The US pipeline attack shows the energy sector must act now on cybersecurity. Here are 6 ways how

(Credit: Unsplash)

This article is brought to you thanks to the collaboration of The European Sting with the World Economic Forum.

Author: Leo Simonovich, Vice President and Global Head, Industrial Cyber and Digital Security, Siemens Energy & Filipe Beato Lead, Centre for Cybersecurity, World Economic Forum


• The recent ransomware attack on a major US pipeline owner outlines the vulnerability of critical infrastructure.

• The energy sector cannot wait for governments to regulate on cybersecurity.

• It must prepare for frequent, sophisticated cyberattacks as the new normal.

Strong cybersecurity requires a collaborative approach. In the oil and gas sector, supply chains are interconnected and interdependent – making it important to advance cybersecurity maturity as a community.

The recent ransomware attack striking Colonial Pipeline, a major pipeline owner and operator responsible for transporting nearly half of transportation fuel to the eastern United States, should be a startling lesson in the vulnerability of critical infrastructure to cyber-risks. Reliable energy supply chains depend on getting cybersecurity right – now, and in the future.

Like it or not, governments and businesses must adjust to a continually escalating threat landscape. As governments contend with the geopolitics of cyberattacks, we can expect many will explore new regulations, expanded cooperation between governments and the private sector, and enhanced technological protections for critical infrastructure. Yet oil and gas executives cannot wait on government to forge ahead with the daunting task of reducing cyber-risk across their expansive and complex organizations.

Intense market pressure continues to drive a digital revolution in the oil and gas sector. The COVID-19 pandemic added a surge of remote work arrangements to the growing wave of digitized, networked systems that maximize efficiencies and minimize emissions. The clear competitive advantages of digital assets means the digital revolution will continue. More and more of the industrial processes crucial to the oil and gas sector will rely on networked, digitally controlled equipment. Yet the very nature of digitized equipment brings increased cyber-risk. The same tools that help oil and gas infrastructure run efficiently and support remote operation are potential points of exposure for cyberattacks.

In part because of the expanded and altered attack surface offered by digitized equipment, the frequency and sophistication of attacks continues to rise, and has shifted focus. Where past attacks focused on information technologies (IT), attacks on operating technologies (OT) are now common.

This threat environment is the new normal for oil and gas infrastructure. Whether attackers are criminals motivated by financial gain or nation-state actors playing geopolitics, digitized oil and gas infrastructure makes a tempting target. Board members – and the information security officers they hold accountable – should be preparing for frequent, sophisticated attacks to be an ongoing operational risk.

Even for industry leaders keenly aware of the risks and trends facing the oil and gas industry, building robust cybersecurity can be a daunting challenge.

The World Economic Forum White Paper Cyber Resilience in the Oil and Gas Industry: Playbook for Boards and Corporate Officers provides a new blueprint to secure critical infrastructure to help oil and gas industry leaders address cyber-risk and implement key recommendations within their organizations, as well as to champion standards across the energy ecosystem. This new playbook is a result of discussions and collaboration of the World Economic Forum community of oil and gas industry partners – including Siemens Energy and Saudi Aramco – that prompted and produced a guide to help oil and gas industry leaders address cyber-risk and implement key recommendations within their organizations, as well as to champion as standards across the energy ecosystem.

A new World Economic Forum White Paper outlines specific provisions for oil and gas cybersecurity
A new World Economic Forum White Paper outlines specific provisions for oil and gas cybersecurity Image: World Economic Forum

The WEF working group combined experiences to develop a set of six industry-specific principles to help boards at oil and gas companies govern cyber-risks and strengthen their organization’s cyber-resilience:

1. Cyber-resilience governance

Cybersecurity efforts count on broad participation within an organization. Aligning efforts and setting clear accountability are fundamental to success.

2. Resilience by design

Including cybersecurity as a design parameter and as part of corporate culture helps improve outcomes.

3. Corporate responsibility for resilience

Recognizing that sophisticated, frequent threats are likely to continue or escalate, organizations should be examining their cyber-risks, and taking responsibility for managing them.

4. Holistic risk management approach

Like other risks, managing cyber-risks requires a mandate, funds, resources and accountability. In the oil and gas sector, it’s especially important to discover and mitigate risks to all parts of the value chain, so that one weak link doesn’t bring production to a halt.

5. Ecosystem-wide collaboration

Weak links in defences may lie outside of an organization. Intentional efforts to share cyberthreat information, best practices and improve cybersecurity maturity across the whole sector help industry-wide stability.

6. Ecosystem-wide cyber-resilience plans

Recognizing that cyberattacks will continue to occur, building resilience plans helps mitigate damage from those that succeed in whole or in part. Cybersecurity exercises enable defenders to test and improve defenses – including how they will cooperate with other industry partners.

To help board members and corporate officers envision these principles in action, the playbook lays out concrete examples of best practices, along with implementation strategies. The adoption of these principles will support the industry in its efforts to continue delivering safe, affordable and low-carbon energy for decades to come.

