Thursday, October 04, 2012

Inside Saudi Aramco with 60 Minutes

I just watched a recent episode of 60 Minutes on CNBC and enjoyed the segment on oil production in Saudi Arabia. It featured a story from late 2008 on Saudi Aramco. You may recall this name from recent news, namely data destruction affecting 30,000 computers. A recent Reuters article said the following:

Saudi Aramco has said that only office PCs running Microsoft Windows were damaged. Its oil exploration, production, export, sales and database systems all remained intact as they ran on isolated and heavily protected systems.

"All our core operations continued smoothly," CEO Khalid Al-Falih told Saudi government and business officials at a security workshop on Wednesday.

"Not a single drop of oil was lost. No critical service or business transaction was directly impacted by the virus."

It is standard industry practice to shield plant operating networks from hackers by running them on separate operating systems that are protected from the Internet.

While watching the video I was struck by the following comments by the CEO of Saudi Aramco, giving Leslie Stahl a tour of their 21st century operations center (pictured here). From the transcript:

Abdallah Jum'ah, Saudi Aramco's president and CEO... gave 60 Minutes a tour of the company's command center, where engineers scrutinize and analyze every aspect of the company's operations on a 220-foot digital screen.

"Every facility in the kingdom, every drop of oil that comes from the ground is monitored in real time in this room," Jum'ah explained. "And we have control of each and every facility, each and every pipeline, each and every valve on the pipeline. And therefore, we know exactly what is happening in the system from A to Z."

Aramco engineers are making sure that not one drop of oil is overlooked: computers are receiving data, via satellite, from sensors mounted on drill bits that are burrowing deep into the oil fields all over Saudi Arabia. Engineers are sending instant messages that actually guide the drill bits.

"He is now directing that drill bit to go into the best areas of the reservoirs. And suck that oil from it, and not leave any oil behind," Jum'ah explained.

He says the drill bit is a bit like a snake, going down and following where the oil is. "And mind you, this is happening 400 to 500 miles from here geographically. And we are sending that drill bit also two or three miles in the ground."

The screen capture at right appears to show this control process in action on a Windows XP computer. (Remember, this show was filmed in late 2008.)

You can watch the segment (in two parts) for more details, if you like.

Now, it's entirely possible that the sorts of systems depicted in the video were not affected by the malicious code that allegedly struck 30,000 systems. Then again, it's not unheard of for malicious code to propagate from one enclave to another.

Hopefully we will hear more details on what happened, either to Saudi Aramco or apparently other companies. Again, from Reuters:

Qatar's natural gas firm Rasgas was also hit by a cyber attack last week, although it has not said how much damage was caused or whether Shamoon was the virus involved. Qatar, also a Sunni Gulf kingdom, has similar foes to Saudi Arabia.

Its parent firm Qatar Petroleum, which also owns Qatar's other main natural gas firm Qatargas, said it was unaffected but implied that other companies had been hit.

"Qatar Petroleum has not been affected by the computer virus that hit several oil and gas firms. All QP operations are continuing as normal," it said in an official tweet on Monday.

1 comment:

Paul B said...

Wish i would have caught this special (will have to search for it later), as part of the team doing response and forensics over here, i'd say its a tenuous situation at best, and networks over here are remind me of rich parents with new toys... lots of money, and little to no knowledge of how to use/set up/configure properly, and no plan to set up cyber security in the organizations at large (with regards to funding/training/CERT capabilities/forensics).

the attitude is more of, buy some new network appliance, slap it inline, and move on.