The attack on a critical US artery for the transport of fuel has once again exposed the vulnerabilities of the energy industry to cyber attacks. The ransomware attack on the 2.5 million barrels per day Colonial Pipeline endangered access to fuel for the US East Coast. The pipeline, which was built in the 1960s, snakes across a distance of 8,850 kilometres and carries products sufficient to meet the total consumption of Germany, Europe’s largest economy and the world’s fourth-biggest.
So what makes the energy industry a target for attacks and why is it vulnerable?
Any impact on the energy sector can affect entire communities and even countries. An attack on a power plant or a pipeline can cause widespread blackouts, impact transportation, heating, and the functioning of critical activities in the economy.
The vulnerability in the energy industry originates from the use of legacy industrial control systems, particularly if these have not been upgraded for a number of years and are not fully integrated across systems, according to Mohammed AlMohtadi, chief information security officer at Abu Dhabi’s Injazat.
“These legacy systems therefore not only represent risk factors for energy organisations but can also have a widespread economic impact,” he said.
So how do large energy and utility companies become prey to attacks?
Threat actors usually attempt to steal trade secrets, confidential data and intellectual property, through ransomware attacks.
“While we anticipate breaches to be very sophisticated, in most cases they occur through simple phishing emails and other social engineering activities,” added Mr AlMohtadi.
A ransomware attack, such as the one on the Colonial Pipeline, involves hackers infecting networks with malicious software that encrypts data and leaves machines locked until the victims pay an extortion fee.
On Monday, DarkSide, the group behind the attack, said its aim was to "make money" but not create problems for society. In many cases, the attacks cost the economy much more than the ransom amount demanded.
In many cases, where a cybercriminal intends to inflict political and physical damage to a country or cause financial or reputational harm, the energy sector often becomes a prime target.
“[The] energy industry comes under critical infrastructure … if it is breached, the nation's financial and physical infrastructure could be potentially crippled,” said Avinash Advani, founder and chief executive of Dubai-based cybersecurity company CyberKnight.
Oil and gas infrastructure, nuclear plants, electricity grids, water companies and utility firms that supply the community with power, water, and treat sewage are potential targets.
The Covid-19 pandemic has exposed the energy industry's underbelly. As more people work from home to contain the spread of coronavirus, they unwittingly expose an organisation to cyber attacks.
“Employees at energy organisations are working from home and remotely accessing corporate assets … [they] become a critical attack vector and entry point for attackers,” said Mr Advani.
Researchers have found many coronavirus-related malicious e-mail campaigns and hundreds of downloadable files that attempt to infect user devices. Malicious files have been masked under the guise of pdf, mp4 and docx files. The names of files imply that they contain instructions on how to protect yourself from the virus or updates on the threat.
“We assume the Colonial Pipeline, the biggest US pipeline system connecting oil supplies in Texas with New York, has been attacked through an insecure remote access,” Stefan Schachinger, network security product manager at computer security company Barracuda, said.
“Remote accesses are not insecure per definition but require proper security measures such as encryption and multi-factor authentication,” he added.
DarkSide, the ransomware group that claimed the Colonial Pipeline attack is new but experienced, industry experts said.
The group targets largely English-speaking countries and avoids the economies of former Soviet states, said Boston-based cyber security firm Cybereason. Its ransom demand typically ranges from $200,000 to $2 million. The group has published stolen data from more than 40 victims, who are believed to be just a fraction of the overall number.
Cyber attacks on energy infrastructure are typically politically or financially motivated.
“When there is an attack on the West, it usually originates from [entities inside] Russia or Eastern European countries with ties to Russia, Iran, China, or North Korea,” said Mr Advani.
However, there can be financially motivated criminal groups that may or may not be associated with a government.
President Joe Biden has said there is no evidence that the Russian government is responsible for the attack on the Colonial Pipeline, but that the country has "some responsibility" to address the ransomware attack and that he will seek global co-operation to battle similar hacks.
US Energy Secretary Jennifer Granholm told Bloomberg TV that supply in the country has so far not been impacted and that the company has said it hopes to restore operations by the end of this week.
“It tells you how utterly vulnerable we are,” Ms Granholm said. “We’re seeing all of these examples of ransomware attacks coming - whether it’s telecommunications or this critical infrastructure. And obviously in my lane I’m very worried about the energy infrastructure.”
