And the company has warned that “a cyber attack on crucial energy supplies and transiting routes in this region would impact the entire world”.
DNV KEMA said that no regional cyber security strategy has yet been implemented in the Middle East, despite a rise in hacking attacks.
Until recently, most of these attacks focused on computers and websites, the so-called ‘front doors’ to energy companies, but DNV said that as viruses become increasingly sophisticated, physical assets such as power stations and power grids are also under threat.
Last year, Saudi Aramco and RasGas reported cyber attacks while in Iran computers at several nuclear power stations were infected.
Mohammed Atif, managing director of DNV KEMA in the Middle East, said the region’s planned and existing cyber protection plans are lagging behind the rest of the world. “This is a situation to really worry about,” he added. “A cyber-attack on crucial energy supplies and transiting routes in this region would impact the entire world.”
He said awareness in the region of cyber threats is insufficient in relation to the technology developments and the level of impact a cyber-attack could have on an average Middle Eastern utility.
“As cyber security threats are not restricted to one single group, but can come from different corners such as governments, activists and hackers, criminal and terrorist organisations and even from within, it is time that we all open our eyes and take appropriate actions to protect our countries and guarantee a safe and sustainable energy provision.”
What is needed to remedy the situation, said Atif, is national governments to develop “coherent cyber security strategies and plans, supported by standards and regulations across the major infrastructure sectors”.
“Sharing responsibility between governments and companies in vital sectors is a first, necessary step in securing safe and reliable cyber networks”, he said.
DNV KEMA found that information on common cyber defense systems like SCADA, Stuxnet and ISPs is increasingly becoming publicly available both in and outside the region. On top of this, industrial control systems are all interconnected with corporate IT networks and the internet, while at the same time the interconnectivity of energy assets such as power grids, is strongly increasing.
“These developments, in combination with insufficient awareness and the absence of a cyber-defense plan, make the energy sector in the Middle East vulnerable, more than elsewhere,” said Atif.