The US energy business should have learnt to be wary of the power of the DarkSide. After numerous warnings, it suffered its most disruptive cyber attack two Fridays ago when the Colonial oil pipeline was shut down after a ransomware attack, suspected to be from this gang. Cyber security needs to be improved but that alone is not enough: the energy industry needs broader resilience to such threats.
The pipeline brings refined oil products – petrol, diesel, heating oil and jet fuel – from the Texas refining complex to meet 45 per cent of consumption on the US East Coast, ultimately supplying New Jersey, New York and other states.
Hackers exfiltrated 100 gigabytes of data and then demanded payment to unencrypt the company's files. Colonial's operational systems were not affected but it shut down pipeline flows – either to prevent further dissemination or, as it now appears, because it could not bill customers. A $5 million ransom was paid to the hackers, according to Bloomberg.
Federal and state governments temporarily waived fuel quality standards and restrictions on hours and weights for road tankers. Traders booked tankers to bring refined products from Europe.
Some refiners were granted exemptions from the Jones Act, an outdated and pernicious law that requires all trade between American ports to be carried out by vessels built and flagged in the US and manned by Americans.
Nevertheless, petrol stations began to run dry: by Thursday evening, according to consumer service Gas Buddy, between half and two thirds of Georgia, Virginia, South and North Carolina were out of fuel. This was exacerbated by limited deliveries from distribution centres as tanker trucks themselves could not secure diesel, as well panic buying.
Indeed, shortages in southern Florida seem mostly to be due to hoarding as the state is primarily supplied by barges, not Colonial's network.
The company resumed pipeline flows on Thursday but it will probably take one to two weeks before service returns to normal in all areas. For the first time in six years, petrol prices rose above $3 a gallon during the interruption but, overall, the effects on demand will be slightly negative.
This is the most disruptive cyber attack in the US to date but far from the first for the energy industry. Electricity and gas pipeline companies have suffered intrusions in recent years that were either aimed at extortion or probing vulnerabilities. The US Department of Energy was one of the victims of the Solarwinds cyber espionage discovered in December.
The famous Stuxnet virus, strongly suspected to be the work of the US and Israel, damaged Iranian centrifuges in 2009 and 2010, setting back its uranium enrichment programme. The National Iranian Oil Company experienced a cyber attack in April 2012. That August, the Shamoon virus, possibly linked to Iran, wiped 30,000 computers at Saudi Aramco.
Several Saudi petrochemical companies have suffered cyber attacks since then while the Ukraine energy grid was also compromised, resulting in power cuts.
These, along with hacks on or by North Korea, are all known geopolitical flash points while growing hostility between the US and China is another. Cyber attacks have great attractions. They are deniable, difficult to identify – making it hard to apprehend perpetrators – while the damage can be gradated short of war. A group such as DarkSide could be a criminal enterprise but it could also be similar to Elizabethan privateers who were licensed by the state to attack its enemies. State agencies could use the cover of extortion attempts to conduct espionage or plant sabotage bugs.
Perhaps the surprise is not how devastating cyber attacks have been but how little damage they have done so far. There has not been serious and prolonged disruption or major physical damage or loss of life. DarkSide’s ransom from Colonial sounds like something Dr Evil would do – disconcerting his henchman by asking for only $1m.
But any of the conflicts mentioned, or others, could turn into more overt confrontations or a hacking group might go too far. Energy infrastructure – essential, exposed, expensive and explosive – is an obvious target.
Surveys suggest that energy cyber security is weak and characterised by inadequate passwords, outdated versions of Microsoft Exchange, employees who are easily duped into clicking on suspicious links, operational systems that are not properly "air-gapped" from the internet and a lack of "war games" to simulate cyber crises.
However, security improvements will not be enough – not against increasingly skilful, well resourced and motivated criminals and state-backed hackers. Digitisation and automation, remote working and operations, drones, the Internet of Things and the electrification of an economy powered by fossil fuels promise greater efficiency, cost savings and environmental gains. But they also expand vulnerabilities.