She said the incident clearly highlighted the need of private sector companies to step up their investment in cyber defence.
Globally, around 61 per cent of companies surveyed by London-based Mimecast said they were affected by a ransomware attack last year. About 52 per cent of them paid the ransom but of those, only two-thirds recovered their data.
Given the serious implications of cyber attacks, the energy industry should not underestimate groups that target facilities. Many of these groups now have help desks, technical support, payroll processing, and subcontractors, according to Marty Edwards, vice president of operational technology security at Maryland-based cyber-security company Tenable.
“They are essentially full-fledged criminal corporations operating in the digital world.”
"If reports are accurate, the Colonial Pipeline incident has all of the markings of a possible ransomware attack that began in the IT environment and, out of precaution, forced the operator to shut down operations,” added Mr Edwards.
In 2012, the Shamoon virus attack on Saudi Aramco systems wiped the hard drives of some 30,000 computers clean.
The attacks were blamed on Iran, which denied responsibility.
In 2017, a $20 billion petrochemical project joint venture between Saudi Aramco and Dow Chemicals also experienced a spate of hacking attacks.
The financial fallout from cyber attacks in the Arabian Gulf in 2017 was estimated at more than $1bn, according to a 2018 report by Siemens. Three-quarters of regional oil and gas companies, or over 30 per cent of the global production of oil, have experienced some form of cyber-security breach in the past, according to DarkMatter, a UAE-based cyber security company.
The financial fallout from data breaches among a selected sample of companies in the UAE and Saudi Arabia rose 9.4 per cent, costing them $6.53m per breach, according to a 2020 study by IBM Security.
In 2017, Saudi Arabia, Opec's biggest producer, established the National Cybersecurity Authority (NCA) to combat cyber threats.
The UAE rolled out its first National Cybersecurity Strategy in 2019, followed by the formation of National Cybersecurity Council to develop policies and laws to strengthen cyber security and ensure the country is not vulnerable to attacks.
In December, Dubai Electronic Security Centre rolled out a cyber resilience plan that aims to safeguard the emirate's critical infrastructure including oil and gas sector. In June, Injazat opened a Cyber Fusion Centre in Abu Dhabi, expanding its cyber defence abilities and portfolio of services.
In the Middle East, companies such as Saudi Aramco, the world's largest exporter of oil, are enforcing stricter compliance on third-party vendors to ensure their facilities are protected against cyber attacks, that could impact the supply of oil globally.
Suppliers including general vendors and those specialising in outsourced infrastructure, customised software, network connectivity, and critical data processors need to obtain Saudi Aramco's cyber security standard certification.
UAE currency: the story behind the money in your pockets
The specs
Engine: 2.0-litre 4-cyl turbo
Power: 247hp at 6,500rpm
Torque: 370Nm from 1,500-3,500rpm
Transmission: 10-speed auto
Fuel consumption: 7.8L/100km
Price: from Dh94,900
On sale: now
Buy farm-fresh food
The UAE is stepping up its game when it comes to platforms for local farms to show off and sell their produce.
In Dubai, visit Emirati Farmers Souq at The Pointe every Saturday from 8am to 2pm, which has produce from Al Ammar Farm, Omar Al Katri Farm, Hikarivege Vegetables, Rashed Farms and Al Khaleej Honey Trading, among others.
In Sharjah, the Aljada residential community will launch a new outdoor farmers’ market every Friday starting this weekend. Manbat will be held from 3pm to 8pm, and will host 30 farmers, local home-grown entrepreneurs and food stalls from the teams behind Badia Farms; Emirates Hydroponics Farms; Modern Organic Farm; Revolution Real; Astraea Farms; and Al Khaleej Food.
In Abu Dhabi, order farm produce from Food Crowd, an online grocery platform that supplies fresh and organic ingredients directly from farms such as Emirates Bio Farm, TFC, Armela Farms and mother company Al Dahra.
