Industry officials interviewed for this article spoke on condition of anonymity because of the sensitivity of the topic and to avoid antagonizing customers.
The August attacks on RasGas and Saudi Aramco have been traced to a virus dubbed Shamoon. Experts said it wasn’t overly sophisticated and was built using commercially available software. But it nearly destroyed more than 30,000 business network computers at Aramco and erased backup copies of data. Operating systems had to be reinstalled, and for two weeks the company could not conduct business.
Given that Saudi Arabian oil provides the vast majority of the kingdom’s income and keeps the world’s markets relatively stable, shielding Saudi infrastructure from cyberattacks has emerged as a top priority.
Saudi Arabia has been talking with Department of Homeland Security and other U.S. officials to “set up a system where it can provide protection against cyberattacks,” said the senior Middle Eastern diplomat.
Technology industry officials said the U.S. government will not approve licenses that would allow a company’s personnel to conduct attacks on behalf of another country. And they said there are general concerns about
capability the United States should provide even a friendly country.
Booz Allen is not the only U.S. company to offer cyber services. So do major defense contractors such as Lockheed Martin, Northrop Grumman and General Dynamics. And the list of allies looking to buy their cyber-wares extends well beyond the Middle East.
But not everyone looks to the United States for help. Ecuador and Venezuela have turned to Cuba, where experts have been trained by top-tier Russians, according to industry officials.
“You thought we had the Wild West now in cyberspace?” said a former senior U.S. official. “We haven’t seen it yet. We thought it was script kiddies hacking computers from their basement, criminal gangs hacking businesses. We haven’t seen the Wild West of nation states and hacktivist organizations flexing cyber-muscle.”