Iran Investigates if Series of Oil Industry Accidents Were Caused by Cyberattack
After weeks of speculation on the cause of an unprecedented string of fires and explosions in major Iranian oil and gas facilities, Iran’s Supreme National Cyberspace Council has said that it is looking into cyberattacks as a possible cause. “Special teams will be sent to the afflicted sites to study the possibility of cybersystems having a role in the recent fires,” said Abolhasan Firoozabadi, secretary of the council.
The first of the fires, which started on 6 July, in the Bouali petrochemical plant on the Persian Gulf coast, took 3 days to put out and threatened to send toxic clouds of smoke into the nearby city of Mahshahr, with a population of 300,000. There were no fatalities, but damages are estimated to be tens of millions of US dollars, and insurers say it could be the biggest compensation claim in Iran’s history.
Less than 48 hours after the Bouali fire was put out, a worker was killed in the Marun Oil and Gas Production Company when a liquefied gas pipeline exploded. This was followed by a fire in the Bisotoon petrochemical plant in the western Iranian city of Kermanshah on 29 July, which took 2 days to put out.
The Iranian Petroleum Ministry, in charge of all of the affected sites denied the plants were sabotaged, and the Iranian oil minister Bijan Namdar Zanganeh said the fires and explosions were due to technical faults and human error. However, when an explosion in a gas pipeline near Gonaveh, which killed a worker, and another fire in the Imam Khomeini petrochemical plant occurred within hours of each other on 6 August, the ministry refused to comment until after investigations.
If the cyberspace council does rule that cyberattacks were behind these fires and explosions, it wouldn’t be the first time that Iran’s petroleum industry was the victim of such an attack; in April 2012, a virus forced the ministry to disconnect its main oil terminals and facilities from the Internet to protect them from damage. Officials later claimed that they had traced the service providers used by the attackers back to the US.