The Cyber Attack on Saudi Aramco

Survival

Volumn 55, Issue 2, 2013, Pages 81-96

  Bronk, Christopher ^a   Tikk Ringas, Eneken ^b  

^a Information Technology Policy   (United States)

^b Cyber Security at the IISS ^*  (United Kingdom)

Author keywords

[No Author keywords available]

Indexed keywords

EID: 84876029693     PISSN: 00396338     EISSN: 14682699     Source Type: Journal    
DOI: 10.1080/00396338.2013.784468     Document Type: Article

References (55)

1. John Roberts, 'Cyber Threats to Energy Security, as Experienced by Saudi Arabia', Platts, 27 November 2012, http://blogs.platts. com/2012/11/27/virus_threats/.
2. Robert Tuttle, 'Virus Shuts RasGas Office Computers, LNG Output Unaffected', Bloomberg, 30 August 2012, http://www. bloomberg.com/news/2012-08-30/ virus-shuts-rasgas-office-computerslng-output-unaffected-1-.html.
3. Joshua R. Itzkowitz Shifrinson and Miranda Priebe, 'A Crude Threat: The Limits of an Iranian Missile Campaign against Saudi Arabian Oil', International Security, vol. 36, no. 1, Summer 2011, pp. 167-201.
4. Khalid Al-Rodhan, 'The Impact of the Abqaiq Attack on Saudi Energy Security', Saudi-US Relations Information Service, 28 February 2006, http://www.susris.com/articles/ 2006/ioi/060228-rodhan-abqaiq. html.
5. Leon Panetta, 'Defending the Nation from Cyber Attack', US Department of Defense speech, 11 October 2012, http://www.defense.gov/speeches/ speech.aspx?speechid=1728.
6. Nicolas Falliere, Liam O Murchu and Eric Chien, W.32 Stuxnet Dossier, version 1.4, Symantec, February 2011.
7. Nicolas Falliere, Liam O Murchu and Eric Chien, W.32 Stuxnet Dossier, version 1.4, Symantec, February 2011.
8. Christopher Williams, 'Barack Obama "Ordered Stuxnet Cyber Attack on Iran"', Daily Telegraph, 1 June 2012.
9. David Sanger, Confront and Conceal: Obama's Secret Wars and Surprising Use of American Power (New York: Crown Publishers, 2012).
10. Mark Clayton, 'Stuxnet Malware is "Weapon" Out to Destroy... Iran's Bushehr Nuclear Plant?', Christian Science Monitor, 21 September 2010, http://www. csmonitor.com/USA/2010/0921/ Stuxnet-malware-is-weapon-out-todestroy-Iran-s-Bushehr-nuclear-plant. See also Ralph Langner, Robust Control System Networks: How to Achieve Reliable Control After Stuxnet (New York: Momentum Press, 2011).
11. See also Ralph Langner, Robust Control System Networks: How to Achieve Reliable Control After Stuxnet (New York: Momentum Press, 2011).
12. David E. Sanger, 'Mutually Assured Cyberdestruction?', New York Times, 2 June 2012, http://www.nytimes. com/2012/06/03/sunday-review/mutually-assured-cyberdestruction.html.
13. David E. Sanger, 'Mutually Assured Cyberdestruction?', New York Times, 2 June 2012, http://www.nytimes. com/2012/06/03/sunday-review/mutually-assured-cyberdestruction.html.
14. David E. Sanger, 'Mutually Assured Cyberdestruction?', New York Times, 2 June 2012, http://www.nytimes. com/2012/06/03/sunday-review/mutually-assured-cyberdestruction.html.
15. Flame's discovery was jointly announced by Kaspersky, CrySyS and the Iran Computer Emergency Response Team; the International Telecommunications Union apparently having facilitated Iranian cooperation with European malware analysis experts. sKyWIper Analysis Team, sKyWIper (a.k.a. Flame a.k.a. Flamer): A Complex Malware for Targeted Attacks (v. 1.05), Laboratory of Cryptography and System Security, Budapest University of Technology and Economics, 31 May 2012.
16. See Ellen Messmer, 'Iran's Discovery of Flame Malware Turning into Political Hot Potato', Network World, 30 May 2012, http://www. networkworld.com/news/2012/053012-iran-flame-malware-259708.html.
17. Darren Pauli, 'Iran CERT Fingers Flame for Oil Refinery Attacks', SC Magazine, 30 May 2012, http://www. scmagazine.com.au/Tools/Print. aspx?CIID=302718.
18. 'Neuer Angriff mit Stuxnet', Neue Zürcher Zeitung, 25 December 2012, http://www. nzz.ch/aktuell/international/ iran-meldet-neuen-angriff-mit-computervirus-stuxnet-1.17909054.
