Energy infrastructure targeted as cyber attacks increase globally


The attack by an Islamist terror group on the gas plant at In Amenas in Algeria and the subsequent hostage crisis in January 2013 is considered by many security experts to be a watershed moment in North Africa and the worldwide energy industry.

It was the worst terrorist attack on oil and gas installations in the industry’s 150-year history.

A heavily armed convoy was able to invade one of Algeria’s single-largest gas producers despite armed forces surrounding this isolated site in the middle of the Sahara desert.

Algeria’s response was fast and robust. They stormed the building, killing or capturing all the insurgents. Dozens of hostages also died in the operation.

The attack demonstrated that critical energy infrastructures (CEI) are increasingly becoming a prime target for terror groups. Critical energy infrastructures include installations and networks for generating electricity and the extraction of oil and gas, storage and refineries, liquid gas terminals, nuclear power stations, water dams and transport and distribution systems.

Physical attacks are expected to take place more regularly than in the past in North Africa because of its changing power structures.

Attacks on oil and gas infrastructures like pipelines have also significantly increased partly the result of the expansion of energy infrastructures like pipelines, production sites and electrical grid systems throughout the world.

But while the industry has some experience in coping with physical attacks, the increasing number of cyber attacks on critical energy infrastructures (CEI) presents a new security threat in which there is little expertise or experience.

Cyber attacks against the world’s largest oil producer, Saudi Aramco and RasGas, a joint venture of ExxonMobil and the state company Qatar Petroleum, called Shamoon, crippled 30,000 of Aramco’s computers in the summer of 2012.

Rasgas was forced to shut down the company’s website and some of its internal servers.

A nationwide investigation by a private computer security company concluded that 69 per cent of all Saudi companies could not cope with cyber attacks because of the simple ‘lack of data back-up operations on a daily basis’.

US Defence Secretary at the time, Leon Panetta, called the Shamoon cyber intrusions ‘the most destructive attack that the private sector has seen to date’.

US intelligence circles have blamed Iran for being responsible for the ‘denial-of-service’cyber attacks on Saudi Aramco and RasGas. It is accused of sending an endless flow of computer-generated requests aimed at overwhelming networks.

Read More Here