The Colonial incident exposed several major weaknesses in US energy security. Strategic petroleum stocks are nearly all along the Gulf of Mexico coast and not near other big consumption centres. The East Coast relies on a single system for about half of its petroleum demand. There are no mandatory pipeline cyber security regulations. Logistics faces the circular paradox of needing fuel to deliver fuel. The dead hand of the Jones Act constrains alternatives and there is no way to stop panic buying.
Many other countries would turn out to have similar or deeper flaws when seriously tested. February’s Texas ice storm, although not a cyber attack, highlighted the need to have electricity to deliver gas to generate electricity, and for both to make heat to keep people alive and water flowing.
Greater resilience involves a mix of improved cyber security, tougher infrastructure, duplication and back-ups, diversity of energy sources and delivery methods, more effective regulation and government powers of intervention, better accounting for human behaviour and stronger recovery plans.
Cyber attacks on energy systems will probably become more frequent, more ingenious and more disruptive. Several warnings have passed, fortunately without too much damage, but now it is time to act.
Robin Mills is chief executive of Qamar Energy and author of The Myth of the Oil Crisis
Zayed Sustainability Prize
Kibsons%20Cares
%3Cp%3E%3Cstrong%3ERecycling%3Cbr%3E%3C%2Fstrong%3EAny%20time%20you%20receive%20a%20Kibsons%20order%2C%20you%20can%20return%20your%20cardboard%20box%20to%20the%20drivers.%20They%E2%80%99ll%20be%20happy%20to%20take%20it%20off%20your%20hands%20and%20ensure%20it%20gets%20reused%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EKind%20to%20health%20and%20planet%3C%2Fstrong%3E%3Cbr%3ESolar%20%E2%80%93%2025-50%25%20of%20electricity%20saved%3Cbr%3EWater%20%E2%80%93%2075%25%20of%20water%20reused%3Cbr%3EBiofuel%20%E2%80%93%20Kibsons%20fleet%20to%20get%2020%25%20more%20mileage%20per%20litre%20with%20biofuel%20additives%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3ESustainable%20grocery%20shopping%3C%2Fstrong%3E%3Cbr%3ENo%20antibiotics%3Cbr%3ENo%20added%20hormones%3Cbr%3ENo%20GMO%3Cbr%3ENo%20preservatives%3Cbr%3EMSG%20free%3Cbr%3E100%25%20natural%3C%2Fp%3E%0A
Ten tax points to be aware of in 2026
1. Domestic VAT refund amendments: request your refund within five years
If a business does not apply for the refund on time, they lose their credit.
2. E-invoicing in the UAE
Businesses should continue preparing for the implementation of e-invoicing in the UAE, with 2026 a preparation and transition period ahead of phased mandatory adoption.
3. More tax audits
Tax authorities are increasingly using data already available across multiple filings to identify audit risks.
4. More beneficial VAT and excise tax penalty regime
Tax disputes are expected to become more frequent and more structured, with clearer administrative objection and appeal processes. The UAE has adopted a new penalty regime for VAT and excise disputes, which now mirrors the penalty regime for corporate tax.
5. Greater emphasis on statutory audit
There is a greater need for the accuracy of financial statements. The International Financial Reporting Standards standards need to be strictly adhered to and, as a result, the quality of the audits will need to increase.
6. Further transfer pricing enforcement
Transfer pricing enforcement, which refers to the practice of establishing prices for internal transactions between related entities, is expected to broaden in scope. The UAE will shortly open the possibility to negotiate advance pricing agreements, or essentially rulings for transfer pricing purposes.
7. Limited time periods for audits
Recent amendments also introduce a default five-year limitation period for tax audits and assessments, subject to specific statutory exceptions. While the standard audit and assessment period is five years, this may be extended to up to 15 years in cases involving fraud or tax evasion.
8. Pillar 2 implementation
Many multinational groups will begin to feel the practical effect of the Domestic Minimum Top-Up Tax (DMTT), the UAE's implementation of the OECD’s global minimum tax under Pillar 2. While the rules apply for financial years starting on or after January 1, 2025, it is 2026 that marks the transition to an operational phase.
