It is a well-known fact that the oil industry is the backbone of the UAE’s economy. In fact, considering that the UAE has signed a pact to constrain oil production, the country had to lower its crude oil out for the sake of compliance. Presently though, the country’s oil industry is unprotected against new cyber security risks. This necessitates professional and thorough security threat and risk assessment within local oil businesses. Like other Organization of the Petroleum Exporting Countries (OPEC), the UAE is highly vulnerable to cyber attacks.
Oil companies in the UAE are not even properly aware of the potential cyber security risks that pose a threat to them.
How Severe Is The Threat?
The severity of the threat that a cyber security risk may pose to an oil company may vary, depending on the goals of the culprit. For instance, a cyber attack may result in the leaking of critical, top-secret information. Culprits behind a cyber-attack on an oil company may even sabotage its operation.
Where Does The Vulnerability Lie?
Worms, a malware computer program capable of multiplying, have been specifically designed to target the data acquisition, logic and supervisory control programs that are currently in use within oil companies. Back in 2010, several gas and oil companies in Iran fell victim to the Stuxnet virus, even though they were not the intended the targets. This was an eye-opener.
Oil companies can actually increase their vulnerability to cyber attacks even just by using common enterprise applications. This is because oil companies use various integration technologies to integrate these applications with their plant infrastructure, connecting them with a wide range of devices within the plant. If the connections between them are unsecured, cyber attackers can take advantage of them.
What Is The Worst That Could Happen?
- In petroleum companies, the systems that manage tank information and gauge the tanks are interconnected. Some are even indirectly involved in the control of tank filling. Cyber-criminals can hack into these systems, altering critical values, such as an oil tank’s maximum filling limit, which could lead to disastrous consequences like an explosion.
- Using a malicious, remotely operated computer program, a cyber criminal may alter a petroleum company’s critical oil stock information. In such a scenario, a company may realize that its oil stock has depleted and it may not be able to provide oil to its customers, resulting in the company being deemed fraudulent and suffering drastic losses.
- As mentioned, cyber criminals can easily sabotage the equipment at a petroleum plant since they are connected to enterprise and other such applications, especially if the connections are unsecured. This way, they can remotely tamper with critical equipment measurements related to pressure and temperature, which could lead to equipment malfunction, resulting in the wastage of valuable financial resources and time.
The solution to such cyber-security threats may sound rather commonplace and ordinary, but oil companies in the UAE can simplify matters just by hiring a managed security services UK-based firms. When it comes to cyber security vulnerabilities, the entire critical infrastructure of an oil company, and the UAE’s oil industry at large, depends on being protected from such threats. Considering everything that can potentially happen if a cyber-criminal hacks through, it is not worth taking the risk by not deploying some sort of a security operation.