Shamoon’ computer virus attack marked new height in international cyber conflict

The deployment of the ''Shamoon'' computer virus against the Saudi Arabian Oil Co last year was an important new development in international cyber conflict.

According to a new working paper from Rice University's Baker Institute for Public Policy and the International Institute for Strategic Studies (IISS) in Manama, Bahrain, Shamoon must put all providers of critical services on alert and requires concerted action by governments and private interests.

The paper, Hack or Attack? Shamoon and the Evolution of Cyber Conflict, was co-authored by Christopher Bronk, a fellow in information technology policy at the Baker Institute, and Eneken Tikk-Ringas, a senior fellow for cybersecurity at the IISS.

The paper documents the Shamoon case and considers its impact on broader policymaking regarding the Middle East, energy and cybersecurity issues. The paper has been approved for publication in the March issue of the journal Survival, Global Politics and Strategy.

''Although the Shamoon attack did not result in any physical damage to critical infrastructure in the Middle East, there has been a secondary impact on risk assessment for providers of critical services worldwide,'' says Bronk. ''Shamoon is a reminder that enterprises need to be alert about the possibility of becoming the target of a politically motivated cyber incident.''

On 15 August 2012, the Saudi Arabian Oil Co. (Saudi Aramco) was struck by a computer virus that possibly spread across as many as 30,000 Windows-based personal computers operating on the company's network.