Addressing Legal Risk Through SAFETY Act

摘要

On the morning of Aug. 15, 2012, most Saudi Aramco employees were home celebrating Ramadan. Suddenly, the few remaining at work noticed problems with their computers. Screens flickered, and files were lost. Not long after, a group called the Cutting Sword of Justice announced it had launched a major cyber-attack, later dubbed "Shamoon," warning that, "destruction operations ... will be completed within a few hours."By the time it was over, Saudi Aramco had suffered the worst cyber-attack to date, destroying over 35,000 computers - requiring the company to rebuild its entire corporate network. While the attacks did not successfully target segmented supervisory control and data acquisition (SCADA) systems, repercussions still spread across the infrastructure to create real-world physical impacts. Lacking a system to complete transactions, trucks lined up for miles outside of Saudi Aramco terminals unable to be loaded. After two weeks, the company was forced to give oil away for free to keep it flowing within Saudi Arabia.