The attack on a critical US artery for the transport of fuel has once again exposed the vulnerabilities of the energy industry to cyber attacks. The ransomware attack on the 2.5 million barrels per day Colonial Pipeline endangered access to fuel for the US East Coast. The pipeline, which was built in the 1960s, snakes across a distance of 8,850 kilometres and carries products sufficient to meet the total consumption of Germany, Europe’s largest economy and the world’s fourth-biggest.
So what makes the energy industry a target for attacks and why is it vulnerable?
Any impact on the energy sector can affect entire communities and even countries. An attack on a power plant or a pipeline can cause widespread blackouts, impact transportation, heating, and the functioning of critical activities in the economy.
The vulnerability in the energy industry originates from the use of legacy industrial control systems, particularly if these have not been upgraded for a number of years and are not fully integrated across systems, according to Mohammed AlMohtadi, chief information security officer at Abu Dhabi’s Injazat.
“These legacy systems therefore not only represent risk factors for energy organisations but can also have a widespread economic impact,” he said.
So how do large energy and utility companies become prey to attacks?
Threat actors usually attempt to steal trade secrets, confidential data and intellectual property, through ransomware attacks.
“While we anticipate breaches to be very sophisticated, in most cases they occur through simple phishing emails and other social engineering activities,” added Mr AlMohtadi.
A ransomware attack, such as the one on the Colonial Pipeline, involves hackers infecting networks with malicious software that encrypts data and leaves machines locked until the victims pay an extortion fee.
On Monday, DarkSide, the group behind the attack, said its aim was to "make money" but not create problems for society. In many cases, the attacks cost the economy much more than the ransom amount demanded.
In many cases, where a cybercriminal intends to inflict political and physical damage to a country or cause financial or reputational harm, the energy sector often becomes a prime target.
“[The] energy industry comes under critical infrastructure … if it is breached, the nation's financial and physical infrastructure could be potentially crippled,” said Avinash Advani, founder and chief executive of Dubai-based cybersecurity company CyberKnight.
Oil and gas infrastructure, nuclear plants, electricity grids, water companies and utility firms that supply the community with power, water, and treat sewage are potential targets.
The Covid-19 pandemic has exposed the energy industry's underbelly. As more people work from home to contain the spread of coronavirus, they unwittingly expose an organisation to cyber attacks.
“Employees at energy organisations are working from home and remotely accessing corporate assets … [they] become a critical attack vector and entry point for attackers,” said Mr Advani.
Researchers have found many coronavirus-related malicious e-mail campaigns and hundreds of downloadable files that attempt to infect user devices. Malicious files have been masked under the guise of pdf, mp4 and docx files. The names of files imply that they contain instructions on how to protect yourself from the virus or updates on the threat.
“We assume the Colonial Pipeline, the biggest US pipeline system connecting oil supplies in Texas with New York, has been attacked through an insecure remote access,” Stefan Schachinger, network security product manager at computer security company Barracuda, said.
“Remote accesses are not insecure per definition but require proper security measures such as encryption and multi-factor authentication,” he added.
DarkSide, the ransomware group that claimed the Colonial Pipeline attack is new but experienced, industry experts said.
The group targets largely English-speaking countries and avoids the economies of former Soviet states, said Boston-based cyber security firm Cybereason. Its ransom demand typically ranges from $200,000 to $2 million. The group has published stolen data from more than 40 victims, who are believed to be just a fraction of the overall number.
Cyber attacks on energy infrastructure are typically politically or financially motivated.
“When there is an attack on the West, it usually originates from [entities inside] Russia or Eastern European countries with ties to Russia, Iran, China, or North Korea,” said Mr Advani.
However, there can be financially motivated criminal groups that may or may not be associated with a government.
President Joe Biden has said there is no evidence that the Russian government is responsible for the attack on the Colonial Pipeline, but that the country has "some responsibility" to address the ransomware attack and that he will seek global co-operation to battle similar hacks.
US Energy Secretary Jennifer Granholm told Bloomberg TV that supply in the country has so far not been impacted and that the company has said it hopes to restore operations by the end of this week.
“It tells you how utterly vulnerable we are,” Ms Granholm said. “We’re seeing all of these examples of ransomware attacks coming - whether it’s telecommunications or this critical infrastructure. And obviously in my lane I’m very worried about the energy infrastructure.”
