Strategic Industries Must Shift Focus on Cybersecurity

Secretary of Defense Leon Panetta’s recent address to the Business Executives for National Security conference in New York revisited an old metaphor of the cybersecurity game: a Pearl Harbor-esque surprise attack on the nation’s computer systems. Though the fears that Panetta invoked of a massive cyber attack on the United States may be overblown, there are valid reasons for concern. As Panetta highlighted, foreign powers are increasingly going on the offensive in cyberspace, with two of the world’s most important industries, energy and banking, recently coming under assault. His speech signals that, for the Department of Defense, cyberattacks have likely eclipsed acts of terrorism as the top national security threat.

Prominently mentioned in Panetta’s address was Shamoon, a malicious software program used in an August 2012 attack directed at Saudi Aramco, the world’s largest oil producer, representing some 13.3 percent of global production. Shamoon corrupted data on Saudi Aramco’s network of Windows-based personal computers, deleting contents and disrupting business operations for the company. It is reputed to have impacted as many as 30,000 computers at Aramco, with Qatar’s RasGas also affected. While the Shamoon malware does not appear to have significantly damaged the process control systems for upstream or refining operations at Aramco, its impact on the company was significant.

What Aramco, and the whole of the oil and gas industry, should learn from Shamoon is that their thinking on cybersecurity has to change, significantly and swiftly. As entities with significant geopolitical importance, energy companies are particularly ripe targets for cyberattack. Unfortunately, cybersecurity has until now been a reactive exercise for major global firms. Information technology has allowed massive increases in efficiency and productivity through the development of highly interconnected chains of supply and distribution. But while IT innovation in business processes has raced forward, security has not. Security efforts remain largely focused on confronting known vulnerabilities, such as out-of-date or poorly configured systems, and known threats, of the sort anti-virus software programs intercept on hundreds of millions of computers around the world right now.

Keep reading for free!

Get instant access to the rest of this article by submitting your email address below. You'll also get access to three articles of your choice each month and our free newsletter:

Or, Subscribe now to get full access.

Already a subscriber? Log in here .

What you’ll get with an All-Access subscription to World Politics Review:

A WPR subscription is like no other resource — it’s like having a personal curator and expert analyst of global affairs news. Subscribe now, and you’ll get:

  • Immediate and instant access to the full searchable library of tens of thousands of articles.
  • Daily articles with original analysis, written by leading topic experts, delivered to you every weekday.
  • Regular in-depth articles with deep dives into important issues and countries.
  • The Daily Review email, with our take on the day’s most important news, the latest WPR analysis, what’s on our radar, and more.
  • The Weekly Review email, with quick summaries of the week’s most important coverage, and what’s to come.
  • Completely ad-free reading.

And all of this is available to you when you subscribe today.