RIYADH: With cyberattacks now posing the same threat to the energy sector that physical attacks once did, Amin Nasser, CEO and president of Saudi Aramco, has warned that reliance on old systems and the move towards digitization means the sector is in a vulnerable position in regards to cybersecurity.
According to Nasser, the digitization conversion makes it easier for hackers to move laterally within an organization, which can have very serious consequences.
Speaking at the Global Cybersecurity Forum in Riyadh, the CEO said: “Now clearly, the energy industry has an obvious vulnerability. Namely, the sector's dependence on legacy systems, many of which were built long before cyberattacks were ever considered a risk.”
Aramco's transition to digitalization is leading to a growing conversion of information and operational technologies, increasing the potential threat of crippling cyberattacks, the CEO added.
Aramco’s CEO said the energy sector is a complex ecosystem with many common service providers, and Aramco requires strong cybersecurity standards from all its partners and suppliers. “It is vital that cyber resilience is extended beyond just being energy companies to include all service providers throughout our respective supply chains,” he said.
“We all need to urgently increase collaboration across borders, across industries, across the public and private sectors. Aramco, for our part, is an active member of the global platform and organization that are bringing together multiple stakeholders to tackle cyber threats,” he said.
Commenting on Aramco being one of the founding partners of the World Economic Forum Center for Cybersecurity, Nasser said: “Through this and other organizations, we are supporting the adaptation of best practices and principles for cyber resilience globally,” he added.
Aramco recently joined the National Cybersecurity Authority's Operational Technology Center of Excellence as a founding member.
The NCA's initiative, according to Nasser, will help shape the global cybersecurity ecosystem by providing common standards and advancing research and development.
“Simply put, cyber resilience is and will continue to be an extremely high priority at Aramco as cyberattacks are among our top corporate risks.”
Historically, the energy industry as a whole and in parts has been a favorite target of attackers, he added.
Nasser said: “The danger for us is very clear, present, and constant,” he added. According to the CEO, the majority of cyberattacks originate from criminal gangs seeking ransom payments through ransomware or terrorist groups attempting to damage critical energy infrastructure.