Saudi Oil Prices and ISIS

Global media is focusing on two issues at the moment; the French terrorist attacks and Saudi Arabia’s interventions that have led to a collapse of oil prices. Investors need to spend more time studying global politics to understand that the two events are linked.

The big question facing investors is whether the move by Saudi Arabia to pump out oil is a short or long term move. The answer to this question will have fundamental impacts on the global economy.

Answering this question requires an understanding of the current state of the kingdom of Saudi Arabia.

Saudi Arabia has maintained its kingdom by providing fiscal support for its population and maintaining a strict Islamic culture. The kingdom’s aging monarch King Abdullah is ill, and despite arrangements for succession, the Kingdom is subject to factional power plays with some factions actively interested in disrupting transfer of power. On Saudi Arabia’s borders lies ISIS who is working to achieve an Islamic State in the region. In the last week militants operating from Iraq attacked a Saudi border post killing Brigadier General Awdah al-Balawi who was responsible for Saudi’s northern borders.

Saudi Arabia is facing a budget deficit of around US $39 billion which it will dip into its reserves to fund. Saudi Arabia’s fiscal position is driven by the high proportion of the population that works for the government, which the IMF estimates is around two-thirds of the population. With the emergence of ISIS the Saudi Government cannot afford to reduce spending at this time, as this may in itself lead to civil disruption in the Kingdom.

The question for Saudi is why would they willingly reduce oil prices when the Kingdom needs the revenues for its own budget. The answer is that ISIS represents a greater threat. ISIS was estimated to have been making $3 million a day in August 2014 from captured oil in Syria and Iraq before oil price declines and attacks on ISIS controlled facilities.

The question as to how much of a threat ISIS represents to the Saudi Kingdom is difficult to assess from an outsiders perspective. The killing of Brigadier General Awdah al-Balawi suggests that ISIS may have insider information. What is certain is that with attacks on its senior leaders it is likely that the Saudi royal family is more concerned with ISIS, which would like to replace the Kingdom with a caliphate, than US shale oil producers.

Whether oil prices stay low is likely to be impacted by the success of ISIS. What Saudi cannot afford to do is to give ISIS oil revenues that would enable it to consolidate its power. Low prices are likely to persist so long as ISIS is in control of oil facilities and remains a threat to the Saudi Kingdom. Saudi Arabia has a strong incentive to run its own oil production at full tilt so as to maximise the revenue that it extracts. The US is unlikely to complain as it understands the sensitive situation in the region.

For investors, understanding the future direction of oil prices, will requires an understanding of shifting Middle East sands.

Cyber Cold War increases corporate risk

The Cyber Cold War, which started when the US Government launched the stuxnet digital weapon to attack Iranian enrichment of uranium, represents a growing risk for corporates who are now being targeted by state-sponsored hackers.

On 2 January 2015, President Obama issued an Executive Order placing sanctions on North Korea in relation to what he called the “provocative, destabilizing, and repressive actions and policies of the Government of North Korea, including its destructive, coercive cyber-related actions during November and December 2014.”

The Executive Order directly relates to North Korea’s hacking of Sony but is part of what can be called a Cyber Cold War that started when the US Government launched it stuxnet digital weapon to target Iran’s nuclear program in 2009.

Up until now, the main people to focus on the Cyber Cold War have been computer analysts. Whilst the tech world has been full of chatter on the impact of the stuxnet program that targeted centrifuges that Iran was using to enrich uranium to weapon grade, like much that goes on in the world of geopolitics, investors have largely ignored the evolving story.

The story began in 2009 at a time when the U.S was concerned that Iran was on the brink of developing a nuclear weapons. Iran was doing everything it could to hide its enrichment activities, including developing underground facilities. Fearing the consequences if Iran developed weapons – including a possible strike by Israel – the US launched a sophisticated program that spread virally. The purpose of the program was to find certain kinds of industrial computer programs that were controlling the operation of the centrifuges. The stuxnet program was harmless to computers that did not contain certain Siemens software that was used to control industrial machinery. When stuxnet identified a computer running particular Siemens software that was operating centrifuges it would adjust operational settings that would have the impact of destroying the centrifuge.

Stuxnet – and following digital weapons – were successful in achieving their aim. Iran suffered huge problems with its enrichment program with thousands of centrifuges exploding. The US has since been able to use diplomacy to offer a solution that would see Iran uranium enriched by Russia, which would enable Iran to develop nuclear energy without weapons. Talks between parties are continuing.

But for every action there is a reaction.

Once news of the stuxnet program started to creep out on tech blogs, dedicated software analysts dug to the bottom to discover who was behind the program.

Once it was revealed that stuxnet was a digital weapon created by the US, Iran responded in its own way by developing its own cyber warfare capabilities.

According to Cylance’s report, Operation Cleaver, Iran’s cyber program has targeted, attacked and compromised more than 50 victims since 2012.
Iran’s cyber program has been backed up with rhetoric from Ayatollah Ali Khamenei, Iran’s supreme leader, who in February 2014 urged Iranian IT students to prepare for battle, stating “”You are the cyber-war agents and such a war requires Amman-like insight and Malik Ashtar-like resistance. Get yourself ready for such war wholeheartedly.”

According to Bloomberg Businessweek a catastrophic cyberattack on Las Vegas Sands Corp on 10 February 2014 directly targeted the casino’s owner Sheldon Adelson, one of the richest men in the world who had made inflammatory comments about dropping a nuclear bomb in the Iranian desert to send a message to Tehran to stop developing nuclear weapons.

In August 2012, Saudi Arabia’s Saudi Aramco was targeted with a destructive virus called Shamoon that wiped out data on 30,000 machines. It has been speculated that Iran may have been involved in this attack. Whoever was responsible, such attacks are likely to send ripple effects through nation states. The U.S response to North Korea indicates that it will take executive action – even when the target is not critical infrastructure.

The implication of the Cyber Cold War is that the greatest threat to IT systems is no longer from back-room hackers but from state sponsored, sophisticated operations. The Cyber Cold War is becoming a core business risk. The attacks on businesses including Las Vegas Sands, Saudi Aramco and Sony have demonstrated that state sponsored hackers are likely to target hard and soft targets.

What does this mean for investors?

The development of a truly global economy has presented many opportunities for investors, but it also raises the risks of contagion.

At a company level investors should analyse whether a particular company is exposed to attack for any particular reason. It is also important to assess whether a company has adequate risk management practices in place. Questioning a company on their IT security management has not in the past been seen as a material investment risk – but it is now.

It is also important for investors to spend more time reading the political section of newspapers, and not just the business section. Geo-politics – whether it be the impact of Saudi Arabia driving the global oil price down, or cyber hacking by state sponsored hackers – will play an increasing role in the global economy.

In the long term we can expect that governments and tech companies will make investments that will provide better protection of IT systems and will produce a more resilient business environment. Just as defence investments in technology resulted in innovations that were utilised commercially we can also expect that investment cyber defence may result in innovations that have larger commercial applications. But there is no guarantee that this will be the case. Investors have to appreciate the value of IT investments made by companies that reduce risk. The problem of such investments is that they are costly and businesses that are focused on short term profits will have incentives to avoid investment.

We must also hope that global leaders are able to act responsibly to ensure stability. Whether or not a digital attack is an act of war is a question that will be considered by global leaders as they respond to the new environment.


Countdown to Zero Day

Cylance Operation Cleaver Report

Click to access Cylance_Operation_Cleaver_Report.pdf

Iran’s supreme leader tells students to prepare for cyber war

Now at the Sands Casino: An Iranian Hacker in Every Server

Iran hackers may target U.S. energy, defense firms, FBI warns