The US energy business should have learnt to be wary of the power of the DarkSide. After numerous warnings, it suffered its most disruptive cyber attack two Fridays ago when the Colonial oil pipeline was shut down after a ransomware attack, suspected to be from this gang. Cyber security needs to be improved but that alone is not enough: the energy industry needs broader resilience to such threats.
The pipeline brings refined oil products – petrol, diesel, heating oil and jet fuel – from the Texas refining complex to meet 45 per cent of consumption on the US East Coast, ultimately supplying New Jersey, New York and other states.
Hackers exfiltrated 100 gigabytes of data and then demanded payment to unencrypt the company's files. Colonial's operational systems were not affected but it shut down pipeline flows – either to prevent further dissemination or, as it now appears, because it could not bill customers. A $5 million ransom was paid to the hackers, according to Bloomberg.
Federal and state governments temporarily waived fuel quality standards and restrictions on hours and weights for road tankers. Traders booked tankers to bring refined products from Europe.
Some refiners were granted exemptions from the Jones Act, an outdated and pernicious law that requires all trade between American ports to be carried out by vessels built and flagged in the US and manned by Americans.
Nevertheless, petrol stations began to run dry: by Thursday evening, according to consumer service Gas Buddy, between half and two thirds of Georgia, Virginia, South and North Carolina were out of fuel. This was exacerbated by limited deliveries from distribution centres as tanker trucks themselves could not secure diesel, as well panic buying.
Indeed, shortages in southern Florida seem mostly to be due to hoarding as the state is primarily supplied by barges, not Colonial's network.
The company resumed pipeline flows on Thursday but it will probably take one to two weeks before service returns to normal in all areas. For the first time in six years, petrol prices rose above $3 a gallon during the interruption but, overall, the effects on demand will be slightly negative.
This is the most disruptive cyber attack in the US to date but far from the first for the energy industry. Electricity and gas pipeline companies have suffered intrusions in recent years that were either aimed at extortion or probing vulnerabilities. The US Department of Energy was one of the victims of the Solarwinds cyber espionage discovered in December.
The famous Stuxnet virus, strongly suspected to be the work of the US and Israel, damaged Iranian centrifuges in 2009 and 2010, setting back its uranium enrichment programme. The National Iranian Oil Company experienced a cyber attack in April 2012. That August, the Shamoon virus, possibly linked to Iran, wiped 30,000 computers at Saudi Aramco.
Several Saudi petrochemical companies have suffered cyber attacks since then while the Ukraine energy grid was also compromised, resulting in power cuts.
These, along with hacks on or by North Korea, are all known geopolitical flash points while growing hostility between the US and China is another. Cyber attacks have great attractions. They are deniable, difficult to identify – making it hard to apprehend perpetrators – while the damage can be gradated short of war. A group such as DarkSide could be a criminal enterprise but it could also be similar to Elizabethan privateers who were licensed by the state to attack its enemies. State agencies could use the cover of extortion attempts to conduct espionage or plant sabotage bugs.
Perhaps the surprise is not how devastating cyber attacks have been but how little damage they have done so far. There has not been serious and prolonged disruption or major physical damage or loss of life. DarkSide’s ransom from Colonial sounds like something Dr Evil would do – disconcerting his henchman by asking for only $1m.
But any of the conflicts mentioned, or others, could turn into more overt confrontations or a hacking group might go too far. Energy infrastructure – essential, exposed, expensive and explosive – is an obvious target.
Surveys suggest that energy cyber security is weak and characterised by inadequate passwords, outdated versions of Microsoft Exchange, employees who are easily duped into clicking on suspicious links, operational systems that are not properly "air-gapped" from the internet and a lack of "war games" to simulate cyber crises.
However, security improvements will not be enough – not against increasingly skilful, well resourced and motivated criminals and state-backed hackers. Digitisation and automation, remote working and operations, drones, the Internet of Things and the electrification of an economy powered by fossil fuels promise greater efficiency, cost savings and environmental gains. But they also expand vulnerabilities.
