Aramco details plans to counter cyber threats

Aramco details plans to counter cyber threats
Updated 09 September 2012
Follow

Aramco details plans to counter cyber threats

Aramco details plans to counter cyber threats

DHAHRAN: Saudi Aramco President and CEO Khalid A. Al-Falih reiterated that not a single drop of oil was lost during last month’s cyber attack that affected the oil giant’s 30,000 computers.
Speaking at a Saudi Aramco workshop on information technology cyber security and protection response at the company’s headquarters in Dhahran, Al-Falih said: “No critical service or business transaction was directly impacted by the virus.”
Representatives from the Saudi government and the Kingdom’s largest corporations attended the workshop. Saudi Aramco shared its knowledge on crisis management and response strategies to counter cyber threats.
“What happened to us can happen to anyone. By working together we can increase our collective defense,” said Al-Falih.
He said Saudi Aramco has a risk management system in place. “We identified IT as high-risk, based on its essential functions, and due to the potential impact of an IT related incident. We have therefore continually fortified our IT with rigorous protection technologies,” he said.
He admitted that despite all the measures no company in the world could be sure that its systems will not be breached.
“We developed incident response plans to deal with different kinds of scenarios and contingencies,” he said.
When the virus hit on Aug. 15, he said, Aramco was fully prepared. “We had in place the processes and systems to manage, as well as sufficient incident response and business continuity plans to deal with the ramifications,” he said. “Built-in system architecture and protections for the primary components of our computer network, including firewalls and segmentation, meant that all our core operations continued smoothly.”
Al-Falih said Saudi Aramco offered this workshop so other companies would have the full benefit of fresh insight into their recent experience with this incident.”
Along with Al-Falih, Saudi Aramco’s IT managers and specialists were on hand at the workshop to share industry best practices and their experiences, emphasizing the importance of information protection and security as well as the ongoing lurking threats in cyber space.
Ahmed Al-Shaikh, manager of information protection and technology planning at Saudi Aramco, described the company’s efforts to contain the virus and minimize damage. The presence of multiple response systems and contingency plans to swiftly counter further cyber threats was critical for business continuity, he added.
As part of its incident response, the company quickly informed its stakeholders, employees, partners, customers and the public about the incident and provided regular, timely updates.
Saudi Aramco also invited representatives of major IT and IT protection companies such as Microsoft and MacAfee to benefit from their experiences and recommendations.
During the workshop, company experts also discussed its corrective measures and mid- to long-term remedial actions.