Breaking cybersecurity news, news analysis, commentary, and other content from around the world, with an initial focus on the Middle East & Africa and the Asia Pacific

Oil Giant Aramco Drills Down on Saudi ICS Security

Saudi Arabia's national oil and gas company is investing in an operational technology security training academy for organizations across the Kingdom.

Nicholas Fearn, Contributing Writer, Technology Journalist

November 14, 2023

2 Min Read
Green factory equipment with OT logos over it connected with dots
Source: Pitinan Piyavatin via Alamy Stock Photo

Aramco, the national oil company of Saudi Arabia, says that it's exploring ways of strengthening cyber protections for Aramco's industrial assets and infrastructure, as well as those critical to Saudi Arabia more broadly. 

Specifically, Aramco is looking to boost security for operational technology (OT) environments, and will be working with Dragos, a cybersecurity firm, to open a Saudi Arabia-based academy to provide training for that area.

"Our work with Dragos serves to accelerate our country's Vision 2030 objectives to foster economic relations with global partners and advance our digital economy," said Ahmad Al-Khowaiter, executive vice president of technology and innovation at Aramco, in signing the deal. 

The initiative comes a decade after Aramco infamously experienced a devastating malware attack that infected 35,000 of its computers for several hours. The incident led Aramco's IT team to sever the connection of every company computer and data center, making day-to-day operations impossible apart from oil production analog activities.

Industry Collaboration Drives OT Cyber-Readiness

The training partnership with Dragos showcases the benefits of industry collaboration, according to ESET global cybersecurity advisor Jake Moore.

"Industrial systems have long been at risk from cyberattacks, so this impressive move highlights how industries are able to future-proof their businesses by protecting themselves with collaboration," he says.

Moore adds that OT training "should never be underestimated or overshadowed," and called cybersecurity upskilling a "significant asset" for industrial companies like Aramco. 

Hollie Hennessy, senior analyst at Omdia, praised the effort to make ICS/OT security more accessible to organizations in the Middle East, noting that providing specialist training helps with some of those organization's biggest challenges.

"OT/ICS organizations struggle to communicate effectively across different parts of the business, do not always have adequate training for internal stakeholders, and, of course, are troubled by the skills gap — which is even more prevalent in an area where OT professionals and engineers (which are also difficult to come by) are often responsible for cybersecurity," she says.

She adds, "ICS/OT cybersecurity is also often less mature than in the IT world, and so organizations need varying support at different stages of their journey and often cybersecurity services to help manage, assess, and develop."

About the Author

Nicholas Fearn, Contributing Writer

Technology Journalist

Nicholas Fearn is a freelance tech journalist from the Welsh valleys. He's written for major outlets like Forbes, Financial Times, The Guardian, The Independent, The Telegraph, HuffPost and Business Insider, as well as tech publications like Gizmodo, TechRadar, Laptop Mag, Computer Weekly, ITPro and many more. When Nicholas isn't geeking over the latest gadgets and tech trends, he's probably listening to Mariah Carey on repeat.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights