updated 06:34 pm EDT, Thu August 16, 2012
Saudi Aramco disconnected from Internet as a precaution
The largest oil company in the world, Saudi Aramco, has acknowledged that it has been struck by a malware infestation on nearly all its user workstations. The breach is said to be similar to the attack on Iranian systems in April, but oil-production industrial equipment was not affected. The company disconnected its entire network from the Internet as a precautionary measure, and anticipates full recovery of its IT systems before the end of the week.
The oil producer has not commented on the vector of attack or parties involved, but insists that production has not been altered as a result of the security breach. "The company employs a series of precautionary procedures and multiple redundant systems within its advanced and complex system that are used to protect its operational and database systems," said Saudi Aramco in a statement.
Chevron and Schlumberger Ltd may be vulnerable to a similar attack because their networks are linked to the Aramco system. Most of the worldwide oil industries shifted to Windows-based systems during the Y2K scare and migration from custom legacy systems. The expansion of internet connectivity coupled with the ubiquitous nature of Windows increased the danger of cyber attack to the energy industry.
An attack at the National Iranian Oil Company in April forced a similar response to isolate the attack, when a virus was detected inside the control systems of the Kharg Island oil facility. The virus used for the Iranian attack, W32.Flamer (also referred to as 'Flame') was found in a number of Middle Eastern countries, but has since been remotely altered by its creators to delete and overwrite itself. The specific vector of attack at Saudi Aramco has not been determined.