The%20Little%20Mermaid%20
%3Cp%3E%3Cstrong%3EDirector%3A%3C%2Fstrong%3E%20Rob%20Marshall%3Cbr%3E%3Cstrong%3EStars%3A%20%3C%2Fstrong%3EHalle%20Bailey%2C%20Jonah%20Hauer-King%2C%20Melissa%20McCarthy%2C%20Javier%20Bardem%3Cbr%3E%3Cstrong%3ERating%3A%20%3C%2Fstrong%3E2%2F5%3Cbr%3E%3Cbr%3E%3C%2Fp%3E%0A
End of free parking
- paid-for parking will be rolled across Abu Dhabi island on August 18
- drivers will have three working weeks leeway before fines are issued
- areas that are currently free to park - around Sheikh Zayed Bridge, Maqta Bridge, Mussaffah Bridge and the Corniche - will now require a ticket
- villa residents will need a permit to park outside their home. One vehicle is Dh800 and a second is Dh1,200.
- The penalty for failing to pay for a ticket after 10 minutes will be Dh200
- Parking on a patch of sand will incur a fine of Dh300
more from Janine di Giovanni
How to apply for a drone permit
- Individuals must register on UAE Drone app or website using their UAE Pass
- Add all their personal details, including name, nationality, passport number, Emiratis ID, email and phone number
- Upload the training certificate from a centre accredited by the GCAA
- Submit their request
What are the regulations?
- Fly it within visual line of sight
- Never over populated areas
- Ensure maximum flying height of 400 feet (122 metres) above ground level is not crossed
- Users must avoid flying over restricted areas listed on the UAE Drone app
- Only fly the drone during the day, and never at night
- Should have a live feed of the drone flight
- Drones must weigh 5 kg or less
How will Gen Alpha invest?
Mark Chahwan, co-founder and chief executive of robo-advisory firm Sarwa, forecasts that Generation Alpha (born between 2010 and 2024) will start investing in their teenage years and therefore benefit from compound interest.
“Technology and education should be the main drivers to make this happen, whether it’s investing in a few clicks or their schools/parents stepping up their personal finance education skills,” he adds.
Mr Chahwan says younger generations have a higher capacity to take on risk, but for some their appetite can be more cautious because they are investing for the first time. “Schools still do not teach personal finance and stock market investing, so a lot of the learning journey can feel daunting and intimidating,” he says.
He advises millennials to not always start with an aggressive portfolio even if they can afford to take risks. “We always advise to work your way up to your risk capacity, that way you experience volatility and get used to it. Given the higher risk capacity for the younger generations, stocks are a favourite,” says Mr Chahwan.
Highlighting the role technology has played in encouraging millennials and Gen Z to invest, he says: “They were often excluded, but with lower account minimums ... a customer with $1,000 [Dh3,672] in their account has their money working for them just as hard as the portfolio of a high get-worth individual.”
Directed: Smeep Kang
Produced: Soham Rockstar Entertainment; SKE Production
Cast: Rishi Kapoor, Jimmy Sheirgill, Sunny Singh, Omkar Kapoor, Rajesh Sharma
Rating: Two out of five stars
Chatham House Rule
A mark of Chatham House’s influence 100 years on since its founding, was Moscow’s formal declaration last month that it was an “undesirable
organisation”.
The depth of knowledge and academics that it drew on
following the Ukraine invasion had broadcast Mr Putin’s chicanery.
The institute is more used to accommodating world leaders,
with Nelson Mandela, Margaret Thatcher among those helping it provide
authoritative commentary on world events.
Chatham House was formally founded as the Royal Institute of
International Affairs following the peace conferences of World War One. Its
founder, Lionel Curtis, wanted a more scientific examination of international affairs
with a transparent exchange of information and ideas.
That arena of debate and analysis was enhanced by the “Chatham
House Rule” states that the contents of any meeting can be discussed outside Chatham
House but no mention can be made identifying individuals who commented.
This has enabled some candid exchanges on difficult subjects
allowing a greater degree of free speech from high-ranking figures.
These meetings are highly valued, so much so that
ambassadors reported them in secret diplomatic cables that – when they were
revealed in the Wikileaks reporting – were thus found to have broken the rule. However,
most speeches are held on the record.
Its research and debate has offered fresh ideas to
policymakers enabling them to more coherently address troubling issues from climate
change to health and food security.
