Recent drone attacks on Saudi Arabia’s oil and gas facilities operated by its state-owned behemoth Aramco have caused global alarm, but behind the scenes the company is working overtime to mitigate against an equally potent and rising threat of cyber attacks, according to a senior project engineer.
Wael Mohammed Al Fareed, Aramco’s Senior Industrial Engineer, entrusted with managing the cybersecurity of five key Saudi facilities operated by the company, confirmed that threat awareness, detection and protection standards are being raised across the board; a drive that has gained “considerable” momentum over the last few years.
Speaking at the Honeywell Users Group 2019 conference in The Hague, Netherlands, Al-Fareed said: “The frequency of cyber attacks on our facilities is rising and we are working overtime to secure our infrastructure. It is a challenge every major operator in the oil and gas business simply has to live with.
Storage tanks at an Aramco oil processing facility in Shaybah oilfield, Saudi Arabia: The state-owned company has doubled down on cybersecurity amid rising threats (Photo: Simon Dawson/Bloomberg)
© 2018 Bloomberg Finance LP
“There is no such thing as 100% security; system vulnerabilities always exist. Our job is to improve awareness among the workforce, repel attacks, and curtail and control intrusions.”
In 2017, an Aramco facility was hit by a cyber attack designed to damage the processing site’s emergency shutdown system, raising alarm bells in the petrochemical and refining world. Many industry experts blamed Iran at the time. Prior to that, the company was targeted by hackers in 2012 who managed to compromise nearly 30,000 of its computers but the attack failed to dent oil production.
Al Fareed said the nature of the threats Saudi Aramco faces ranges from “state actors” to rogue individuals “trying their hand at ransomware attacks” with increasing frequency. “The is no one size or security solution that fits all, but our digital awareness campaign now covers every Aramco employee, and is considered as crucial as health and safety training at processing facilities.”
The Aramco IT expert also said the company was not taking any chances and currently blocks “all USB ports and CD-ROM slots at site workstations” over fears of viruses infecting the system via an errant device or disk insertion. It is also using artificial intelligence (AI) premised predictive monitoring, quarantine and breach shutdown systems, and has established a “cybersecurity committee” that visits and audits all Aramco sites on a regular basis.
Most of the Saudi state giant’s processing facilities deploy Honeywell’s distributed control systems (DCS), a computerized control system usually with a large number of functions and loops, in which autonomous controllers are distributed throughout the system, but there is central operator supervisory control.
“Every patch recommended by Honeywell, including the most basic Microsoft Windows updates are applied without delay or hesitation. Investing in best-in-class protection systems has also become a priority.
“We are also evaluating Honeywell’s Secure Media Exchange (SMX) which monitors and protects against USB borne viruses, and hopefully its deployment would eliminate the need to block USB ports.”
However, Al Fareed did not reveal how much Saudi Aramco was spending on cybersecurity as it seeks to reassure the market ahead of a potential initial public offering (IPO). “It is a changed world where cyber attacks are routine. As an operator we have to ensure 24-7 that we are equipped to handle it and remain in a state of heightened alert.”
