Armexa contributed to one of the world’s most ambitious renewable energy initiatives—an $8.4 billion green hydrogen facility designed to produce 600 tons of carbon-free hydrogen per day—by leading comprehensive Operational Technology (OT) cybersecurity design reviews and risk assessments throughout the facility. Located in a developing region of the Middle East, the facility will utilize over 5 million solar panels and 250 wind turbines to generate 4GW of renewable electricity, powering hydrogen and ammonia production, air separation units, and port facilities for global export.
The client selected us to lead these assessments, an ambitious critical undertaking given the facility’s scale and global engineering footprint, based on our proven track record of conducting cyber HAZOP assessments per the international standard, ISA/IEC 62443-3-2. These assessments ensured that cybersecurity was embedded into the plant’s foundational design, by identifying, ranking, and addressing risks across interconnected systems and ensuring alignment with regional regulations and international standards.
Challenges
The complexity and scale of this Green Hydrogen project presented several challenges:
- Global Engineering Footprint: Multiple EPCs (Engineering, Procurement, and Construction firms) and dozens of OEMs (Original Equipment Manufacturers) contributed to the design and delivery of OT systems for the site
- System Diversity: Hundreds of unique OT products and platforms throughout the facility
- Integration Complexity: The need to coordinate engineering, automation, safety, and cybersecurity resources from dozens of companies
- Language and Time Zone Barriers: Coordination between global teams and local staff introduced logistical and communication hurdles.
Our Approach
Armexa deployed OT cybersecurity professionals, all of whom were also experienced in process control, safety, and automation, to lead and execute the approximately 12 month engagement. Key components of our approach included:
- OT Cybersecurity Design Reviews: Comprehensive design reviews of nearly 300 individual control system architectures and designs
- Cyber HAZOP Workshops: Facilitated scores of consequence-driven workshops with engineering and cybersecurity stakeholders to analyze and assess the potential cyber risks in the facility control systems that were partitioned into nearly 200 security zones.
- Security Measure Effectiveness Credits: Our team developed and employed a standardized method to gather, evaluate, and document the capabilities and effectiveness of cybersecurity measures in the hundreds of OT products and platforms
- Risk-Based Reporting: Developed and presented executive-level, as well as detailed, system-specific reports with risk-ranked and prioritized recommendations tailored to the client’s risk tolerance and compliance requirements
Outcomes & Impact
Armexa’s involvement delivered significant value at the design stage of the project life cycle:
- Early Detection of Vulnerabilities: Uncovered cybersecurity gaps and compliance issues before implementation, enabling proactive remediation
- Consistent Risk Framework: Applied a consequence-based, standards-driven methodology across all systems for consistent and actionable risk evaluations
- Targeted Recommendations: Delivered clear, prioritized remediation plans, allowing the client to address unacceptable risks efficiently and effectively
- Support for Long-Term Compliance: Positioned the client for long-term success in maintaining cybersecurity standards across the facility lifecycle
By integrating OT cybersecurity best practices early in the design phase, we helped ensure that this landmark $8.4 billion investment is built on a secure foundation—ready to deliver sustainable, carbon-free hydrogen to the world with resilience and confidence.
