Feature: Offshore Technology – Fighting cyber crime in the offshore oil and gas industry

Saudi Aramco's headquarters complex in Dhahran, Saudi Arabia.

Cyber crime costs offshore oil and gas companies millions each year in lost business and damaged equipment. But, as experts have noted, a cyber attack on critical infrastructure, such as an oil rig, can result in more than just lost revenue – it can be catastrophic for the environment and have far-reaching impacts.

On a quiet Wednesday in 2012 the world learnt a crucial lesson on the permeating impact of a cyber attack on a major oil and gas operator.

It was a normal day at Saudi Aramco, if slightly quieter than usual because it was the holy month of Ramadan, when, unknowingly, an employee opened a phishing email and clicked on what turned out to be an infectious link.

It wasn’t long before all hell broke loose. First files disappeared, then phones died and computers shut down as technicians ripped cables from the walls in a desperate attempt to halt the unfolding cyber attack.

In a few hours, 35,000 computers were partially wiped or totally destroyed.

Saudi Aramco was unable to receive money, process contracts and deals from partners and government. All its technology was completely defunct.

Eventually the company, which provides 10% of the world’s oil, was forced to temporarily stop selling oil to domestic gas tank trucks because it couldn’t process payments. After 17 days, the corporation had little choice but to start giving oil away for free to keep it flowing within Saudi Arabia.

In the process of rebuilding itself Saudi Aramco also caused a temporary shortage in supplies of hard drives after buying 50,000 at once.


It took five months before the company was back online.

Preparing for the worst case

The Saudi Aramco attack was bad, but it could have been much worse. The company was able to keep producing oil because its automated pumping system was unaffected.

However, cyber security on actual installations is a growing issue in the oil and gas sector, since critical network segments in production sites, which used to be kept isolated, are now increasingly connected to networks.

This is causing growing concerns that cyber attackers targeting an oil or gas installation could cause a disaster.

“Critical network segments in production sites are now increasingly connected to networks.”

Mike Ahmadi, global director for critical systems security at Synopsys, a partner for innovative companies developing electronic products and software applications, says he recalls learning about one potentially disastrous scenario.

“A researcher once pointed out to me that the control systems managing the pontoons that keep them level could be compromised, allowing an attacker to drain ballast on one side, causing the platform to tilt over in the opposite direction,” he explains. “This could be quite catastrophic.” [A semi-submersible rig obtains most of its buoyancy from ballasted, watertight pontoons located below the ocean surface and wave action.]

Read the full feature here