The Colonial incident exposed several major weaknesses in US energy security. Strategic petroleum stocks are nearly all along the Gulf of Mexico coast and not near other big consumption centres. The East Coast relies on a single system for about half of its petroleum demand. There are no mandatory pipeline cyber security regulations. Logistics faces the circular paradox of needing fuel to deliver fuel. The dead hand of the Jones Act constrains alternatives and there is no way to stop panic buying.
Many other countries would turn out to have similar or deeper flaws when seriously tested. February’s Texas ice storm, although not a cyber attack, highlighted the need to have electricity to deliver gas to generate electricity, and for both to make heat to keep people alive and water flowing.
Greater resilience involves a mix of improved cyber security, tougher infrastructure, duplication and back-ups, diversity of energy sources and delivery methods, more effective regulation and government powers of intervention, better accounting for human behaviour and stronger recovery plans.
Cyber attacks on energy systems will probably become more frequent, more ingenious and more disruptive. Several warnings have passed, fortunately without too much damage, but now it is time to act.
Robin Mills is chief executive of Qamar Energy and author of The Myth of the Oil Crisis
Stuck in a job without a pay rise? Here's what to do
Chris Greaves, the managing director of Hays Gulf Region, says those without a pay rise for an extended period must start asking questions – both of themselves and their employer.
“First, are they happy with that or do they want more?” he says. “Job-seeking is a time-consuming, frustrating and long-winded affair so are they prepared to put themselves through that rigmarole? Before they consider that, they must ask their employer what is happening.”
Most employees bring up pay rise queries at their annual performance appraisal and find out what the company has in store for them from a career perspective.
Those with no formal appraisal system, Mr Greaves says, should ask HR or their line manager for an assessment.
“You want to find out how they value your contribution and where your job could go,” he says. “You’ve got to be brave enough to ask some questions and if you don’t like the answers then you have to develop a strategy or change jobs if you are prepared to go through the job-seeking process.”
For those that do reach the salary negotiation with their current employer, Mr Greaves says there is no point in asking for less than 5 per cent.
“However, this can only really have any chance of success if you can identify where you add value to the business (preferably you can put a monetary value on it), or you can point to a sustained contribution above the call of duty or to other achievements you think your employer will value.”
Avatar: Fire and Ash
Director: James Cameron
Starring: Sam Worthington, Sigourney Weaver, Zoe Saldana
Rating: 4.5/5
Who's who in Yemen conflict
Houthis: Iran-backed rebels who occupy Sanaa and run unrecognised government
Yemeni government: Exiled government in Aden led by eight-member Presidential Leadership Council
Southern Transitional Council: Faction in Yemeni government that seeks autonomy for the south
Habrish 'rebels': Tribal-backed forces feuding with STC over control of oil in government territory
The burning issue
The internal combustion engine is facing a watershed moment – major manufacturer Volvo is to stop producing petroleum-powered vehicles by 2021 and countries in Europe, including the UK, have vowed to ban their sale before 2040. The National takes a look at the story of one of the most successful technologies of the last 100 years and how it has impacted life in the UAE.
Read part four: an affection for classic cars lives on
Read part three: the age of the electric vehicle begins
Read part one: how cars came to the UAE
Mohammed bin Zayed Majlis
More on Quran memorisation:
Mercer, the investment consulting arm of US services company Marsh & McLennan, expects its wealth division to at least double its assets under management (AUM) in the Middle East as wealth in the region continues to grow despite economic headwinds, a company official said.
Mercer Wealth, which globally has $160 billion in AUM, plans to boost its AUM in the region to $2-$3bn in the next 2-3 years from the present $1bn, said Yasir AbuShaban, a Dubai-based principal with Mercer Wealth.
“Within the next two to three years, we are looking at reaching $2 to $3 billion as a conservative estimate and we do see an opportunity to do so,” said Mr AbuShaban.
Mercer does not directly make investments, but allocates clients’ money they have discretion to, to professional asset managers. They also provide advice to clients.
“We have buying power. We can negotiate on their (client’s) behalf with asset managers to provide them lower fees than they otherwise would have to get on their own,” he added.
Mercer Wealth’s clients include sovereign wealth funds, family offices, and insurance companies among others.
From its office in Dubai, Mercer also looks after Africa, India and Turkey, where they also see opportunity for growth.
