Italian oil and gas industry contractor Saipem has announced that it identified a digital attack against some of its servers.
On 10 December, Saipem published a statement on its website in which it revealed the attack and said it was in the process of collecting information to determine the impact on its systems and the actions it should take to restore normal operations. This notice didn't provide specific details about the digital attack. But Mauro Piasere, Saipem’s head of digital and innovation, did provide a bit of this information. He said that the company's ongoing investigation had determined that the attack had originated in Chennai, India. Piasere went on to say that the attack had mainly affected the company's servers in Saudi Arabia, the United Arab Emirates and Kuwait and had partially targeted its infrastructure in Aberdeen in Scotland. “The servers involved have been shut down for the time being to assess the scale of the attack,” Mauro told Reuters. “There has been no loss of data because all our systems have back-ups,” he continued, adding that the back-up systems would activate once the threat had been eliminated. At the conclusion of its statement, the Italian oil and gas industry contractor said that it's in the process of notifying authorities about the incident. The digital attack against Saipem highlights the ongoing threats targeting the energy industry. In the Middle East, for example, three-quarters of oil and gas companies suffered at least one security compromise between 2017 and 2018 that resulted in the loss of confidential information or disrupted the OT environment. Reflecting these experiences, 70 percent of IT and operational technology (OT) security professionals at energy and oil and gas companies told Tripwire they're concerned that a successful digital attack could cause an explosion or other catastrophic failure. In response, energy organizations should work to strengthen the security and resilience of critical infrastructure, thereby enhancing systems' reliability and availability, as well as automate compliance with NERC and other industry standards. Learn how Tripwire can help.