She said the incident clearly highlighted the need of private sector companies to step up their investment in cyber defence.
Globally, around 61 per cent of companies surveyed by London-based Mimecast said they were affected by a ransomware attack last year. About 52 per cent of them paid the ransom but of those, only two-thirds recovered their data.
Given the serious implications of cyber attacks, the energy industry should not underestimate groups that target facilities. Many of these groups now have help desks, technical support, payroll processing, and subcontractors, according to Marty Edwards, vice president of operational technology security at Maryland-based cyber-security company Tenable.
“They are essentially full-fledged criminal corporations operating in the digital world.”
"If reports are accurate, the Colonial Pipeline incident has all of the markings of a possible ransomware attack that began in the IT environment and, out of precaution, forced the operator to shut down operations,” added Mr Edwards.
In 2012, the Shamoon virus attack on Saudi Aramco systems wiped the hard drives of some 30,000 computers clean.
The attacks were blamed on Iran, which denied responsibility.
In 2017, a $20 billion petrochemical project joint venture between Saudi Aramco and Dow Chemicals also experienced a spate of hacking attacks.
The financial fallout from cyber attacks in the Arabian Gulf in 2017 was estimated at more than $1bn, according to a 2018 report by Siemens. Three-quarters of regional oil and gas companies, or over 30 per cent of the global production of oil, have experienced some form of cyber-security breach in the past, according to DarkMatter, a UAE-based cyber security company.
The financial fallout from data breaches among a selected sample of companies in the UAE and Saudi Arabia rose 9.4 per cent, costing them $6.53m per breach, according to a 2020 study by IBM Security.
In 2017, Saudi Arabia, Opec's biggest producer, established the National Cybersecurity Authority (NCA) to combat cyber threats.
The UAE rolled out its first National Cybersecurity Strategy in 2019, followed by the formation of National Cybersecurity Council to develop policies and laws to strengthen cyber security and ensure the country is not vulnerable to attacks.
In December, Dubai Electronic Security Centre rolled out a cyber resilience plan that aims to safeguard the emirate's critical infrastructure including oil and gas sector. In June, Injazat opened a Cyber Fusion Centre in Abu Dhabi, expanding its cyber defence abilities and portfolio of services.
In the Middle East, companies such as Saudi Aramco, the world's largest exporter of oil, are enforcing stricter compliance on third-party vendors to ensure their facilities are protected against cyber attacks, that could impact the supply of oil globally.
Suppliers including general vendors and those specialising in outsourced infrastructure, customised software, network connectivity, and critical data processors need to obtain Saudi Aramco's cyber security standard certification.
Test series fixtures
(All matches start at 2pm UAE)
1st Test Lord's, London from Thursday to Monday
2nd Test Nottingham from July 14-18
3rd Test The Oval, London from July 27-31
4th Test Manchester from August 4-8
Financial considerations before buying a property
Buyers should try to pay as much in cash as possible for a property, limiting the mortgage value to as little as they can afford. This means they not only pay less in interest but their monthly costs are also reduced. Ideally, the monthly mortgage payment should not exceed 20 per cent of the purchaser’s total household income, says Carol Glynn, founder of Conscious Finance Coaching.
“If it’s a rental property, plan for the property to have periods when it does not have a tenant. Ensure you have enough cash set aside to pay the mortgage and other costs during these periods, ideally at least six months,” she says.
Also, shop around for the best mortgage interest rate. Understand the terms and conditions, especially what happens after any introductory periods, Ms Glynn adds.
Using a good mortgage broker is worth the investment to obtain the best rate available for a buyer’s needs and circumstances. A good mortgage broker will help the buyer understand the terms and conditions of the mortgage and make the purchasing process efficient and easier.
Read more about the coronavirus
Famous left-handers
- Marie Curie
- Jimi Hendrix
- Leonardo Di Vinci
- David Bowie
- Paul McCartney
- Albert Einstein
- Jack the Ripper
- Barack Obama
- Helen Keller
- Joan of Arc
NBA Finals so far
(Toronto lead 3-1 in best-of-seven series_
Game 1 Raptors 118 Warriors 109
Game 2 Raptors 104 Warriors 109
Game 3 Warriors 109 Raptors 123
Game 4 Warriors 92 Raptors 105
SANCTIONED
- Kirill Shamalov, Russia's youngest billionaire and previously married to Putin's daughter Katarina
- Petr Fradkov, head of recently sanctioned Promsvyazbank and son of former head of Russian Foreign Intelligence, the FSB.
