Subscribe to our Mailing Lists (It's free!)
Friday, July 11, 2025
SAFETY4SEA
  • Home
  • Safety
    • All
    • Accidents
    • Alerts
    • Loss Prevention
    • Maritime Health
    • Regulation
    • Safety
    • Seafarers
    • Security
    IMO piracy

    IMO Piracy Report: Twenty five incidents during May 2025

    Dryad Global

    Dryad Global: Geopolitical tensions continue to shape maritime landscape

    ireland drug seizure

    Ireland’s largest drug smuggling plot leads to eight men in jail

    limpet mines tankers

    Greek tanker fleet boosts security amid limpet mine fears

  • SEAFiT
    • All
    • Intellectual
    • Mental
    • Physical
    • Social
    • Spiritual
    friendship

    Exploring the human need for friendship: A lifeline at sea and on shore

    neck pain

    Neck pain: A growing health concern for maritime workers

    Book Review: Building leaders the MMMA way

    Book Review: Feel grounded and think positive in 10 simple steps

    time

    Stay SEAFiT: Time is non-renewable – invest it wisely

  • Green
    • All
    • Arctic
    • Ballast
    • Emissions
    • Fuels
    • Green Shipping
    • Pollution
    • Ship Recycling
    • Technology
    BIMCO FuelEU Maritime Regulation

    EU issues low-carbon hydrogen fuel standards

    clean air act

    California updates ballast rules for water from low salinity areas

    biofuels

    India’s DGS issues biofuel bunkering guidelines

    biofuel

    Companies sign deal to advance crude lignin oil biofuel

  • Smart
    • All
    • Connectivity
    • Cyber Security
    • E-navigation
    • Energy Efficiency
    • Maritime Software
    • Smart
    Trafigura, ZeroNorth join forces to advance decarbonization solutions

    Trafigura, ZeroNorth join forces to advance decarbonization solutions

    floating data centres

    New partnership to develop floating data center on retrofitted vessel

    connectivity

    Innovating ocean safety: Intellian’s unified vision for connectivity and GMDSS

    autonomous navigation

    New deal aims to advance autonomous navigation technology

  • Risk
    • All
    • CIC
    • Detentions
    • Fines
    • PSC Focus
    • Vetting
    AMSA fine

    NorthStandard: Tips to avoid pollution fines in Turkey

    OCIMF

    OCIMF Annual Report 2025: SIRE 2.0 a welcome change for the industry

    USCG

    ABS PSC Report Q1 2025: 526 total vessels detained

    paris mou lists

    Paris MoU 2024 Performance lists

  • Others
    • All
    • Diversity in shipping
    • Maritime Knowledge
    • Offshore
    • Ports
    • Shipping
    • Sustainability
    • Videos
    Panama Canal

    Panama Canal reports increase in transits despite dry season

    UNCTAD

    UNCTAD: Global trade endures policy changes and uncertainty

    Eternity C

    Watch: Eternity C sinks in the Red Sea following Houthi attack

    newbuildings xclusiv shipbrokers

    Xclusiv Shipbrokers: Newbuilding momentum slows sharply in 2025

  • Columns
    Career Paths: Syb ten Cate Hoedemaker, Maritime Battery Forum

    Career Paths: Syb ten Cate Hoedemaker, Maritime Battery Forum

    GSR Services: The Hong Kong Convention sets the rules for total ship lifecycle responsibility

    NorthStandard: Data sharing to drive technology and improve crew wellbeing

    GSR Services: The Hong Kong Convention sets the rules for total ship lifecycle responsibility

    GSR Services: The Hong Kong Convention sets the rules for total ship lifecycle responsibility

    Trending Tags

    • Anchor Your Health
    • Book Review
    • Career Paths
    • Human Performance
    • Industry Voices
    • Interviews
    • Maripedia
    • Maritime History
    • Regulatory Update
    • Resilience
    • Seafarers Stories
    • SeaSense
    • Training & Development
    • Wellness Corner
    • Wellness Tips
  • Events
  • Plus
No Result
View All Result
  • Home
  • Safety
    • All
    • Accidents
    • Alerts
    • Loss Prevention
    • Maritime Health
    • Regulation
    • Safety
    • Seafarers
    • Security
    IMO piracy

