Subscribe to our Mailing Lists (It's free!)
Saturday, July 19, 2025
SAFETY4SEA
  • Home
  • Safety
    • All
    • Accidents
    • Alerts
    • Loss Prevention
    • Maritime Health
    • Regulation
    • Safety
    • Seafarers
    • Security
    container

    Allianz: Mis-declared cargo still leads cause of fires

    The end of the supply chain crisis and what we need to learn for the next one(s)

    TT Club: Understanding the risks of abandoned cargo

    ITF abandonment

    ITF: Seafarers’ abandonment surges by 30% in 2025

    UK MAIB Safety Digest 2024, 2nd Edition

    UK MAIB Annual Report 2024: 1,515 reports received

  • SEAFiT
    • All
    • Intellectual
    • Mental
    • Physical
    • Social
    • Spiritual
    tunnel vision

    Tunnel vision: Recognizing the blind spots at sea

    friendship

    Exploring the human need for friendship: A lifeline at sea and on shore

    neck pain

    Neck pain: A growing health concern for maritime workers

    Book Review: Building leaders the MMMA way

    Book Review: Feel grounded and think positive in 10 simple steps

  • Green
    • All
    • Arctic
    • Ballast
    • Emissions
    • Fuels
    • Green Shipping
    • Pollution
    • Ship Recycling
    • Technology
    imo ballast

    BIO-UV Group: Over 30% of vessels are failing D-2 compliance tests

    Intra-North Sea Ballast Water Contingency Area now in effect until 2030

    Intra-North Sea Ballast Water Contingency Area now in effect until 2030

    ICS

    ICS: Industry needs clarity and detail on IMO NZF incentives

    ECSA

    ECSA & A4E: Prioritise affordable clean fuels in shipping & aviation

  • Smart
    • All
    • Connectivity
    • Cyber Security
    • E-navigation
    • Energy Efficiency
    • Maritime Software
    • Smart
    digitalization at sea

    Do you know what the NAVDAT system onboard ships is?

    Hong Kong AIS

    Hong Kong issues notice on the updated rules for AIS

    RightShip: Data-sharing and transparency can ensure a stronger culture of safety

    Danelec: Over 70% of ships still rely on once-daily noon reports

    robots shipyards

    Multi-party effort looks into employing robots in shipyards

  • Risk
    • All
    • CIC
    • Detentions
    • Fines
    • PSC Focus
    • Vetting
    bwms type approval

    PSC Update: Concentrated Inspection Campaign to focus on BWM in 2025

    ClassNK PSC

    ClassNK Annual PSC Report: Fire safety deficiencies top the list

    AMSA fine

    NorthStandard: Tips to avoid pollution fines in Turkey

    OCIMF

    OCIMF Annual Report 2025: SIRE 2.0 a welcome change for the industry

  • Others
    • All
    • Diversity in shipping
    • Maritime Knowledge
    • Offshore
    • Ports
    • Shipping
    • Sustainability
    • Videos
    hotwork

    Watch: Best practices for gas distribution systems onboard

    digitalization at sea

    Do you know what the NAVDAT system onboard ships is?

    USA sanctions

    United States removes Syria-related sanctions

    eu russia sanctions

    EU has yet to reach agreement over sanctions package on Russia

  • Columns
    Career Paths: Syb ten Cate Hoedemaker, Maritime Battery Forum

    Career Paths: Syb ten Cate Hoedemaker, Maritime Battery Forum

    GSR Services: The Hong Kong Convention sets the rules for total ship lifecycle responsibility

    NorthStandard: Data sharing to drive technology and improve crew wellbeing

    GSR Services: The Hong Kong Convention sets the rules for total ship lifecycle responsibility

    GSR Services: The Hong Kong Convention sets the rules for total ship lifecycle responsibility

    Trending Tags

    • Anchor Your Health
    • Book Review
    • Career Paths
    • Human Performance
    • Industry Voices
    • Interviews
    • Maripedia
    • Maritime History
    • Regulatory Update
    • Resilience
    • Seafarers Stories
    • SeaSense
    • Training & Development
    • Wellness Corner
    • Wellness Tips
  • Events
  • Plus
No Result
View All Result
  • Home
  • Safety
    • All
    • Accidents
    • Alerts
    • Loss Prevention
    • Maritime Health
    • Regulation
    • Safety
    • Seafarers
    • Security
    container