Wealth creation in Middle East and Africa (MEA) grew 8.5 per cent to $8.1 trillion last year from $7.5tn in 2015, higher than last year’s global average of 6 per cent and the second-highest growth in a region after Asia-Pacific which grew 9.9 per cent, according to consultancy Boston Consulting Group (BCG). In the region, where wealth grew just 1.9 per cent in 2015 compared with 2014, a pickup in oil prices has helped in wealth generation.
BCG is forecasting MEA wealth will rise to $12tn by 2021, growing at an annual average of 8 per cent.
Drivers of wealth generation in the region will be split evenly between new wealth creation and growth of performance of existing assets, according to BCG.
Another general trend in the region is clients’ looking for a comprehensive approach to investing, according to Mr AbuShaban.
“Institutional investors or some of the families are seeing a slowdown in the available capital they have to invest and in that sense they are looking at optimizing the way they manage their portfolios and making sure they are not investing haphazardly and different parts of their investment are working together,” said Mr AbuShaban.
Some clients also have a higher appetite for risk, given the low interest-rate environment that does not provide enough yield for some institutional investors. These clients are keen to invest in illiquid assets, such as private equity and infrastructure.
“What we have seen is a desire for higher returns in what has been a low-return environment specifically in various fixed income or bonds,” he said.
“In this environment, we have seen a de facto increase in the risk that clients are taking in things like illiquid investments, private equity investments, infrastructure and private debt, those kind of investments were higher illiquidity results in incrementally higher returns.”
The Abu Dhabi Investment Authority, one of the largest sovereign wealth funds, said in its 2016 report that has gradually increased its exposure in direct private equity and private credit transactions, mainly in Asian markets and especially in China and India. The authority’s private equity department focused on structured equities owing to “their defensive characteristics.”
The specs: 2018 Volkswagen Teramont
Price, base / as tested Dh137,000 / Dh189,950
Engine 3.6-litre V6
Gearbox Eight-speed automatic
Power 280hp @ 6,200rpm
Torque 360Nm @ 2,750rpm
Fuel economy, combined 11.7L / 100km
Quick%20facts
%3Cul%3E%0A%3Cli%3EStorstockholms%20Lokaltrafik%20(SL)%20offers%20free%20guided%20tours%20of%20art%20in%20the%20metro%20and%20at%20the%20stations%3C%2Fli%3E%0A%3Cli%3EThe%20tours%20are%20free%20of%20charge%3B%20all%20you%20need%20is%20a%20valid%20SL%20ticket%2C%20for%20which%20a%20single%20journey%20(valid%20for%2075%20minutes)%20costs%2039%20Swedish%20krone%20(%243.75)%3C%2Fli%3E%0A%3Cli%3ETravel%20cards%20for%20unlimited%20journeys%20are%20priced%20at%20165%20Swedish%20krone%20for%2024%20hours%3C%2Fli%3E%0A%3Cli%3EAvoid%20rush%20hour%20%E2%80%93%20between%209.30%20am%20and%204.30%20pm%20%E2%80%93%20to%20explore%20the%20artwork%20at%20leisure%3C%2Fli%3E%0A%3C%2Ful%3E%0A
GAC GS8 Specs
Engine: 2.0-litre 4cyl turbo
Power: 248hp at 5,200rpm
Torque: 400Nm at 1,750-4,000rpm
Transmission: 8-speed auto
Fuel consumption: 9.1L/100km
On sale: Now
Price: From Dh149,900
How to apply for a drone permit
- Individuals must register on UAE Drone app or website using their UAE Pass
- Add all their personal details, including name, nationality, passport number, Emiratis ID, email and phone number
- Upload the training certificate from a centre accredited by the GCAA
- Submit their request
What are the regulations?
- Fly it within visual line of sight
- Never over populated areas
- Ensure maximum flying height of 400 feet (122 metres) above ground level is not crossed
- Users must avoid flying over restricted areas listed on the UAE Drone app
- Only fly the drone during the day, and never at night
- Should have a live feed of the drone flight
- Drones must weigh 5 kg or less
Citizenship-by-investment programmes
United Kingdom
The UK offers three programmes for residency. The UK Overseas Business Representative Visa lets you open an overseas branch office of your existing company in the country at no extra investment. For the UK Tier 1 Innovator Visa, you are required to invest £50,000 (Dh238,000) into a business. You can also get a UK Tier 1 Investor Visa if you invest £2 million, £5m or £10m (the higher the investment, the sooner you obtain your permanent residency).
