Ep. 14 Chris Kubecka | Saudi Aramco Hacks

Chris Kubecka, CEO at HypaSec and the Cybrary’s advisory board member, is hosted in this episode of Cybrary’s podcast. She is also working with Saudi Aramco which is at the center of discussion. The infrastructure attack on Saudi Aramco, the oil market, a bit of electricity-powered vehicles, and security tips for preventing or at least lowering the chance for an infrastructure attack.

Saudi Aramco was attacked by a malware called Shamoon which had infected the company’s windows system, the IoT system, and two other facilities. Later, Bahrain and an oil company in Qatar, Raz Gas, were also infected by the variant of Shamoon. This attack was done by a group of people calling themselves the cutting sword of justice. According to Chris, there were many reasons for the attack. The main one, however, was the price, and Saudi Aramco was producing oil at the cheapest price than anyone else. The Iranians who were the attacker committed just for the competition purpose according to Chris.

The talk changes the direction from the supply-side point of view to the demand-side point of view. Considering the demand side of the oil, it differs worldwide. China, for example, is quarantined, and its public transportation is being shut down, and it has been producing electric buses which drop the needs for oil. Tesla is another example of it which is producing the electric-powered semi-truck. These events will disrupt the oil market. In some countries, there are also rules and regulations that drop down the usage of oil. The demand for oil is decreasing during the last five years, and in some places, it is also increasing and in some others, it is consistent. Saudi Arabia has got a consistent demand for more and more oil consumption due to not having a regulation to mandate people to use more fuel-efficient cars and light bulbs, electricity production which is based on oil, and the climate situation.

Continuing the talk about Tesla electricity-powered vehicles, Chris states the recent cost increase in Tesla stock price caused by a variety of factors like high tax advantages for Tesla vehicles, free parking, low-cost car station, not paying for the congestion charge, the battery technology Tesla has been making recently and large battery installation. This can be great news and in the meantime not much great news for the oil market.

According to Chris, prioritizing security is the very initial mechanism that can prevent some of the critical infrastructure attacks. Throughout the time, new technologies are being introduced, and new vulnerabilities are discovered, so some frameworks to have a look at, are CIS control, ICS SCADA, and ICS protocols. These frameworks can familiarize them with a lot of network control and risk associated with them.