Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Saudi Attacks Expose Threat to Critical Infrastructure

The strike on Saudi oil infrastructure highlights the easy vulnerability of such facilities even as the kingdom has splurged billions on sophisticated defense hardware.

The strike on Saudi oil infrastructure highlights the easy vulnerability of such facilities even as the kingdom has splurged billions on sophisticated defense hardware.

Yemen’s Iran-aligned Huthi rebels claimed responsibility for the weekend assault, saying they sent a swarm of drones far across the border, but Washington has squarely blamed Iran.

Here is a round-up of the nation’s key infrastructure potentially exposed to attacks:

Oil facilities

Saudi Aramco, the world’s biggest energy company, operates Ghawar and Safaniyah, two of its biggest oil fields.

While its oil wells, scattered over a vast geographical area, may be a difficult target, its various oil processing facilities are more exposed.

The Abqaiq facility –- one of the two sites targeted on Saturday –- is the “most vulnerable” among them, the Washington-based Center for Strategic and International Studies (CSIS) said in a report.

Advertisement. Scroll to continue reading.

The Abqaiq plant is the world’s largest oil processing facility, with a capacity of more than seven million barrels per day, according to the company.

Aramco’s vast system of pipelines, pumping stations and its ports along the Persian Gulf and Red Sea are also vulnerable to potential attacks.

The Huthis claimed their drones targeted two oil pumping stations on Saudi Arabia’s key east-west pipeline in May, shutting it down for several days.

The nation’s oil infrastructure is also vulnerable to cyber attacks.

In 2012, Aramco was among the firms hit by Shamoon, an aggressive disc-wiping malware, in what is believed to be the country’s worst cyber attack yet.

Desalination plants 

Desalination plants provide more than 70 percent of the kingdom’s drinking water, according to official figures. 

Ras al-Khair, the world’s largest desalination plant located on the kingdom’s Gulf coast, is an obvious target.

The kingdom’s water supply could be severely affected in the event of a major attack on the plant.

“Cyber attacks also present a serious threat to Saudi desalination plants like Ras al-Khair,” the CSIS report said. 

Electrical grid

Saudi Arabia’s electrical grid has struggled to keep pace with the demands of its rising population and industrial infrastructure.

An attack on the oil and gas industry could severely impact the electrical grid as the kingdom is largely dependent on hydrocarbons as fuel for the electricity sector.

Its network of transformers and substations are vulnerable to explosive attacks, the CSIS report said.

The electrical system can also be disrupted by cyber attacks, it added.

Industrial control systems

Industrial control interfaces that help regulate large-scale infrastructure such as gas pipelines, transportation systems and power transmission networks are also potentially at risk, the CSIS report said.

“All of these components may be vulnerable to attack by direct human interference such as the deployment of malware in the master unit or by poor design or configuration, which opens up the system to remote cyber exploitation,” the report said.

Learn More About Critical Infrastructure Security at SecurityWeek’s ICS Cyber Security Conference

Written By

AFP 2023

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

ICS/OT

The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

ICS/OT

Wago has patched critical vulnerabilities that can allow hackers to take complete control of its programmable logic controllers (PLCs).

ICS/OT

Cybersecurity firm Forescout shows how various ICS vulnerabilities can be chained for an exploit that allows hackers to cause damage to a bridge.

ICS/OT

More than 1,300 ICS vulnerabilities were discovered in 2022, including nearly 1,000 that have a high or critical severity rating.

ICS/OT

Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.

Cybersecurity Funding

Internet of Things (IoT) and Industrial IoT security provider Shield-IoT this week announced that it has closed a $7.4 million Series A funding round,...

ICS/OT

Siemens and Schneider Electric address nearly 100 vulnerabilities across several of their products with their February 2023 Patch Tuesday advisories.