    Allianz: Mis-declared cargo still leads cause of fires

    The end of the supply chain crisis and what we need to learn for the next one(s)

    TT Club: Understanding the risks of abandoned cargo

    ITF abandonment

    ITF: Seafarers’ abandonment surges by 30% in 2025

    UK MAIB Safety Digest 2024, 2nd Edition

    UK MAIB Annual Report 2024: 1,515 reports received

  • SEAFiT
    • All
    • Intellectual
    • Mental
    • Physical
    • Social
    • Spiritual
    tunnel vision

    Tunnel vision: Recognizing the blind spots at sea

    friendship

    Exploring the human need for friendship: A lifeline at sea and on shore

    neck pain

    Neck pain: A growing health concern for maritime workers

    Book Review: Building leaders the MMMA way

    Book Review: Feel grounded and think positive in 10 simple steps

  • Green
    • All
    • Arctic
    • Ballast
    • Emissions
    • Fuels
    • Green Shipping
    • Pollution
    • Ship Recycling
    • Technology
    imo ballast

    BIO-UV Group: Over 30% of vessels are failing D-2 compliance tests

    Intra-North Sea Ballast Water Contingency Area now in effect until 2030

    Intra-North Sea Ballast Water Contingency Area now in effect until 2030

    ICS

    ICS: Industry needs clarity and detail on IMO NZF incentives

    ECSA

    ECSA & A4E: Prioritise affordable clean fuels in shipping & aviation

  • Smart
    • All
    • Connectivity
    • Cyber Security
    • E-navigation
    • Energy Efficiency
    • Maritime Software
    • Smart
    digitalization at sea

    Do you know what the NAVDAT system onboard ships is?

    Hong Kong AIS

    Hong Kong issues notice on the updated rules for AIS

    RightShip: Data-sharing and transparency can ensure a stronger culture of safety

    Danelec: Over 70% of ships still rely on once-daily noon reports

    robots shipyards

    Multi-party effort looks into employing robots in shipyards

  • Risk
    • All
    • CIC
    • Detentions
    • Fines
    • PSC Focus
    • Vetting
    bwms type approval

    PSC Update: Concentrated Inspection Campaign to focus on BWM in 2025

    ClassNK PSC

    ClassNK Annual PSC Report: Fire safety deficiencies top the list

    AMSA fine

    NorthStandard: Tips to avoid pollution fines in Turkey

    OCIMF

    OCIMF Annual Report 2025: SIRE 2.0 a welcome change for the industry

  • Others
    • All
    • Diversity in shipping
    • Maritime Knowledge
    • Offshore
    • Ports
    • Shipping
    • Sustainability
    • Videos
    hotwork

    Watch: Best practices for gas distribution systems onboard

    digitalization at sea

    Do you know what the NAVDAT system onboard ships is?

    USA sanctions

    United States removes Syria-related sanctions

    eu russia sanctions

    EU has yet to reach agreement over sanctions package on Russia

  • Columns
    Career Paths: Syb ten Cate Hoedemaker, Maritime Battery Forum

    Career Paths: Syb ten Cate Hoedemaker, Maritime Battery Forum

    GSR Services: The Hong Kong Convention sets the rules for total ship lifecycle responsibility

    NorthStandard: Data sharing to drive technology and improve crew wellbeing

    GSR Services: The Hong Kong Convention sets the rules for total ship lifecycle responsibility

    GSR Services: The Hong Kong Convention sets the rules for total ship lifecycle responsibility

    Trending Tags

    • Anchor Your Health
    • Book Review
    • Career Paths
    • Human Performance
    • Industry Voices
    • Interviews
    • Maripedia
    • Maritime History
    • Regulatory Update
    • Resilience
    • Seafarers Stories
    • SeaSense
    • Training & Development
    • Wellness Corner
    • Wellness Tips
  • Events
  • Plus
No Result
View All Result
SAFETY4SEA

Cyber security vulnerabilities for oil & gas industry: Saudi Aramco case

by The Editorial Team
May 31, 2018
in Cyber Security
offshore exploration ban

Above image is used for illustration purposes only

FacebookTwitterEmailLinkedin

Following Mirai, WannaCry and NotPetya attacks that caused substantial damages across many sectors in the past, safeguarding the ONG sector has been proved of foremost importance. Specifically, a cyber-attack in the ONG may lead to plant shutdown, equipment damage, undetected spills or safety measures violation that may result in injuries and even death. After several high-profile attacks, including the 2012 Saudi Aramco attack which unleashed a virus that affected 30,000 workstations, ONG companies have established their own protocols and prevention procedures.

