Built to inform

Sign up for the daily newsletters

No, Thank you

No data stolen after Saudi, UAE servers of Saipem hacked

Data back-ups are safe but restoration may take some days, Saipem tells Construction Week

Saipem has a strong background in the offshore oil and gas industry [representational image].
Saipem has a strong background in the offshore oil and gas industry [representational image].

No data was stolen after Saudi Aramco and Duqm Refinery contractor Saipem suffered a cyberattack on 10 December. Some of its servers were attacked and data back-ups are safe, but it could take several days to restore the compromised network, a spokesperson for the engineering, procurement, and construction (EPC) heavyweight told Construction Week. 

An investigation has now been launched to determine the source of the attack.

READ: Cyberattack strikes Italian EPC contractor Saipem

“We have no proof of the origins or reasons for the attack, though this is being investigated,” a company representation said. 

US media claim the attack targeted Saipem's servers in the UAE and Saudi Arabia. Saipem neither confirmed nor denied this in email correspondence with Construction Week.

Milan-based Saipem suffered the cyberattack on 10 December, with shares of the Borsa Italiana-listed business falling sharply upon news of the breach. 

READ: Saipem awards $14m Duqm Refinery contract to Oman's Galfar

The EPC firm has had a tough year after it slipped further into the red, following a net loss of $409m for the first nine months in 2018. This came despite a significant contract from Saudi Aramco for the South Gas Compression Plant Pipelines project.

The attack on Saipem has reiterated the need for construction companies to prepare a multi-layered cyber, physical, and human response to data attacks, business development manager at construction consultancy Parsons, Stephen O’Connor, told Construction Week.

“As demonstrated by the likely nature of this attack, protecting critical infrastructure from cyber threats does not have easy software-based solutions,” he said.

“A top-tier oil and gas player like Saipem will have software-based countermeasures in place, and judging from their response so far, robust data loss protection and business continuity safeguards as well.”

O'Connor added that oil and gas, and other critical infrastructure sectors, feature “extensive supply chains”, which means “effectively excluding all potential sources of malware is a formidable challenge”.

He added: “At Parsons, we consider critical infrastructure protection the sixth domain of defence and security. This has emerged due to engineering, construction, industrial control systems, and the internet of things converging with cybersecurity – as well as legacy physical security domains on land, at sea, in the air, and in space.”

Most popular


Go for gold at the 15th Construction Week Awards in December 2019!
Winners will be crowned under 14 categories at a gala ceremony in Dubai – are


Leaders in Construction UAE Summit returns in Sept 2019
Dubai conference to see top officials discuss the people, trends, and challenges that will power
Leaders Kuwait 2018: New Kuwait 2035 needs smart city-led contracts
Localisation and contract modernisation are essential for Kuwait's diversification strategy

Latest Issue

Construction Week - Issue 743
Jun 01, 2019