    IMO Piracy Report: Twenty five incidents during May 2025

    Dryad Global

    Dryad Global: Geopolitical tensions continue to shape maritime landscape

    ireland drug seizure

    Ireland’s largest drug smuggling plot leads to eight men in jail

    limpet mines tankers

    Greek tanker fleet boosts security amid limpet mine fears

  • SEAFiT
    • All
    • Intellectual
    • Mental
    • Physical
    • Social
    • Spiritual
    friendship

    Exploring the human need for friendship: A lifeline at sea and on shore

    neck pain

    Neck pain: A growing health concern for maritime workers

    Book Review: Building leaders the MMMA way

    Book Review: Feel grounded and think positive in 10 simple steps

    time

    Stay SEAFiT: Time is non-renewable – invest it wisely

  • Green
    • All
    • Arctic
    • Ballast
    • Emissions
    • Fuels
    • Green Shipping
    • Pollution
    • Ship Recycling
    • Technology
    BIMCO FuelEU Maritime Regulation

    EU issues low-carbon hydrogen fuel standards

    clean air act

    California updates ballast rules for water from low salinity areas

    biofuels

    India’s DGS issues biofuel bunkering guidelines

    biofuel

    Companies sign deal to advance crude lignin oil biofuel

  • Smart
    • All
    • Connectivity
    • Cyber Security
    • E-navigation
    • Energy Efficiency
    • Maritime Software
    • Smart
    Trafigura, ZeroNorth join forces to advance decarbonization solutions

    Trafigura, ZeroNorth join forces to advance decarbonization solutions

    floating data centres

    New partnership to develop floating data center on retrofitted vessel

    connectivity

    Innovating ocean safety: Intellian’s unified vision for connectivity and GMDSS

    autonomous navigation

    New deal aims to advance autonomous navigation technology

  • Risk
    • All
    • CIC
    • Detentions
    • Fines
    • PSC Focus
    • Vetting
    AMSA fine

    NorthStandard: Tips to avoid pollution fines in Turkey

    OCIMF

    OCIMF Annual Report 2025: SIRE 2.0 a welcome change for the industry

    USCG

    ABS PSC Report Q1 2025: 526 total vessels detained

    paris mou lists

    Paris MoU 2024 Performance lists

  • Others
    • All
    • Diversity in shipping
    • Maritime Knowledge
    • Offshore
    • Ports
    • Shipping
    • Sustainability
    • Videos
    Panama Canal

    Panama Canal reports increase in transits despite dry season

    UNCTAD

    UNCTAD: Global trade endures policy changes and uncertainty

    Eternity C

    Watch: Eternity C sinks in the Red Sea following Houthi attack

    newbuildings xclusiv shipbrokers

    Xclusiv Shipbrokers: Newbuilding momentum slows sharply in 2025

  • Columns
    Career Paths: Syb ten Cate Hoedemaker, Maritime Battery Forum

    Career Paths: Syb ten Cate Hoedemaker, Maritime Battery Forum

    GSR Services: The Hong Kong Convention sets the rules for total ship lifecycle responsibility

    NorthStandard: Data sharing to drive technology and improve crew wellbeing

    GSR Services: The Hong Kong Convention sets the rules for total ship lifecycle responsibility

    GSR Services: The Hong Kong Convention sets the rules for total ship lifecycle responsibility

    Trending Tags

    • Anchor Your Health
    • Book Review
    • Career Paths
    • Human Performance
    • Industry Voices
    • Interviews
    • Maripedia
    • Maritime History
    • Regulatory Update
    • Resilience
    • Seafarers Stories
    • SeaSense
    • Training & Development
    • Wellness Corner
    • Wellness Tips
  • Events
  • Plus
No Result
View All Result
SAFETY4SEA

Cyber security vulnerabilities for oil & gas industry: Saudi Aramco case

by The Editorial Team
May 31, 2018
in Cyber Security
offshore exploration ban

Above image is used for illustration purposes only

FacebookTwitterEmailLinkedin

Following Mirai, WannaCry and NotPetya attacks that caused substantial damages across many sectors in the past, safeguarding the ONG sector has been proved of foremost importance. Specifically, a cyber-attack in the ONG may lead to plant shutdown, equipment damage, undetected spills or safety measures violation that may result in injuries and even death. After several high-profile attacks, including the 2012 Saudi Aramco attack which unleashed a virus that affected 30,000 workstations, ONG companies have established their own protocols and prevention procedures.

On 15 August 2012, an employee of Saudi Aramco with privileged access, opened a scam email; one of those that every day pass through spam e mail). Evidence later led to conclusion that this act was in a form of sabotage as the release of the virus that affected the system was intentional. The self-replicating virus infected as many as 35,000 of its Windows-based machines. In practice the whole computer based system of the organisation was destroyed in a matter of hours.

Shamoon was identified as the virus that caused significant disruption to of the world’s larger oil producer. Its main function appeared to have been the indiscriminate deletion of data from computer hard drives. Although this did not result in an oil spill, explosion or other major fault in operations of the organisation, the attack affected the business processes resulting in the loss of some drilling and production data. Saudi Aramco’s computer technicians ripped cables out of the backs of computer servers at data centers all over the world. Every office was physically unplugged from the Internet to prevent the virus from spreading further.

Without access to the digital payment system, the company’s ability to supply 10% of the world with oil was also wiped out and it had to stall the trucks waiting at its gates to take the oil away. Company was sent back to 1970s as employees had to use typewriters and faxes in order to keep basic functions operable.

RelatedNews

Lessons learned: Ensure there are compatible adapters onboard

Lessons learned: Faults in design should be considered

While drilling and pumping of oil continued because it was automated, the business’s operational capacity had to go offline to manage supplies, shipping and contracts. After 17 days, Saudi Aramco had to start giving away oil for free to ensure supply within Saudi Arabia. The knock-on effect was a constrained hard drive market as Saudi Aramco purchased 50,000 hard drives straight from factory floors in Southeast Asia, at a higher price to cut queues. Five months later, with a newly secured computer network and an expanded cybersecurity team, Saudi Aramco brought its system back online. The hackers were never caught.

The attack in Saudi Aramco revealed some interest findings in respect of Cyber Security:

  • Cyber-attacks are difficult to be predicted
  • Attacker needs to find just one vulnerable access point to enter into a system
  • Vulnerabilities of systems usually remain undetected.
  • Attacks are usually anonymous and hard to be located
  • Low cyber security awareness among employee leads to cyber incidents that may be proven serious or catastrophic
  • A computer based system collapse is rapid in relation to response actions. It only takes few minutes for an internet based system or network to be affected.

Unfortunately lessons learned from the attack were not taken seriously into consideration and in 2014 more than 50 Norwegian oil and energy organisations were hacked by unknown attackers, according to government security authorities.

Shamoon also attacked RasGas in Qatar, only after weeks of the Aramco cyber-attack. However, the RasGas disturbance was negligible compared to Saudi Arabia’s impact and hopefully it did not affect the production of natural gas. Qatar proved to be proactive by establishing a governmental organisation back in 2004 that focused on deterring possible attacks by detecting, analyzing and monitoring the cyber threats. In particular, Qatar serves as a good example for developing and obtaining agreement on a national cyber security strategy to deter cyber crime and create a national incident management capability.

 


cyber security in shipping industryAlthough headline cyber security incidents are rare, a lot of attacks go undetected or unreported as many organisations do not know that someone has broken into their systems. The first line of attack is often the office environment of an oil and gas company, working through to the production network and process control and safety systems. In a recent study with the Lysne Committee, DNV GL identified the following top ten cyber security vulnerabilities for the oil and gas sector:

  1. Lack of cyber security awareness and training among employees
  2. Remote work during operations and maintenance
  3. Using standard IT products with known vulnerabilities in the production environment
  4. A limited cyber security culture among vendors, suppliers and contractors
  5. Insufficient separation of data networks
  6. The use of mobile devices and storage units including smartphones
  7. Data networks between on- and offshore facilities
  8. Insufficient physical security of data rooms, cabinets, etc.
  9. Vulnerable software
  10. Outdated and ageing control systems in facilities.

 

While speaking at the SAFETY4SEA Cyber Masterclass in May 2018, Mr. Apostolos Belokas, Managing Editor, SAFETY4SEA, provided lessons learned from recent cyber incidents and addressed future challenges.