All UK residency visas get approved in 90 to 120 days and are valid for 3 years. After 3 years, the applicant can apply for extension of another 2 years. Once they have lived in the UK for a minimum of 6 months every year, they are eligible to apply for permanent residency (called Indefinite Leave to Remain). After one year of ILR, the applicant can apply for UK passport.
The Caribbean
Depending on the country, the investment amount starts from $100,000 (Dh367,250) and can go up to $400,000 in real estate. From the date of purchase, it will take between four to five months to receive a passport.
Portugal
The investment amount ranges from €350,000 to €500,000 (Dh1.5m to Dh2.16m) in real estate. From the date of purchase, it will take a maximum of six months to receive a Golden Visa. Applicants can apply for permanent residency after five years and Portuguese citizenship after six years.
“Among European countries with residency programmes, Portugal has been the most popular because it offers the most cost-effective programme to eventually acquire citizenship of the European Union without ever residing in Portugal,” states Veronica Cotdemiey of Citizenship Invest.
Greece
The real estate investment threshold to acquire residency for Greece is €250,000, making it the cheapest real estate residency visa scheme in Europe. You can apply for residency in four months and citizenship after seven years.
Spain
The real estate investment threshold to acquire residency for Spain is €500,000. You can apply for permanent residency after five years and citizenship after 10 years. It is not necessary to live in Spain to retain and renew the residency visa permit.
Cyprus
Cyprus offers the quickest route to citizenship of a European country in only six months. An investment of €2m in real estate is required, making it the highest priced programme in Europe.
Malta
The Malta citizenship by investment programme is lengthy and investors are required to contribute sums as donations to the Maltese government. The applicant must either contribute at least €650,000 to the National Development & Social Fund. Spouses and children are required to contribute €25,000; unmarried children between 18 and 25 and dependent parents must contribute €50,000 each.
The second step is to make an investment in property of at least €350,000 or enter a property rental contract for at least €16,000 per annum for five years. The third step is to invest at least €150,000 in bonds or shares approved by the Maltese government to be kept for at least five years.
Candidates must commit to a minimum physical presence in Malta before citizenship is granted. While you get residency in two months, you can apply for citizenship after a year.
Egypt
A one-year residency permit can be bought if you purchase property in Egypt worth $100,000. A three-year residency is available for those who invest $200,000 in property, and five years for those who purchase property worth $400,000.
Source: Citizenship Invest and Aqua Properties
Company Profile
Name: Thndr
Started: 2019
Co-founders: Ahmad Hammouda and Seif Amr
Sector: FinTech
Headquarters: Egypt
UAE base: Hub71, Abu Dhabi
Current number of staff: More than 150
Funds raised: $22 million
German intelligence warnings
- 2002: "Hezbollah supporters feared becoming a target of security services because of the effects of [9/11] ... discussions on Hezbollah policy moved from mosques into smaller circles in private homes." Supporters in Germany: 800
- 2013: "Financial and logistical support from Germany for Hezbollah in Lebanon supports the armed struggle against Israel ... Hezbollah supporters in Germany hold back from actions that would gain publicity." Supporters in Germany: 950
- 2023: "It must be reckoned with that Hezbollah will continue to plan terrorist actions outside the Middle East against Israel or Israeli interests." Supporters in Germany: 1,250
Source: Federal Office for the Protection of the Constitution