On 15 August 2012, an employee of Saudi Aramco with privileged access, opened a scam email; one of those that every day pass through spam e mail). Evidence later led to conclusion that this act was in a form of sabotage as the release of the virus that affected the system was intentional. The self-replicating virus infected as many as 35,000 of its Windows-based machines. In practice the whole computer based system of the organisation was destroyed in a matter of hours.

Shamoon was identified as the virus that caused significant disruption to of the world’s larger oil producer. Its main function appeared to have been the indiscriminate deletion of data from computer hard drives. Although this did not result in an oil spill, explosion or other major fault in operations of the organisation, the attack affected the business processes resulting in the loss of some drilling and production data. Saudi Aramco’s computer technicians ripped cables out of the backs of computer servers at data centers all over the world. Every office was physically unplugged from the Internet to prevent the virus from spreading further.

Without access to the digital payment system, the company’s ability to supply 10% of the world with oil was also wiped out and it had to stall the trucks waiting at its gates to take the oil away. Company was sent back to 1970s as employees had to use typewriters and faxes in order to keep basic functions operable.

RelatedNews

Lessons learned: Pilots are part of the extended team

Lessons learned: Speak up even when it is difficult

While drilling and pumping of oil continued because it was automated, the business’s operational capacity had to go offline to manage supplies, shipping and contracts. After 17 days, Saudi Aramco had to start giving away oil for free to ensure supply within Saudi Arabia. The knock-on effect was a constrained hard drive market as Saudi Aramco purchased 50,000 hard drives straight from factory floors in Southeast Asia, at a higher price to cut queues. Five months later, with a newly secured computer network and an expanded cybersecurity team, Saudi Aramco brought its system back online. The hackers were never caught.

The attack in Saudi Aramco revealed some interest findings in respect of Cyber Security:

  • Cyber-attacks are difficult to be predicted
  • Attacker needs to find just one vulnerable access point to enter into a system
  • Vulnerabilities of systems usually remain undetected.
  • Attacks are usually anonymous and hard to be located
  • Low cyber security awareness among employee leads to cyber incidents that may be proven serious or catastrophic
  • A computer based system collapse is rapid in relation to response actions. It only takes few minutes for an internet based system or network to be affected.

Unfortunately lessons learned from the attack were not taken seriously into consideration and in 2014 more than 50 Norwegian oil and energy organisations were hacked by unknown attackers, according to government security authorities.

Shamoon also attacked RasGas in Qatar, only after weeks of the Aramco cyber-attack. However, the RasGas disturbance was negligible compared to Saudi Arabia’s impact and hopefully it did not affect the production of natural gas. Qatar proved to be proactive by establishing a governmental organisation back in 2004 that focused on deterring possible attacks by detecting, analyzing and monitoring the cyber threats. In particular, Qatar serves as a good example for developing and obtaining agreement on a national cyber security strategy to deter cyber crime and create a national incident management capability.

 


cyber security in shipping industryAlthough headline cyber security incidents are rare, a lot of attacks go undetected or unreported as many organisations do not know that someone has broken into their systems. The first line of attack is often the office environment of an oil and gas company, working through to the production network and process control and safety systems. In a recent study with the Lysne Committee, DNV GL identified the following top ten cyber security vulnerabilities for the oil and gas sector:

  1. Lack of cyber security awareness and training among employees
  2. Remote work during operations and maintenance
  3. Using standard IT products with known vulnerabilities in the production environment
  4. A limited cyber security culture among vendors, suppliers and contractors
  5. Insufficient separation of data networks
  6. The use of mobile devices and storage units including smartphones
  7. Data networks between on- and offshore facilities
  8. Insufficient physical security of data rooms, cabinets, etc.
  9. Vulnerable software
  10. Outdated and ageing control systems in facilities.

 

While speaking at the SAFETY4SEA Cyber Masterclass in May 2018, Mr. Apostolos Belokas, Managing Editor, SAFETY4SEA, provided lessons learned from recent cyber incidents and addressed future challenges.

