanent up-to-date approach to ensure that the Gulf Arab region’s black gold treasury remains safe from cybersecurity threats.