- Denis Bortnikov, Deputy President of Russia's largest bank VTB. He is the son of Alexander Bortnikov, head of the FSB which was responsible for the poisoning of political activist Alexey Navalny in August 2020 with banned chemical agent novichok.
- Yury Slyusar, director of United Aircraft Corporation, a major aircraft manufacturer for the Russian military.
- Elena Aleksandrovna Georgieva, chair of the board of Novikombank, a state-owned defence conglomerate.
Benefits of first-time home buyers' scheme
- Priority access to new homes from participating developers
- Discounts on sales price of off-plan units
- Flexible payment plans from developers
- Mortgages with better interest rates, faster approval times and reduced fees
- DLD registration fee can be paid through banks or credit cards at zero interest rates
Living in...
This article is part of a guide on where to live in the UAE. Our reporters will profile some of the country’s most desirable districts, provide an estimate of rental prices and introduce you to some of the residents who call each area home.
The Settlers
Director: Louis Theroux
Starring: Daniella Weiss, Ari Abramowitz
Rating: 5/5
if you go
The flights
Emirates fly direct from Dubai to Houston, Texas, where United have direct flights to Managua. Alternatively, from October, Iberia will offer connections from Madrid, which can be reached by both Etihad from Abu Dhabi and Emirates from Dubai.
The trip
Geodyssey’s (Geodyssey.co.uk) 15-night Nicaragua Odyssey visits the colonial cities of Leon and Granada, lively country villages, the lake island of Ometepe and a stunning array of landscapes, with wildlife, history, creative crafts and more. From Dh18,500 per person, based on two sharing, including transfers and tours but excluding international flights. For more information, visit visitnicaragua.us.
What is Reform?
Reform is a right-wing, populist party led by Nigel Farage, a former MEP who won a seat in the House of Commons last year at his eighth attempt and a prominent figure in the campaign for the UK to leave the European Union.
It was founded in 2018 and originally called the Brexit Party.
Many of its members previously belonged to UKIP or the mainstream Conservatives.
After Brexit took place, the party focused on the reformation of British democracy.
Former Tory deputy chairman Lee Anderson became its first MP after defecting in March 2024.
The party gained support from Elon Musk, and had hoped the tech billionaire would make a £100m donation. However, Mr Musk changed his mind and called for Mr Farage to step down as leader in a row involving the US tycoon's support for far-right figurehead Tommy Robinson who is in prison for contempt of court.
UAE central contracts
Full time contracts
Rohan Mustafa, Ahmed Raza, Mohammed Usman, Chirag Suri, Mohammed Boota, Sultan Ahmed, Zahoor Khan, Junaid Siddique, Waheed Ahmed, Zawar Farid
Part time contracts
Aryan Lakra, Ansh Tandon, Karthik Meiyappan, Rahul Bhatia, Alishan Sharafu, CP Rizwaan, Basil Hameed, Matiullah, Fahad Nawaz, Sanchit Sharma
COMPANY%20PROFILE
%3Cp%3E%3Cstrong%3ECompany%3A%3C%2Fstrong%3E%20Eco%20Way%3Cbr%3E%3Cstrong%3EStarted%3A%3C%2Fstrong%3E%20December%202023%3Cbr%3E%3Cstrong%3EFounder%3A%3C%2Fstrong%3E%20Ivan%20Kroshnyi%3Cbr%3E%3Cstrong%3EBased%3A%3C%2Fstrong%3E%20Dubai%2C%20UAE%3Cbr%3E%3Cstrong%3EIndustry%3A%3C%2Fstrong%3E%20Electric%20vehicles%3Cbr%3E%3Cstrong%3EInvestors%3A%3C%2Fstrong%3E%20Bootstrapped%20with%20undisclosed%20funding.%20Looking%20to%20raise%20funds%20from%20outside%3Cbr%3E%3C%2Fp%3E%0A
Real estate tokenisation project
Dubai launched the pilot phase of its real estate tokenisation project last month.