You may view his video presentation by clicking herebelow

Cyber security vulnerabilities for oil & gas industry:  Saudi Aramco caseCyber security vulnerabilities for oil & gas industry:  Saudi Aramco case
Cyber security vulnerabilities for oil & gas industry:  Saudi Aramco caseCyber security vulnerabilities for oil & gas industry:  Saudi Aramco case
Tags: cyber securitylessons learnedoil and gas industry
Previous Post

Maersk Line: Surviving from a cyber attack

Next Post

A smart shipping industry needs smart people

SUGGESTED FOR YOU

lessons learned
Accidents

Lessons learned: Always check to monitor or identify pressure

July 8, 2025
US Iran
Shipping

OFAC issues new round of sanctions targeting Iranian oil

July 7, 2025
lessons learned
Accidents

Lessons learned: ‘Sleeping hygiene’ is critical to safety

June 30, 2025
lessons learned
Accidents

Lessons learned: Never rely on a single navigation appliance

June 27, 2025
oil
Shipping

Oil prices plunge over 7% amid geopolitical turmoil

June 24, 2025
iaph cyber security
Cyber Security

IAPH releases cyber security guidelines for new port technologies

June 24, 2025

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Explore more

No Result
View All Result
MARITIME EVENTS

Explore

  • Safety
  • SEAFiT
  • Green
  • Smart
  • Risk
  • Others
  • SAFETY4SEA Events
  • SAFETY4SEA Plus Subscription

Useful Links

  • About
  • Disclaimer
  • Editorial Policies
  • Advertising
  • Content Marketing
  • Contact

© 2025 SAFETY4SEA

No Result
View All Result
  • Safety
    • Accidents
    • Alerts
    • Loss Prevention
    • Maritime Health
    • Regulation
    • Safety
    • Seafarers
    • Security
  • SEAFiT
    • Intellectual
    • Mental
    • Physical
    • Social
    • Spiritual
  • Green
    • Arctic
    • Ballast
    • Emissions
    • Fuels
    • Green Shipping
    • Pollution
    • Ship Recycling
    • Technology
  • Smart
    • Connectivity
    • Cyber Security
    • E-navigation
    • Energy Efficiency
    • Maritime Software
    • Smart
  • Risk
    • CIC
    • Detentions
    • Fines
    • PSC Case Studies
    • PSC Focus
    • Vetting
  • Others
    • Diversity in shipping
    • Maritime Knowledge
    • Offshore
    • Ports
    • Shipping
    • Sustainability
    • Videos
  • Columns
    • Anchor Your Health
    • Book Review
    • Career Paths
    • Human Performance
    • Industry Voices
    • Interviews
    • Maripedia
    • Maritime History
    • Opinions
    • Regulatory Update
    • Resilience
    • Seafarers Stories
    • SeaSense
    • Tip of the day
    • Training & Development
    • Wellness Corner
    • Wellness Tips
  • SAFETY4SEA Events
  • SAFETY4SEA Plus Subscription

© 2025 SAFETY4SEA

Manage your privacy
We use technologies like cookies to store and/or access device information. We do this to improve browsing experience and to show (non-) personalized ads. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
Manage options
{title} {title} {title}
No Result
View All Result
  • Safety
    • Accidents
    • Alerts
    • Loss Prevention
    • Maritime Health
    • Regulation
    • Safety
    • Seafarers
    • Security
  • SEAFiT
    • Intellectual
    • Mental
    • Physical
    • Social
    • Spiritual
  • Green
    • Arctic
    • Ballast
    • Emissions
    • Fuels
    • Green Shipping
    • Pollution
    • Ship Recycling
    • Technology
  • Smart
    • Connectivity
    • Cyber Security
    • E-navigation
    • Energy Efficiency
    • Maritime Software
    • Smart
  • Risk
    • CIC
    • Detentions
    • Fines
    • PSC Case Studies
    • PSC Focus
    • Vetting
  • Others
    • Diversity in shipping
    • Maritime Knowledge
    • Offshore
    • Ports
    • Shipping
    • Sustainability
    • Videos
  • Columns
    • Anchor Your Health
    • Book Review
    • Career Paths
    • Human Performance
    • Industry Voices
    • Interviews
    • Maripedia
    • Maritime History
    • Opinions
    • Regulatory Update
    • Resilience
    • Seafarers Stories
    • SeaSense
    • Tip of the day
    • Training & Development
    • Wellness Corner
    • Wellness Tips
  • SAFETY4SEA Events
  • SAFETY4SEA Plus Subscription

© 2025 SAFETY4SEA