SUE%20GRAY'S%20FINDINGS
%3Cp%3E%22Whatever%20the%20initial%20intent%2C%20what%20took%20place%20at%20many%20of%20these%20gatherings%20and%20the%3Cbr%3Eway%20in%20which%20they%20developed%20was%20not%20in%20line%20with%20Covid%20guidance%20at%20the%20time.%3C%2Fp%3E%0A%3Cp%3E%22Many%20of%20these%20events%20should%20not%20have%20been%20allowed%20to%20happen.%20It%20is%20also%20the%20case%20that%20some%20of%20the%3Cbr%3Emore%20junior%20civil%20servants%20believed%20that%20their%20involvement%20in%20some%20of%20these%20events%20was%20permitted%20given%20the%20attendance%20of%20senior%20leaders.%C2%A0%3C%2Fp%3E%0A%3Cp%3E%22The%20senior%20leadership%20at%20the%20centre%2C%20both%20political%20and%20official%2C%20must%20bear%20responsibility%20for%20this%20culture.%C2%A0%3C%2Fp%3E%0A%3Cp%3E%22I%20found%20that%20some%20staff%20had%20witnessed%20or%20been%20subjected%20to%20behaviours%20at%20work%20which%20they%20had%20felt%20concerned%20about%20but%20at%20times%20felt%20unable%20to%20raise%20properly.%3C%2Fp%3E%0A%3Cp%3E%22I%20was%20made%20aware%20of%20multiple%20examples%20of%20a%20lack%20of%20respect%20and%20poor%20treatment%20of%20security%20and%20cleaning%20staff.%20This%20was%20unacceptable.%22%C2%A0%3C%2Fp%3E%0A
Dust and sand storms compared
Sand storm
- Particle size: Larger, heavier sand grains
- Visibility: Often dramatic with thick "walls" of sand
- Duration: Short-lived, typically localised
- Travel distance: Limited
- Source: Open desert areas with strong winds
Dust storm
- Particle size: Much finer, lightweight particles
- Visibility: Hazy skies but less intense
- Duration: Can linger for days
- Travel distance: Long-range, up to thousands of kilometres
- Source: Can be carried from distant regions
The%C2%A0specs%20
%3Cp%3E%3Cstrong%3EEngine%3A%20%3C%2Fstrong%3E2-litre%204-cylinder%20mild%20hybrid%3Cbr%3E%3Cstrong%3ETransmission%3A%20%3C%2Fstrong%3E7-speed%20S%20tronic%3Cbr%3E%3Cstrong%3EPower%3A%20%3C%2Fstrong%3E265hp%20%2F%20195kW%3Cbr%3E%3Cstrong%3ETorque%3A%3C%2Fstrong%3E%20370Nm%3Cbr%3E%3Cstrong%3EPrice%3A%20%3C%2Fstrong%3Efrom%20Dh260%2C000%3Cbr%3E%3Cstrong%3EOn%20sale%3A%3C%2Fstrong%3E%20now%3C%2Fp%3E%0A
Getting%20there%20and%20where%20to%20stay
%3Cp%3EEtihad%20Airways%20operates%20seasonal%20flights%20from%20Abu%20Dhabi%20to%20Nice%20C%C3%B4te%20d'Azur%20Airport.%20Services%20depart%20the%20UAE%20on%20Wednesdays%20and%20Sundays%20with%20outbound%20flights%20stopping%20briefly%20in%20Rome%2C%20return%20flights%20are%20non-stop.%20Fares%20start%20from%20Dh3%2C315%2C%20flights%20operate%20until%20September%2018%2C%202022.%C2%A0%3C%2Fp%3E%0A%3Cp%3EThe%20Radisson%20Blu%20Hotel%20Nice%20offers%20a%20western%20location%20right%20on%20Promenade%20des%20Anglais%20with%20rooms%20overlooking%20the%20Bay%20of%20Angels.%20Stays%20are%20priced%20from%20%E2%82%AC101%20(%24114)%2C%20including%20taxes.%3C%2Fp%3E%0A%3Cp%3E%3C%2Fp%3E%0A
Gulf rugby
Who’s won what so far in 2018/19
Western Clubs Champions League: Bahrain
Dubai Rugby Sevens: Dubai Hurricanes
West Asia Premiership: Bahrain
What’s left
UAE Conference
March 22, play-offs:
Dubai Hurricanes II v Al Ain Amblers, Jebel Ali Dragons II v Dubai Tigers
