Top

Cyber resilience matters: KAUST R&D strengthens KSA systems amid IT outages

KAUST researchers are advancing cybersecurity solutions to protect Saudi Arabia’s critical systems, focusing on building resilient digital infrastructure through industry collaboration and cutting-edge innovation.

King Abdullah University of Science and Technology (KAUST) is at the forefront of fortifying critical computer systems in Saudi Arabia and beyond — a priority highlighted during October’s Cybersecurity Awareness Month. The recent faulty update to CrowdStrike’s Falcon Sensor software, which caused global disruptions for Microsoft Windows, underscores the urgency of KAUST’s mission to build resilient, secure digital infrastructures. 

“Specifically, in my group, we focus on how to build more secure and resilient energy systems as a critical priority, especially in KSA,” said Dr. Charalambos Konstantinou, associate professor of Electrical and Computer Engineering. He sees KAUST collaboration with industry as translating research into practical solutions to protect key infrastructure. 

On July 19, a critical error during a CrowdStrike Holdings Inc. software update required a complex manual fix, involving deletion of a problematic file in “safe” mode. Testifying before Congress on Sept. 24, Adam Meyers, senior manager, detailed the incident’s wide-reaching impacts across airlines, media, banking, healthcare and emergency services. He apologized for the outage and outlined steps to prevent future occurrences, including increased internal testing and allowing customers to choose when to accept updates, thus avoiding simultaneous releases. 

During IT disruptions, such as the CrowdStrike incident, Konstantinou noted, systems crash and reboot, creating potential vulnerabilities that adversaries may exploit by deploying malware or ransomware. For example, phishing attacks often increase as perpetrators send deceptive emails posing as solutions to the problem, tricking users into revealing sensitive information or downloading harmful software. These outages are also highly inconvenient. 

Fortunately, computer science professors Dr. Roberto Di Pietro and Dr. Marc Dacier both emphasize KAUST’s role in advancing cybersecurity through active research and innovation, focusing on safeguarding vital infrastructure. Di Pietro said KAUST proactively develops advanced cybersecurity solutions for satellite communications, power grids, roads and classified systems, with industry partners providing data, infrastructure and testing support. 

As for Dacier, his research promotes practical cybersecurity solutions addressing real-world issues such as bot attacks and phishing. His work includes innovative approaches for videogaming security and detecting malicious middleboxes. In collaborating with industry and government, this research provides impactful, high-quality solutions. 

“From a training and education viewpoint, we’re trying to educate the future developers, decision makers and those who follow our cybersecurity courses so they approach their work and careers in the future with a bit more security-conscious attitude than what most people have today,” he said. 

The CrowdStrike incident 

While the CrowdStrike incident might not have been a cyberattack, noted Konstantinou, it nonetheless resulted in software and service disruptions for the mostly corporate customers who experienced the so-called “blue screen of death,” with their computers repeatedly unable to properly load the operating systems. 

“Modern software systems are highly complex, and even small changes can have unintended consequences, increasing the likelihood of incidents like the one with CrowdStrike,” he said, adding that to address new cyber threats and add features, rapid technological advancements necessitate frequent software updates, increasing the likelihood of errors. Integration challenges with different platforms and services further heighten the risk of conflicts and disruptions.  

“Future risks include cybercriminals exploiting vulnerabilities during disruptions, leading to data breaches or targeted attacks and cascading failures in increasingly digital and interconnected critical infrastructure. To prevent similar incidents, organizations are likely to implement stricter testing protocols, continuous monitoring, and proactive cybersecurity and resilience measures.” 

Both Di Pietro and Dacier hope the CrowdStrike incident prompts a critical reassessment of cybersecurity practices and investments in society at large. They advocate for increased awareness of the need for robust security measures and proactive solutions, urging greater collaboration between academia, industry and governments to address vulnerabilities and enhance resilience against future cyber threats. 

Dacier said: “We are trying to engage more with Saudi companies. It’s a journey. It’s not easy because we are far from the decision-making points. We’re in the process, as it works, to actually find the right people, talk to them and engage with them. We have had a very good relationship with people at NEOM, for instance. We have worked very closely with them for more than 1.5 years.” 

KAUST-made solutions 

While Saudi National Cybersecurity Authority (NCA) guidelines aim to fortify digital security and infrastructure, enhancing national capabilities and technical sovereignty through cybersecurity standards, Konstantinou said KAUST is doing its part by significantly advancing cybersecurity through impactful research projects led by renowned faculty. 

Konstantinou is developing methods to counter cyber threats in the Internet-of-Things era, focusing on protecting and optimizing inverter-based distributed energy resources and mitigating threats within cyber-physical systems. “My research also involves the use of ‘hardware-in-the-loop’ testbeds for realistic grid condition simulations, contributing to both theoretical and practical advancements in securing modern power systems against cyber threats,” he said. 

Di Pietro, who just published a book on security and privacy in power line communication, said KAUST is in a “very good position” to support KSA’s cybersecurity efforts, with multiple faculty members, Ph.D. students and postdocs working in this domain. “In order to contribute to the Kingdom, we are ready to provide the next level of thinking about where we should invest in cybersecurity, what the solutions are and what the threats are.”