The initiative focuses on converting real estate assets into digital tokens recorded on blockchain technology and helps in streamlining the process of buying, selling and investing, the Dubai Land Department said.
Dubai’s real estate tokenisation market is projected to reach Dh60 billion ($16.33 billion) by 2033, representing 7 per cent of the emirate’s total property transactions, according to the DLD.
Schedule for Asia Cup
Sept 15: Bangladesh v Sri Lanka (Dubai)
Sept 16: Pakistan v Qualifier (Dubai)
Sept 17: Sri Lanka v Afghanistan (Abu Dhabi)
Sept 18: India v Qualifier (Dubai)
Sept 19: India v Pakistan (Dubai)
Sept 20: Bangladesh v Afghanistan (Abu Dhabi) Super Four
Sept 21: Group A Winner v Group B Runner-up (Dubai)
Sept 21: Group B Winner v Group A Runner-up (Abu Dhabi)
Sept 23: Group A Winner v Group A Runner-up (Dubai)
Sept 23: Group B Winner v Group B Runner-up (Abu Dhabi)
Sept 25: Group A Winner v Group B Winner (Dubai)
Sept 26: Group A Runner-up v Group B Runner-up (Abu Dhabi)
Sept 28: Final (Dubai)
MATCH INFO
Everton v Tottenham, Sunday, 8.30pm (UAE)
Match is live on BeIN Sports
Mohammed bin Zayed Majlis
SUNDAY'S ABU DHABI T10 MATCHES
Northern Warriors v Team Abu Dhabi, 3.30pm
Bangla Tigers v Karnataka Tuskers, 5.45pm
Qalandars v Maratha Arabians, 8pm
Punchy appearance
Roars of support buoyed Mr Johnson in an extremely confident and combative appearance
Zayed Sustainability Prize
Ferrari 12Cilindri specs
Engine: naturally aspirated 6.5-liter V12
Power: 819hp
Torque: 678Nm at 7,250rpm
Price: From Dh1,700,000
Available: Now
MATCH INFO
What: India v Afghanistan, first Test
When: Starts Thursday
Where: M Chinnaswamy Stadium, Bengalaru
BMW M5 specs
Engine: 4.4-litre twin-turbo V-8 petrol enging with additional electric motor
Power: 727hp
Torque: 1,000Nm
Transmission: 8-speed auto
Fuel consumption: 10.6L/100km
On sale: Now
Price: From Dh650,000
Walls
Louis Tomlinson
3 out of 5 stars
(Syco Music/Arista Records)
WRESTLING HIGHLIGHTS
What to watch out for:
Algae, waste coffee grounds and orange peels will be used in the pavilion's walls and gangways
The hulls of three ships will be used for the roof
The hulls will painted to make the largest Italian tricolour in the country’s history
Several pillars more than 20 metres high will support the structure
Roughly 15 tonnes of steel will be used
Dust and sand storms compared
Sand storm
- Particle size: Larger, heavier sand grains
- Visibility: Often dramatic with thick "walls" of sand
- Duration: Short-lived, typically localised
- Travel distance: Limited
- Source: Open desert areas with strong winds
Dust storm
- Particle size: Much finer, lightweight particles
- Visibility: Hazy skies but less intense
- Duration: Can linger for days
- Travel distance: Long-range, up to thousands of kilometres
- Source: Can be carried from distant regions
SPECS
%3Cp%3E%3Cstrong%3EEngine%3A%20%3C%2Fstrong%3E4-litre%20flat-six%0D%3Cbr%3E%3Cstrong%3EPower%3A%20%3C%2Fstrong%3E525hp%20(GT3)%2C%20500hp%20(GT4)%0D%3Cbr%3E%3Cstrong%3ETorque%3A%20%3C%2Fstrong%3E465Nm%20(GT3)%2C%20450Nm%20(GT4)%0D%3Cbr%3E%3Cstrong%3ETransmission%3A%20%3C%2Fstrong%3ESeven-speed%20automatic%0D%3Cbr%3E%3Cstrong%3EPrice%3A%20%3C%2Fstrong%3EFrom%20Dh944%2C000%20(GT3)%2C%20Dh581%2C700%20(GT4)%0D%3Cbr%3E%3Cstrong%3EOn%20sale%3A%20%3C%2Fstrong%3ENow%0D%3Cbr%3E%3C%2Fp%3E%0A
