'Shamoon' computer virus attack marked new height in international cyber conflict

Feb 13, 2013 by Jeff Falk

The deployment of the "Shamoon" computer virus against the Saudi Arabian Oil Co. last year was an important new development in international cyber conflict. Shamoon must put all providers of critical services on alert and requires concerted action by governments and private interests, according to a new working paper from Rice University's Baker Institute for Public Policy and the International Institute for Strategic Studies (IISS) in Manama, Bahrain.

The paper, "Hack or Attack? Shamoon and the Evolution of Cyber Conflict," was co-authored by Christopher Bronk, a fellow in at the Baker Institute, and Eneken Tikk-Ringas, a senior fellow for cybersecurity at the IISS. The paper documents the Shamoon case and considers its impact on broader policymaking regarding the Middle East, energy and cybersecurity issues. The paper has been approved for publication in the March issue of the journal Survival, and Strategy.

"Although the Shamoon attack did not result in any physical damage to in the Middle East, there has been a secondary impact on risk assessment for providers of critical services worldwide," Bronk said. "Shamoon is a reminder that enterprises need to be alert about the possibility of becoming the target of a politically motivated cyberincident."

On Aug. 15, 2012, the Saudi Arabian Oil Co. (also known as Saudi Aramco) was struck by a that possibly spread across as many as 30,000 Windows-based personal computers operating on the company's network. The company is Saudi Arabia's national petroleum concern and a producer, manufacturer, marketer and refiner of crude oil, natural gas and . According to news sources, it may have taken Aramco almost two weeks to fully restore its network and recover from the disruption of its daily business operations caused by data loss and disabled workstations resulting from the incident. The computer security research community dubbed the virus Shamoon.

While Aramco leadership has asserted that production was unaffected, the authors said there are important questions from the Shamoon case germane to other players in oil and gas and elsewhere in industry. "But the critical point for policy is how government, commercial actors, the international system and other players share and manage cyberincident risk," Bronk said. "Shamoon identifies just how broadly a major cyberattack can impact key national capabilities and concerns."

The authors argue that the Shamoon incident calls for a review and refinement of critical infrastructure policies (CIP) and joint efforts between governments and private interests.

"Developing working public-private partnerships in CIP is a challenging task, as it requires very careful consideration by government of relevant business goals and processes as well as appreciation of the governmental threat assessment logic and the required supervisory steps by the private sector," Tikk-Ringas said. "Although the need for public-private protection and defense models has been acknowledged, the policy goals and business routines are difficult to marry without resistance." She said a plan of action for achieving a working CIP model will need a balanced role division.

The authors said cyberattacks against critical infrastructure are unlikely to go unnoticed, and therefore, an appropriate response is in order. "This raises the questions of strategic communications, decision-making about who responds to which aspects of the incident and how," Tikk-Ringas said. "Such transgressions challenge national security and raise the questions of use of force considered by lawyers of international conflict. Therefore, responses to CI cyberincidents matter from both national authority and general deterrence perspectives and, in the light of the Aramco-Shamoon incident, require special attention by enterprises, governments and international organizations alike."

Explore further: White House updating online privacy policy

More information: "Hack or Attack? Shamoon and the Evolution of Cyber Conflict" working paper: www.bakerinstitute.org/publications/ITP-pub-WorkingPaper-ShamoonCyberConflict-020113.pdf

add to favorites email to friend print save as pdf

Related Stories

Cyber war targets Middle East oil companies

Oct 22, 2012

Middle Eastern oil and gas companies have been targeted in massive attacks on their computer networks in an increasingly open cyber war where a new virus was discovered just this past week.

Virus origin in Gulf computer attacks in question

Sep 04, 2012

(AP)—Security technicians are beginning to suspect that highly targeted virus attacks were behind the recent crippling of computer systems at two major Gulf energy companies, even as questions swirl about ...

Recommended for you

White House updating online privacy policy

3 hours ago

A new Obama administration privacy policy out Friday explains how the government will gather the user data of online visitors to WhiteHouse.gov, mobile apps and social media sites. It also clarifies that ...

Net neutrality balancing act

22 hours ago

Researchers in Italy, writing in the International Journal of Technology, Policy and Management have demonstrated that net neutrality benefits content creator and consumers without compromising provider innovation nor pr ...

Twitter rules out Turkey office amid tax row

Apr 16, 2014

Social networking company Twitter on Wednesday rejected demands from the Turkish government to open an office there, following accusations of tax evasion and a two-week ban on the service.

How does false information spread online?

Apr 16, 2014

Last summer the World Economic Forum (WEF) invited its 1,500 council members to identify top trends facing the world, including what should be done about them. The WEF consists of 80 councils covering a wide range of issues including social media. Members come ...

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

frajo
not rated yet Feb 14, 2013
[1]
Such transgressions challenge national security and raise the questions of use of force considered by lawyers of international conflict

Saudi Arabia is a tyranny - anti-democratic, violator of human rights, with Shariah based laws, suppressor of the freedom fighters in Bahrain.
So who is to consider the "use of force" against whom?

[2]
struck by a computer virus that possibly spread across as many as 30,000 Windows-based personal computers
Congratulations. This was the first virus related PhysOrg article I read that did not omit the Windows aspect.

More news stories

Hackathon team's GoogolPlex gives Siri extra powers

(Phys.org) —Four freshmen at the University of Pennsylvania have taken Apple's personal assistant Siri to behave as a graduate-level executive assistant which, when asked, is capable of adjusting the temperature ...

Venture investments jump to $9.5B in 1Q

Funding for U.S. startup companies soared 57 percent in the first quarter to a level not seen since 2001, as venture capitalists piled more money into an increasing number of deals, according to a report due out Friday.

Male monkey filmed caring for dying mate (w/ Video)

(Phys.org) —The incident was captured by Dr Bruna Bezerra and colleagues in the Atlantic Forest in the Northeast of Brazil.  Dr Bezerra is a Research Associate at the University of Bristol and a Professor ...

'Exotic' material is like a switch when super thin

(Phys.org) —Ever-shrinking electronic devices could get down to atomic dimensions with the help of transition metal oxides, a class of materials that seems to have it all: superconductivity, magnetoresistance ...