Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Saudi Attacks Expose Threat to Critical Infrastructure

The strike on Saudi oil infrastructure highlights the easy vulnerability of such facilities even as the kingdom has splurged billions on sophisticated defense hardware.

The strike on Saudi oil infrastructure highlights the easy vulnerability of such facilities even as the kingdom has splurged billions on sophisticated defense hardware.

Yemen’s Iran-aligned Huthi rebels claimed responsibility for the weekend assault, saying they sent a swarm of drones far across the border, but Washington has squarely blamed Iran.

Here is a round-up of the nation’s key infrastructure potentially exposed to attacks:

Oil facilities

Saudi Aramco, the world’s biggest energy company, operates Ghawar and Safaniyah, two of its biggest oil fields.

While its oil wells, scattered over a vast geographical area, may be a difficult target, its various oil processing facilities are more exposed.

The Abqaiq facility –- one of the two sites targeted on Saturday –- is the “most vulnerable” among them, the Washington-based Center for Strategic and International Studies (CSIS) said in a report.

The Abqaiq plant is the world’s largest oil processing facility, with a capacity of more than seven million barrels per day, according to the company.

Advertisement. Scroll to continue reading.

Aramco’s vast system of pipelines, pumping stations and its ports along the Persian Gulf and Red Sea are also vulnerable to potential attacks.

The Huthis claimed their drones targeted two oil pumping stations on Saudi Arabia’s key east-west pipeline in May, shutting it down for several days.

The nation’s oil infrastructure is also vulnerable to cyber attacks.

In 2012, Aramco was among the firms hit by Shamoon, an aggressive disc-wiping malware, in what is believed to be the country’s worst cyber attack yet.

Desalination plants 

Desalination plants provide more than 70 percent of the kingdom’s drinking water, according to official figures. 

Ras al-Khair, the world’s largest desalination plant located on the kingdom’s Gulf coast, is an obvious target.

The kingdom’s water supply could be severely affected in the event of a major attack on the plant.

“Cyber attacks also present a serious threat to Saudi desalination plants like Ras al-Khair,” the CSIS report said. 

Electrical grid

Saudi Arabia’s electrical grid has struggled to keep pace with the demands of its rising population and industrial infrastructure.

An attack on the oil and gas industry could severely impact the electrical grid as the kingdom is largely dependent on hydrocarbons as fuel for the electricity sector.

Its network of transformers and substations are vulnerable to explosive attacks, the CSIS report said.

The electrical system can also be disrupted by cyber attacks, it added.

Industrial control systems

Industrial control interfaces that help regulate large-scale infrastructure such as gas pipelines, transportation systems and power transmission networks are also potentially at risk, the CSIS report said.

“All of these components may be vulnerable to attack by direct human interference such as the deployment of malware in the master unit or by poor design or configuration, which opens up the system to remote cyber exploitation,” the report said.

Learn More About Critical Infrastructure Security at SecurityWeek’s ICS Cyber Security Conference

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

ICS/OT

The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

ICS/OT

Municipal Water Authority of Aliquippa in Pennsylvania confirms that hackers took control of a booster station, but says no risk to drinking water or...

ICS/OT

Mandiant's Chief analyst urges critical infrastructure defenders to work on finding and removing traces of Volt Typhoon, a Chinese government-backed hacking team caught in...

Cybercrime

Energy giants Schneider Electric and Siemens Energy confirm being targeted by the Cl0p ransomware group in the campaign exploiting a MOVEit zero-day.

ICS/OT

Wago has patched critical vulnerabilities that can allow hackers to take complete control of its programmable logic controllers (PLCs).

ICS/OT

Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.