Our legal columnist
Name: Yousef Al Bahar
Advocate at Al Bahar & Associate Advocates and Legal Consultants, established in 1994
Education: Mr Al Bahar was born in 1979 and graduated in 2008 from the Judicial Institute. He took after his father, who was one of the first Emirati lawyers
APPLE IPAD MINI (A17 PRO)
Display: 21cm Liquid Retina Display, 2266 x 1488, 326ppi, 500 nits
Chip: Apple A17 Pro, 6-core CPU, 5-core GPU, 16-core Neural Engine
Storage: 128/256/512GB
Main camera: 12MP wide, f/1.8, digital zoom up to 5x, Smart HDR 4
Front camera: 12MP ultra-wide, f/2.4, Smart HDR 4, full-HD @ 25/30/60fps
Biometrics: Touch ID, Face ID
Colours: Blue, purple, space grey, starlight
In the box: iPad mini, USB-C cable, 20W USB-C power adapter
Price: From Dh2,099
Company Profile
Company name: OneOrder
Started: October 2021
Founders: Tamer Amer and Karim Maurice
Based: Cairo, Egypt
Industry: technology, logistics
Investors: A15 and self-funded
Key facilities
- Olympic-size swimming pool with a split bulkhead for multi-use configurations, including water polo and 50m/25m training lanes
- Premier League-standard football pitch
- 400m Olympic running track
- NBA-spec basketball court with auditorium
- 600-seat auditorium
- Spaces for historical and cultural exploration
- An elevated football field that doubles as a helipad
- Specialist robotics and science laboratories
- AR and VR-enabled learning centres
- Disruption Lab and Research Centre for developing entrepreneurial skills
Key findings of Jenkins report
- Founder of the Muslim Brotherhood, Hassan al Banna, "accepted the political utility of violence"
- Views of key Muslim Brotherhood ideologue, Sayyid Qutb, have “consistently been understood” as permitting “the use of extreme violence in the pursuit of the perfect Islamic society” and “never been institutionally disowned” by the movement.
- Muslim Brotherhood at all levels has repeatedly defended Hamas attacks against Israel, including the use of suicide bombers and the killing of civilians.
- Laying out the report in the House of Commons, David Cameron told MPs: "The main findings of the review support the conclusion that membership of, association with, or influence by the Muslim Brotherhood should be considered as a possible indicator of extremism."
Points Classification
1. Marcel Kittel (Germany / Quick-Step) 63
2. Arnaud Demare (France / FDJ) 38
3. Andre Greipel (Germany / Lotto) 25
4. Sonny Colbrelli (Italy / Bahrain) 24
5. Mark Cavendish (Britain / Dimension Data) 22
6. Taylor Phinney (U.S. / Cannondale) 21
7. Geraint Thomas (Britain / Team Sky) 20
8. Thomas Boudat (France / Direct Energie) 20
9. Stefan Kueng (Switzerland / BMC Racing) 17
10. Michael Matthews (Australia / Sunweb) 17
The President's Cake
Director: Hasan Hadi
Starring: Baneen Ahmad Nayyef, Waheed Thabet Khreibat, Sajad Mohamad Qasem
Rating: 4/5
War 2
Director: Ayan Mukerji
Stars: Hrithik Roshan, NTR, Kiara Advani, Ashutosh Rana
Rating: 2/5
Kamindu Mendis bio
Full name: Pasqual Handi Kamindu Dilanka Mendis
Born: September 30, 1998
Age: 20 years and 26 days
Nationality: Sri Lankan
Major teams Sri Lanka's Under 19 team
Batting style: Left-hander
Bowling style: Right-arm off-spin and slow left-arm orthodox (that's right!)
The Sand Castle
Director: Matty Brown
Stars: Nadine Labaki, Ziad Bakri, Zain Al Rafeea, Riman Al Rafeea
Rating: 2.5/5
Confirmed%20bouts%20(more%20to%20be%20added)
%3Cp%3ECory%20Sandhagen%20v%20Umar%20Nurmagomedov%0D%3Cbr%3ENick%20Diaz%20v%20Vicente%20Luque%0D%3Cbr%3EMichael%20Chiesa%20v%20Tony%20Ferguson%0D%3Cbr%3EDeiveson%20Figueiredo%20v%20Marlon%20Vera%0D%3Cbr%3EMackenzie%20Dern%20v%20Loopy%20Godinez%0D%3Cbr%3E%3C%2Fp%3E%0A%3Cp%3ETickets%20for%20the%20August%203%20Fight%20Night%2C%20held%20in%20partnership%20with%20the%20Department%20of%20Culture%20and%20Tourism%20Abu%20Dhabi%2C%20went%20on%20sale%20earlier%20this%20month%2C%20through%20www.etihadarena.ae%20and%20www.ticketmaster.ae.%0D%3Cbr%3E%3C%2Fp%3E%0A