You may view his video presentation by clicking herebelow

Cyber security vulnerabilities for oil & gas industry:  Saudi Aramco caseCyber security vulnerabilities for oil & gas industry:  Saudi Aramco case
Cyber security vulnerabilities for oil & gas industry:  Saudi Aramco caseCyber security vulnerabilities for oil & gas industry:  Saudi Aramco case
Tags: cyber securitylessons learnedoil and gas industry
Previous Post

Maersk Line: Surviving from a cyber attack

Next Post

A smart shipping industry needs smart people

SUGGESTED FOR YOU

Oman Türkiye
Fuels

Oman and Türkiye partner up for alternative fuels and clean energy

July 17, 2025
lessons learned
Accidents

Lessons learned: Strictly adhere to the requirements of bunkering

July 16, 2025
eu russia sanctions
Shipping

EU has yet to reach agreement over sanctions package on Russia

July 16, 2025
lessons learned
Accidents

Lessons learned: Don’t guess with chemicals

July 15, 2025
Sanctions Russia
Shipping

EU plans to impose new Russian oil price cap

July 14, 2025
Lessons learned
Accidents

Lessons learned: Unsafe workarounds reveal unsafe systems

July 14, 2025

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Explore more

No Result
View All Result
MARITIME EVENTS

Explore

  • Safety
  • SEAFiT
  • Green
  • Smart
  • Risk
  • Others
  • SAFETY4SEA Events
  • SAFETY4SEA Plus Subscription

Useful Links

  • About
  • Disclaimer
  • Editorial Policies
  • Advertising
  • Content Marketing
  • Contact

© 2025 SAFETY4SEA

No Result
View All Result
  • Safety
    • Accidents
    • Alerts
    • Loss Prevention
    • Maritime Health
    • Regulation
    • Safety
    • Seafarers
    • Security
  • SEAFiT
    • Intellectual
    • Mental
    • Physical
    • Social
    • Spiritual
  • Green
    • Arctic
    • Ballast
    • Emissions
    • Fuels
    • Green Shipping
    • Pollution
    • Ship Recycling
    • Technology
  • Smart
    • Connectivity
    • Cyber Security
    • E-navigation
    • Energy Efficiency
    • Maritime Software
    • Smart
  • Risk
    • CIC
    • Detentions
    • Fines
    • PSC Case Studies
    • PSC Focus
    • Vetting
  • Others
    • Diversity in shipping
    • Maritime Knowledge
    • Offshore
    • Ports
    • Shipping
    • Sustainability
    • Videos
  • Columns
    • Anchor Your Health
    • Book Review
    • Career Paths
    • Human Performance
    • Industry Voices
    • Interviews
    • Maripedia
    • Maritime History
    • Opinions
    • Regulatory Update
    • Resilience
    • Seafarers Stories
    • SeaSense
    • Tip of the day
    • Training & Development
    • Wellness Corner
    • Wellness Tips
  • SAFETY4SEA Events
  • SAFETY4SEA Plus Subscription

© 2025 SAFETY4SEA

Manage your privacy
We use technologies like cookies to store and/or access device information. We do this to improve browsing experience and to show (non-) personalized ads. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
Manage options
{title} {title} {title}
No Result
View All Result
  • Safety
    • Accidents
    • Alerts
    • Loss Prevention
    • Maritime Health
    • Regulation
    • Safety
    • Seafarers
    • Security
  • SEAFiT
    • Intellectual
    • Mental
    • Physical
    • Social
    • Spiritual
  • Green
    • Arctic
    • Ballast
    • Emissions
    • Fuels
    • Green Shipping
    • Pollution
    • Ship Recycling
    • Technology
  • Smart
    • Connectivity
    • Cyber Security
    • E-navigation
    • Energy Efficiency
    • Maritime Software
    • Smart
  • Risk
    • CIC
    • Detentions
    • Fines
    • PSC Case Studies
    • PSC Focus
    • Vetting
  • Others
    • Diversity in shipping
    • Maritime Knowledge
    • Offshore
    • Ports
    • Shipping
    • Sustainability
    • Videos
  • Columns
    • Anchor Your Health
    • Book Review
    • Career Paths
    • Human Performance
    • Industry Voices
    • Interviews
    • Maripedia
    • Maritime History
    • Opinions
    • Regulatory Update
    • Resilience
    • Seafarers Stories
    • SeaSense
    • Tip of the day
    • Training & Development
    • Wellness Corner
    • Wellness Tips
  • SAFETY4SEA Events
  • SAFETY4SEA Plus Subscription

© 2025 SAFETY4SEA