9. Reduced compliance obligations for imported goods and services
Businesses that apply the reverse-charge mechanism for VAT purposes in the UAE may benefit from reduced compliance obligations.
10. Substance and CbC reporting focus
Tax authorities are expected to continue strengthening the enforcement of economic substance and Country-by-Country (CbC) reporting frameworks. In the UAE, these regimes are increasingly being used as risk-assessment tools, providing tax authorities with a comprehensive view of multinational groups’ global footprints and enabling them to assess whether profits are aligned with real economic activity.
Contributed by Thomas Vanhee and Hend Rashwan, Aurifer
Three ways to get a gratitude glow
By committing to at least one of these daily, you can bring more gratitude into your life, says Ong.
- During your morning skincare routine, name five things you are thankful for about yourself.
- As you finish your skincare routine, look yourself in the eye and speak an affirmation, such as: “I am grateful for every part of me, including my ability to take care of my skin.”
- In the evening, take some deep breaths, notice how your skin feels, and listen for what your skin is grateful for.
What can victims do?
Always use only regulated platforms
Stop all transactions and communication on suspicion
Save all evidence (screenshots, chat logs, transaction IDs)
Report to local authorities
Warn others to prevent further harm
Courtesy: Crystal Intelligence
More from Neighbourhood Watch:
Killing of Qassem Suleimani
More from Neighbourhood Watch:
The specs
Engine: 8.0-litre, quad-turbo 16-cylinder
Transmission: 7-speed auto
0-100kmh 2.3 seconds
0-200kmh 5.5 seconds
0-300kmh 11.6 seconds
Power: 1500hp
Torque: 1600Nm
Price: Dh13,400,000
On sale: now
Indoor cricket in a nutshell
Indoor cricket in a nutshell
Indoor Cricket World Cup - Sept 16-20, Insportz, Dubai
16 Indoor cricket matches are 16 overs per side
8 There are eight players per team
9 There have been nine Indoor Cricket World Cups for men. Australia have won every one.
5 Five runs are deducted from the score when a wickets falls
4 Batsmen bat in pairs, facing four overs per partnership
Scoring In indoor cricket, runs are scored by way of both physical and bonus runs. Physical runs are scored by both batsmen completing a run from one crease to the other. Bonus runs are scored when the ball hits a net in different zones, but only when at least one physical run is score.
Zones
A Front net, behind the striker and wicketkeeper: 0 runs
B Side nets, between the striker and halfway down the pitch: 1 run
C Side nets between halfway and the bowlers end: 2 runs
D Back net: 4 runs on the bounce, 6 runs on the full
COMPANY PROFILE
Name: Kumulus Water
Started: 2021
Founders: Iheb Triki and Mohamed Ali Abid
Based: Tunisia
Sector: Water technology
Number of staff: 22
Investment raised: $4 million
Zayed Sustainability Prize
The five pillars of Islam
Series info
Test series schedule 1st Test, Abu Dhabi: Sri Lanka won by 21 runs; 2nd Test, Dubai: Play starts at 2pm, Friday-Tuesday
ODI series schedule 1st ODI, Dubai: October 13; 2nd ODI, Abu Dhabi: October 16; 3rd ODI, Abu Dhabi: October 18; 4th ODI, Sharjah: October 20; 5th ODI, Sharjah: October 23
T20 series schedule 1st T20, Abu Dhabi: October 26; 2nd T20, Abu Dhabi: October 27; 3rd T20, Lahore: October 29
Tickets Available at www.q-tickets.com
Stat Fourteen Fourteen of the past 15 Test matches in the UAE have been decided on the final day. Both of the previous two Tests at Dubai International Stadium have been settled in the last session. Pakistan won with less than an hour to go against West Indies last year. Against England in 2015, there were just three balls left.
Key battle - Azhar Ali v Rangana Herath Herath may not quite be as flash as Muttiah Muralitharan, his former spin-twin who ended his career by taking his 800th wicket with his final delivery in Tests. He still has a decent sense of an ending, though. He won the Abu Dhabi match for his side with 11 wickets, the last of which was his 400th in Tests. It was not the first time he has owned Pakistan, either. A quarter of all his Test victims have been Pakistani. If Pakistan are going to avoid a first ever series defeat in the UAE, Azhar, their senior batsman, needs to stand up and show the way to blunt Herath.
