Saudi Attacks Expose Threat to Critical Infrastructure

The strike on Saudi oil infrastructure highlights the easy vulnerability of such facilities even as the kingdom has splurged billions on sophisticated defense hardware.

Yemen’s Iran-aligned Huthi rebels claimed responsibility for the weekend assault, saying they sent a swarm of drones far across the border, but Washington has squarely blamed Iran.

Here is a round-up of the nation’s key infrastructure potentially exposed to attacks:

Oil facilities

Saudi Aramco, the world’s biggest energy company, operates Ghawar and Safaniyah, two of its biggest oil fields.

While its oil wells, scattered over a vast geographical area, may be a difficult target, its various oil processing facilities are more exposed.

The Abqaiq facility –- one of the two sites targeted on Saturday –- is the “most vulnerable” among them, the Washington-based Center for Strategic and International Studies (CSIS) said in a report.

The Abqaiq plant is the world’s largest oil processing facility, with a capacity of more than seven million barrels per day, according to the company.

Aramco’s vast system of pipelines, pumping stations and its ports along the Persian Gulf and Red Sea are also vulnerable to potential attacks.

The Huthis claimed their drones targeted two oil pumping stations on Saudi Arabia’s key east-west pipeline in May, shutting it down for several days.

The nation’s oil infrastructure is also vulnerable to cyber attacks.

In 2012, Aramco was among the firms hit by Shamoon, an aggressive disc-wiping malware, in what is believed to be the country’s worst cyber attack yet.

Desalination plants 

Desalination plants provide more than 70 percent of the kingdom’s drinking water, according to official figures. 

Ras al-Khair, the world’s largest desalination plant located on the kingdom’s Gulf coast, is an obvious target.

The kingdom’s water supply could be severely affected in the event of a major attack on the plant.

“Cyber attacks also present a serious threat to Saudi desalination plants like Ras al-Khair,” the CSIS report said. 

Electrical grid

Saudi Arabia’s electrical grid has struggled to keep pace with the demands of its rising population and industrial infrastructure.

An attack on the oil and gas industry could severely impact the electrical grid as the kingdom is largely dependent on hydrocarbons as fuel for the electricity sector.

Its network of transformers and substations are vulnerable to explosive attacks, the CSIS report said.

The electrical system can also be disrupted by cyber attacks, it added.

Industrial control systems

Industrial control interfaces that help regulate large-scale infrastructure such as gas pipelines, transportation systems and power transmission networks are also potentially at risk, the CSIS report said.

“All of these components may be vulnerable to attack by direct human interference such as the deployment of malware in the master unit or by poor design or configuration, which opens up the system to remote cyber exploitation,” the report said.

Learn More About Critical Infrastructure Security at SecurityWeek’s ICS Cyber Security Conference