By Ali İnal, Senkron Digital
The Burj Khalifa stands as a global symbol of engineering ambition. Across the Middle East, new mega structures are emerging, from Saudi Arabia’s Jeddah Tower to the UAE’s own Burj Azizi, highlighting that in such an innovative region, there will always be a newer, bolder structure pushing boundaries.
Just as engineers race to push skylines higher, this ambition drives the development of the critical infrastructure that powers the Gulf economies. This critical infrastructure includes the oil and gas industry, where offshore operations, from rigs and floating production units to subsea pipelines and offshore terminals, play a vital role in both production and transportation. These operations sit at the heart of regional energy growth, yet their crucial nature also makes them prime targets for cyber threats.
UAE leaders have recognized this, placing cybersecurity high on the national agenda. Significant investment and initiatives to safeguard strategic industries position the country as a regional leader in defending critical infrastructure. Now, the industry must follow.
The skyline of threats
Cyber threats targeting critical infrastructure are growing in sophistication and persistence. Attackers, whether lone hackers or well-resourced groups, are finding new, innovative techniques to breach systems.
In the UAE alone, the Cyber Security Council estimates more than 200,000 attacks occur every day, overwhelmingly aimed at critical sectors such as energy. Ransomware has led this surge, accounting for over half of all incidents last year and becoming increasingly advanced.
A stark example came in August 2024, when the RansomHub group breached Halliburton, the world’s second-largest oilfield services company with major Dubai operations. While the attack primarily affected corporate IT systems, it highlights the scale and sophistication of modern ransomware. Disruptions in connected networks can ripple across offshore operations that rely on those systems for coordination, data and support. The attack forced IT shutdowns and customer disconnections, and it resulted in an estimated $35 million in losses.
And this is just one example; ransomware attacks in the UAE rose by 32% in 2024, according to the Cyber Security Council, proof that even the tallest towers of industry can be shaken.
Building defenses higher
As skyscrapers rise, so does the attack surface. The convergence of information technology (IT) and operational technology (OT) has driven efficiency but also exposed new vulnerabilities. A breach in a corporate IT can now act as a gateway into OT systems that run offshore platforms, production vessels and subsea infrastructure. Industrial Internet of Things (IoT) amplifies this risk, with attackers often staging intrusions in IT before moving into high-stakes OT networks, where remote monitoring and automated control systems are critical.
Cyber defense cannot wait to react. Effective protection requires anticipation: spotting anomalies, staying ahead of intrusions and acting quickly enough to prevent minor lapses from cascading into critical failures. Clear frameworks, like IEC 62443, NIS2 and the NIST Cybersecurity, are essential. They aren’t just compliance checklists, but tested methods to bring IT and OT security, anticipate evolving risks and coordinate rapid response.
The rapid adoption of AI in both attack campaigns and industrial operations has transformed the landscape. Ransomware groups use AI to map vulnerabilities and launch precision intrusions, while the energy firms’ own AI systems can introduces hidden cracks. The higher the tower climbs, the more catastrophic the fall if those cracks are left unchecked.
The view from above
From the top of the Burj Khalifa, the view is unparalleled, for now. But blueprints for the next tower are already on the drawing board. Cybersecurity mirrors this; new attack methods are being developed even as you read this.
The question isn’t whether they will strike, but whether corporate and offshore networks are ready. Every overlooked system or hidden vulnerability in IT or OT could become an attacker’s gateway.
Leaders must do more to strengthen defenses and shape the future of secure infrastructure. The pace of innovation in this region is unmatched, and resilience must rise just as fast.