MATCH INFO
FA Cup fifth round
Chelsea v Manchester United, Monday, 11.30pm (UAE), BeIN Sports
The biog
Simon Nadim has completed 7,000 dives.
The hardest dive in the UAE is the German U-boat 110m down off the Fujairah coast.
As a child, he loved the documentaries of Jacques Cousteau
He also led a team that discovered the long-lost portion of the Ines oil tanker.
If you are interested in diving, he runs the XR Hub Dive Centre in Fujairah
The specs: 2017 Maserati Quattroporte
Price, base / as tested Dh389,000 / Dh559,000
Engine 3.0L twin-turbo V8
Transmission Eight-speed automatic
Power 530hp @ 6,800rpm
Torque 650Nm @ 2,000 rpm
Fuel economy, combined 10.7L / 100km
MATCH INFO
Rugby World Cup (all times UAE)
Third-place play-off: New Zealand v Wales, Friday, 1pm
Final: England v South Africa, Saturday, 1pm
Match info
Huddersfield Town 0
Chelsea 3
Kante (34'), Jorginho (45' pen), Pedro (80')
Mercer, the investment consulting arm of US services company Marsh & McLennan, expects its wealth division to at least double its assets under management (AUM) in the Middle East as wealth in the region continues to grow despite economic headwinds, a company official said.
Mercer Wealth, which globally has $160 billion in AUM, plans to boost its AUM in the region to $2-$3bn in the next 2-3 years from the present $1bn, said Yasir AbuShaban, a Dubai-based principal with Mercer Wealth.
“Within the next two to three years, we are looking at reaching $2 to $3 billion as a conservative estimate and we do see an opportunity to do so,” said Mr AbuShaban.
Mercer does not directly make investments, but allocates clients’ money they have discretion to, to professional asset managers. They also provide advice to clients.
“We have buying power. We can negotiate on their (client’s) behalf with asset managers to provide them lower fees than they otherwise would have to get on their own,” he added.
Mercer Wealth’s clients include sovereign wealth funds, family offices, and insurance companies among others.
From its office in Dubai, Mercer also looks after Africa, India and Turkey, where they also see opportunity for growth.
Wealth creation in Middle East and Africa (MEA) grew 8.5 per cent to $8.1 trillion last year from $7.5tn in 2015, higher than last year’s global average of 6 per cent and the second-highest growth in a region after Asia-Pacific which grew 9.9 per cent, according to consultancy Boston Consulting Group (BCG). In the region, where wealth grew just 1.9 per cent in 2015 compared with 2014, a pickup in oil prices has helped in wealth generation.
BCG is forecasting MEA wealth will rise to $12tn by 2021, growing at an annual average of 8 per cent.
Drivers of wealth generation in the region will be split evenly between new wealth creation and growth of performance of existing assets, according to BCG.
Another general trend in the region is clients’ looking for a comprehensive approach to investing, according to Mr AbuShaban.
“Institutional investors or some of the families are seeing a slowdown in the available capital they have to invest and in that sense they are looking at optimizing the way they manage their portfolios and making sure they are not investing haphazardly and different parts of their investment are working together,” said Mr AbuShaban.
Some clients also have a higher appetite for risk, given the low interest-rate environment that does not provide enough yield for some institutional investors. These clients are keen to invest in illiquid assets, such as private equity and infrastructure.
“What we have seen is a desire for higher returns in what has been a low-return environment specifically in various fixed income or bonds,” he said.
“In this environment, we have seen a de facto increase in the risk that clients are taking in things like illiquid investments, private equity investments, infrastructure and private debt, those kind of investments were higher illiquidity results in incrementally higher returns.”
The Abu Dhabi Investment Authority, one of the largest sovereign wealth funds, said in its 2016 report that has gradually increased its exposure in direct private equity and private credit transactions, mainly in Asian markets and especially in China and India. The authority’s private equity department focused on structured equities owing to “their defensive characteristics.”
UAE currency: the story behind the money in your pockets