March 29, final
UAE Premiership
March 22, play-offs:
Dubai Exiles v Jebel Ali Dragons, Abu Dhabi Harlequins v Dubai Hurricanes
March 29, final
Apple's%20Lockdown%20Mode%20at%20a%20glance
%3Cp%3EAt%20launch%2C%20Lockdown%20Mode%20will%20include%20the%20following%20protections%3A%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EMessages%3A%3C%2Fstrong%3E%20Most%20attachment%20types%20other%20than%20images%20are%20blocked.%20Some%20features%2C%20like%20link%20previews%2C%20are%20disabled%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EWeb%20browsing%3A%3C%2Fstrong%3E%20Certain%20complex%20web%20technologies%2C%20like%20just-in-time%20JavaScript%20compilation%2C%20are%20disabled%20unless%20the%20user%20excludes%20a%20trusted%20site%20from%20Lockdown%20Mode%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EApple%20services%3A%20%3C%2Fstrong%3EIncoming%20invitations%20and%20service%20requests%2C%20including%20FaceTime%20calls%2C%20are%20blocked%20if%20the%20user%20has%20not%20previously%20sent%20the%20initiator%20a%20call%20or%20request%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EConnectivity%3A%3C%2Fstrong%3E%20Wired%20connections%20with%20a%20computer%20or%20accessory%20are%20blocked%20when%20an%20iPhone%20is%20locked%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EConfigurations%3A%3C%2Fstrong%3E%20Configuration%20profiles%20cannot%20be%20installed%2C%20and%20the%20device%20cannot%20enroll%20into%20mobile%20device%20management%20while%20Lockdown%20Mode%20is%20on%3C%2Fp%3E%0A
RESULTS
6pm: Mazrat Al Ruwayah – Group 2 (PA) $40,000 (Dirt) 1,600m
Winner: AF Alajaj, Tadhg O’Shea (jockey), Ernst Oertel (trainer)
6.35pm: Race of Future – Handicap (TB) $80,000 (Turf) 2,410m
Winner: Global Storm, William Buick, Charlie Appleby
7.10pm: UAE 2000 Guineas – Group 3 (TB) $150,000 (D) 1,600m
Winner: Azure Coast, Antonio Fresu, Pavel Vashchenko
7.45pm: Business Bay Challenge – Listed (TB) $100,000 (T) 1,400m
Winner: Storm Damage, Patrick Cosgrave, Saeed bin Suroor
20.20pm: Curlin Stakes – Listed (TB) $100,000 (D) 2,000m
Winner: Appreciated, Fernando Jara, Doug O’Neill
8.55pm: Singspiel Stakes – Group 2 (TB) $180,000 (T) 1,800m
Winner: Lord Glitters, Daniel Tudhope, David O'Meara
9.30pm: Al Shindagha Sprint – Group 3 (TB) $150,000 (D) 1,200m
Winner: Meraas, Antonio Fresu, Musabah Al Muhairi
COMPANY PROFILE
Initial investment: Undisclosed
Investment stage: Series A
Investors: Core42
Current number of staff: 47
RESULTS
2pm: Maiden Dh 60,000 (Dirt) 1,400m. Winner: Masaali, Pat Dobbs (jockey), Doug Watson (trainer).
2.30pm: Handicap Dh 76,000 (D) 1,400m. Winner: Almoreb, Dane O’Neill, Ali Rashid Al Raihe.
3pm: Handicap Dh 64,000 (D) 1,200m. Winner: Imprison, Fabrice Veron, Rashed Bouresly.
3.30pm: Shadwell Farm Conditions Dh 100,000 (D) 1,000m. Winner: Raahy, Adrie de Vries, Jaber Ramadhan.
4pm: Maiden Dh 60,000 (D) 1,000m. Winner: Cross The Ocean, Richard Mullen, Satish Seemar.
4.30pm: Handicap 64,000 (D) 1,950m. Winner: Sa’Ada, Fernando Jara, Ahmad bin Harmash.
'Brazen'
Director: Monika Mitchell
Starring: Alyssa Milano, Sam Page, Colleen Wheeler
Rating: 3/5