19. William Jackson, 'Stuxnet Shut Down by Its Own Kill Switch', GCN, 26 June 2012, http://gcn.com/ articles/2012/06/26/stuxnet-demiseexpiration-date.aspx
20. 'Stuxnet: Targeting Iran's Nuclear Programme', Strategic Comments, vol. 17, comment 6, February 2011.
21. 'Oil and Gas Giant Considers Petascale Supercomputer', HPCwire, 11 July 2011, http://www.hpcwire. com/hpcwire/2011-07-11/ oil_and_gas_giant_considers_petascale_ supercomputer.html. Tiffany Trader, 'Cloudnumbers Expedites Cloud-Based Supercomputing', HPC in the Cloud, 14 February 2012, http://www.hpcinthecloud. com/hpccloud/2012-02-14/ cloudnumbers_expedites_cloudbased_ supercomputing.html.
22. Tiffany Trader, 'Cloudnumbers Expedites Cloud-Based Supercomputing', HPC in the Cloud, 14 February 2012, http://www.hpcinthecloud.com/hpccloud/2012-02-14/cloudnumbers_expedites_cloudbased_supercomputing.html.
23. 'Microsoft Maximizes Upstream Operations Agility and Control', Microsoft, 2010, http:// download.microsoft.com/ download/C/F/E/CFE4502FB04D-43F4-B7BE-35CAA29539B6/ Oil_Gas_Upstream%20Operations. pdf.
24. Cyber security issues of greatest concern to the oil and gas industry are likely to be: theft of intellectual property; cyber espionage aimed at short-term decision-making; and deletion of production and refinement data. See Chris Bronk and Adam Pridgen, Cybersecurity Issues and Policy Options for the U.S. Energy Industry, Baker Institute Policy Report #53, Baker Institute for Public Policy, September 2012.
25. 'Fast Track to the Future: The 2012 IBM Tech Trends Report', IBM, 2012, http://public.dhe.ibm.com/ common/ssi/ecm/en/xie12346usen/ XIE12346USEN.PDF.
26. Nicole Perlroth, 'Connecting the Dots After Cyber attack on Saudi Aramco', New York Times, 27 August 2012, http:// bits.blogs.nytimes.com/2012/08/27/ connecting-the-dots-after-cyber attack-on-saudi-aramco/.
27. 'Was Iran Responsible for Saudi Aramco's Network Attack?', Digital Dao, 22 August 2012, http://jeffreycarr. blogspot.com/2012/08/was-iranresponsible-for-saudi-aramcos.html.
28. See 'Joint Security Awareness Report: JSAR-12-241-01-Shamoon/DistTrack Malware', Industrial Control Systems Cyber Emergency Response Team, 29 August 2012, http://www.us-cert.gov/ control_systems/pdf/JSAR-12-241-01. pdf.
29. 'Shamoon, a Two-stage Targeted Attack', Seculert Blog, 16 August 2012, http://blog.seculert.com/2012/08/shamoon-two-stage-targeted-attack.html.
30. Dmitry Tarakanov, 'Shamoon The Wiper: Further Details (Part II)', SecureList, 11 September 2012, http://www.securelist.com/en/ blog/208193834/Shamoon_The_ Wiper_further_details_Part_II.
31. 'Saudi Aramco Repairs Damage from computer attack', Al Arabiya News, 26 August 2012, available at http://english.alarabiya.net/articles/ 2012/08/26/234372.html.
32. 'Saudi Aramco Investigating Origins of "Shamoon" Virus Following Attack', Al Arabiya News, 26 August 2012, http://english.alarabiya.net/ articles/2012/09/12/237530.html.
33. Roberts, 'Cyber Threats to Energy Security'.
34. Roberts, 'Cyber Threats to Energy Security'.
35. Leon Panetta, 'DOD News Briefing with Secretary Panetta and Gen. Dempsey from the Pentagon', US Department of Defense news transcript, 25 October 2012, http://www. defense.gov/transcripts/transcript. aspx?transcriptid=5143.
36. 'The Shamoon Attacks', Symantec, 16 August 2012, http://www.symantec. com/connect/blogs/shamoon-attacks.
37. The Cutting Sword of Justice's full attribution is available at http://pastebin. com/HqAgaQRj.
38. 'Daily Report: How Aramco Got Hacked', New York Times, 24 October 2012, http://bits. blogs.nytimes.com/2012/10/24/ daily-report-how-aramco-got-hacked/.
