19Sep 2019

Saudi Arabia drone attack on critical infrastructures: After-action Report

Saudi oil fire

The drone attack on Aramco Abqaiq and Khurai facilities on Saturday, August 14, 2019 knocked out 50% of the Kingdom of Saudi Arabia’s (KSA) biggest asset, the largest oil production center in the world. The attack was well-coordinated and initial sources said the attack was carried out by a swarm of 10 drones. While Yemen's Houthi rebels claimed the attack, the US believes that it was carried out with help from the Iranian government.

Middle East Who Suports Who

This is a significant hit to KSA and the world, as it disrupts the world's oil supply. To prevent it from happening again, the first step KSA must take it is to understand the technology behind the weapon used.

Qasif 1

The consensus is that the drones used were the Qasif-1 or a similarly modified version made at the HESA Isfahan factory. The factory was built by Textron in 1976 to produce Bell 214s helicopters. Soon after, the factory was taken over by the Iranian Revolution and converted to a military factory with many documented products. The Qasif 1 is one of the well-documented products and has been used by several groups for operations in Lebanon, Syria, Iraq, Sudan, and Palestine. The drone has a cylindrical fuselage, a sweptback vertical fin, and a pusher engine. It is powered by a simple two-bladed pusher propeller with a rear-mounted wing and a front canard for good stall, stability, and maneuverability characteristics. The drone flight range is about 75 miles, and while you can change payload vs. distance, doubling the distance will is almost impossible. The units can be launched from a zero-length JATO platform or a Mercedes Benz 911 pneumatic truck launcher. The Qasif-1 is very easy to set up and highly portable, making it an ideal weapon.

Middle East Qasif drone launch platform

The Yemeni border is about 500 miles away from the target location. The probability of the drone launching from Yemen is very low.  According to first reports, the drones were launched from inside the KSA, Iraq, or Iran. If this is the case, when preparing for another attack, it is essential to know that border radars might not be enough and additional radar layers are needed around the facility.

Technology-wise, the Qasif-1 or whatever drone was used is either a 100% GPS navigation, 100% Optical navigation, mix of both, or an unknown non-GPS based technology. If GPS was used, the drone could be launched to reach the target and switched to optical if GPS is lost or you need last-minute target adjustments. This is important to understand, so you know how to stop the attack the next time it happens. The idea is that we might need something more than GPS jammers to stop the attack.

Obviously, the Qasif-1 is not a commercial DJI RF drone, and L1/L2 GPS jamming is pretty much the only non-Kinetic solution available. However, when it comes to critical infrastructures, like Abqaiq, Military-grade solutions, such as Kinetic countermeasures, should be deployed.

Let's look at detection first. The KSA border is approx. 2700 miles. Setting up a military-grade radar to blanket the entire border at $5M a radar with a 4 miles range, you are looking around $3.5B, not too crazy and doable for a country like KSA especially after the attack on Abqaiq.

According to reports, the Kingdom did deploy military-grade radars, and earlier in March they successfully intercepted several drones. So, what happened this time? Did the drone fly low under the radar? Or was it launched from inside the country? We don't know, but these are all possibilities that we need to address. Let's say we don't care about detection anymore; we are going to jam all GPS within 2 miles of the facility. It is possible but challenging since it is a crowded civilian area, and we don't know what systems inside the facility depend on GPS. Then again, they could be non-GPS based drones.

Here is my disappointment with all this. In March 2019, KSA purchased approx. 40 GPS L1/L2 jammers. The solution is not "let's go buy more equipment" but taking the time to understand what happened so you can plan for it properly.

I am not here to judge or start conspiracy theories, but this is real, and security is a serious matter. I was surprised to learn that many startups addressing this threat do not have a military or security background. Companies should be clear about what they can and can't do. If you have weaknesses, bring them to the table. Be transparent.

Going back to KSA, what happened is not a "Drone" thing. It should be looked at as a missile, with advanced features, that needs to be addressed with Kinetic countermeasures. Maybe we can learn something from Israel. According to Wikipedia, "Israel has said that Hezbollah received at least 12 Ababils before 2006. Three Ababils were launched during the conflict. The first Ababil was shot down by an Israeli F-16 on 7 August 2006 off the coast of Northern Israel.

The second Ababil crashed inside Lebanon on 13 August. The third Ababil deployed by Hezbollah was shot down by another F-16 hours later just inside Israel's northern border."

Maybe KSA should take a similar approach? Yes, but based on a clear SOP.

There is a big difference between commercial grade drones and Qasif-1. For KSA to have an effective solution to airspace threats, they need to understand the drone technology used by attackers. What type of drones they can buy and fly, is the technology RF, GPS, or some other technology? You can assume that it's a GPS-enabled drone and purchase GPS jammers but how confident are you that they are not using non-GPS technology like navigation via lidar, quantum accelerometer, or triangulation navigation using communication signal regardless of who owns them. Your smartphones already collect this data, and many apps have access to this information.

Security design based on assumption is a dangerous plan, and most likely, it will fail. You need to understand the technology and its limitations, along with building in redundancy and failsafe procedures. Technology is rarely the full solution, but it is here to help us. Technology should be used in conjunction with well-documented training procedures and practiced SOPs to achieve airspace security.