39. David Perera, 'Clapper Sounds Alarm on Cyber Capabilities of Iran, China and Russia', FierceGovernmentIT, 1 February 2012, http://www. fiercegovernmentit.com/story/ clapper-sounds-alarm-cyber-capabilities-iran-china-and-russia/2012-02-01; 'US General Warns Over Iranian Cyber-Soldiers', BBC News, 18 January 2013, http://www.bbc.co.uk/ news/technology-21075781.
40. 'US General Warns Over Iranian Cyber-Soldiers', BBC News, 18 January 2013, http://www.bbc.co.uk/ news/technology-21075781.
41. 'US says Iran Behind Cyber Attack in Saudi Arabia', Al Arabiya News, 13 October 2012, http://english.alarabiya. net/articles/2012/10/13/243475.html.
42. Fareed Mohamedi, 'The Oil and Gas Industry', Iran Primer, United States Institute for Peace, 2010, http://iranprimer.usip.org/resource/ oil-and-gas-industry.
43. 'India's Top Buyer of Iran Oil Turns to Azeri, Saudi', Reuters, 16 July 2012, http://www. reuters.com/article/2012/07/16/ india-mrpl-idUSL6E8IGAGO20120716.
44. 'Iran Denies U.S. Claims it was Behind Persian Gulf Cyber Attacks', Tehran Times, 14 October 2012, http://www. tehrantimes.com/politics/102372-irandenies-us-claims-it-was-behind-persian-gulf-cyber-attacks.
45. Raphael Satter, 'Stuxnet Cyberweapon Older than Believed', Associated Press, 27 February 2013, http:// bigstory.ap.org/article/report-stuxnetcyberweapon-older-believed.
46. 'Symantec 2010 Critical Infrastructure Protection Study', Symantec, October 2010, http://www.symantec.com/ content/en/us/about/presskits/ Symantec_2010_CIP_ Study_Global_Data.pdf.
47. According to Article 2(a) of Directive 2008/114/EC, '"critical infrastructure" means an asset, system or part thereof located in Member States which is essential for the maintenance of vital societal functions, health, safety, security, economic or social wellbeing of people, and the disruption or destruction of which would have a significant impact in a Member State as a result of the failure to maintain those functions'. Http://eur-lex.europa.eu/ LexUriServ/LexUriServ.do?uri=OJ:L:2 008:345:0075:0082:EN:PDF; according to 42 USC 5195c.(e), '"critical infrastructure" means systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters'. http://www.gpo. gov/fdsys/pkg/USCODE-2010-title42/ pdf/USCODE-2010-title42-chap68-subchapIV-B-sec5195c.pdf.
48. Christopher Bronk, 'A Governance Switchboard: Scalability Issues in International Cyber Policymaking', Cyber Dialogue 2012: What is Stewardship in Cyberspace? University of Toronto, March 2012, http:// bakerinstitute.org/publications/ITPpub-BronkCyberDialogue2012-031312. pdf.
49. UN Resolution A/RES/58/199: Creation of a Global Culture of Cybersecurity and the Protection of Critical Information Infrastructures, 30 January 2004, http://www.itu.int/ ITU-D/cyb/cybersecurity/docs/UN_ resolution_58_199.pdf.
50. EU Council Directive 2008/114/EC: On the Identification and Designation of European Critical Infrastructures and the Assessment of the Need to Improve their Protection, 23 December 2008, http://eur-lex.europa.eu/ LexUriServ/LexUriServ.do?uri=OJ:L:2 008:345:0075:0082:EN:PDF. See also 162 CDS 07 E rev 1: The Protection Of Critical Infrastructures, NATO Parliamentary Assembly, available at http://www.nato-pa.int/ Default.asp?SHORTCUT=1165.
51. Mathew J. Schwartz, 'Saudi Aramco Restores Network After Shamoon Malware Attack', InformationWeek, 27 August 2012, http://www.informationweek. com/security/attacks/ saudi-aramco-restores-network-aftersham/ 240006278.
52. Ellen Nakashima, 'Banks Seek NSA Help Amid Attacks on their Computer Systems', Washington Post, 11 January 2013, http://articles. washingtonpost.com/2013-01-11/ world/36272281_1_banks-ddos-nsa.
53. 'Commission Proposes a Comprehensive Reform of the Data Protection Rules', European Commission, 25 January 2012, http:// ec.europa.eu/justice/newsroom/ data-protection/news/120125_en.htm.
54. Oona A. Hathaway et al., 'The Law of Cyber Attack', Yale University, 16 November 2011, http://www. law.yale.edu/documents/pdf/cglc/ LawOfCyberattack.pdf.
55. Perlroth, 'Connecting the Dots'.