What is the World Economic Forum doing on cybersecurity

The World Economic Forum’s Centre for Cybersecurity is leading the global response to address systemic cybersecurity challenges and improve digital trust. We are an independent and impartial global platform committed to fostering international dialogues and collaboration on cybersecurity in the public and private sectors. We bridge the gap between cybersecurity experts and decision makers at the highest levels to reinforce the importance of cybersecurity as a key strategic priority. World Economic Forum | Centre for Cybersecurity

Our community has three key priorities:

Strengthening Global Cooperation – to increase global cooperation between public and private stakeholders to foster a collective response to cybercrime and address key security challenges posed by barriers to cooperation.

Understanding Future Networks and Technology – to identify cybersecurity challenges and opportunities posed by new technologies, and accelerate forward-looking solutions.

Building Cyber Resilience – to develop and amplify scalable solutions to accelerate the adoption of best practices and increase cyber resilience.

Initiatives include building a partnership to address the global cyber enforcement gap through improving the efficiency and effectiveness of public-private collaboration in cybercrime investigations; equipping business decision makers and cybersecurity leaders with the tools necessary to govern cyber risks, protect business assets and investments from the impact of cyber-attacks; and enhancing cyber resilience across key industry sectors such as electricity, aviation and oil & gas. We also promote mission aligned initiatives championed by our partner organizations.

The Forum is also a signatory of the Paris Call for Trust and Security in Cyberspace which aims to ensure digital peace and security which encourages signatories to protect individuals and infrastructure, to protect intellectual property, to cooperate in defense, and refrain from doing harm.

For more information, please contact us.

Only together can we all build a stable, efficient, reliable oil and gas ecosystem that secures our shared future against ongoing cyberthreats.

the sting Milestones

Featured Stings

Can we feed everyone without unleashing disaster? Read on

These campaigners want to give a quarter of the UK back to nature

How to build a more resilient and inclusive global system

Stopping antimicrobial resistance would cost just USD 2 per person a year

Taxes on polluting fuels are too low to encourage a shift to low-carbon alternatives

All for equality – 2020 is a pivotal year for Gender Equality

Humanitarian Aid: €64 million for most vulnerable in Southern Africa

EU unfolds strategy on the Egypt question

Can privatisation be the panacea for the lack of growth in Europe?

‘Hateful attacks’ pushing Sri Lanka backwards, UN advisers warn, urging an end to ‘discriminatory practices’ that feed intolerance

Brexit uncertainty keeps shaking the world’s financial markets

EU Facility for Refugees in Turkey: third annual report shows continued vital and tangible support for refugees and their host communities

Europe turns out more jobs this summer

Migrants, asylum seekers detained in Hungary ‘deliberately deprived of food’: UN human rights office

UN announces roadmap to Climate Summit in 2019, a ‘critical year’ for climate action

Donald Tusk presents EU summit conclusions for last time

Macron plans for Europe, Brexit and banks but vague on France

A Sting Exclusive: Disaster risk resilience, key to protecting vulnerable communities

MEPs want to ensure sufficient funding for Connecting Europe’s future

Why exchange programs are essential for the medical students of the 21st century

These social entrepreneurs are lighting up Africa

Let Nagasaki remain ‘the last city’ to suffer nuclear devastation says museum director, as UN chief arrives

3 ways to rebuild trust in how we regulate technology

Contribution of healthcare professionals towards the 2030 Global Health Agenda

Rude work emails are bad for your health and on the rise – here’s what you need to know

Youth leaders share positive visions of the future, as Guterres launches UN75 in New York

Stateless Rohingya refugee children living in ‘untenable situation’, UNICEF chief

European Youth cries out: Sustainable Development Goals ambitious, but lack focus on youth

Here’s how business needs to change for a new decade

How sustainable infrastructure can help us fight climate change

The Commission neglects the services sector and favours industry

EU to gain the most from the agreement with Iran

New rules for temporary border controls within the Schengen area

Landmark EU Parliament – ECB agreement on bank supervision

Reducing disaster risk is a good investment, and ‘the right thing to do’, says Guterres

The world’s most vulnerable must be protected: WHO briefing

COVID-19 shows we need a broader definition of safe mobility

Tackle ‘unacceptable inequalities’ in cancer care, saving up to seven million lives, WHO urges

South Sudan: UN official welcomes release of women and children abducted by armed group

Any doubt?

ECB: A revolutionary idea to revitalize the European economy with cheap loans to SMEs

The COVID-19 Wave III and the lessons we should have learned

These charts show where the world’s refugees came from in 2017 – and where they’re heading

Disintegrating Tories will void May’s pledge for Brexit deal in seven weeks

UN ‘determined to lead by example’ on disability rights: Guterres

COP21 Breaking News: China has promised to cut emissions from its coal power plants by 60% by 2020

4 charts that show how technology is enabling the energy transition

How our Europe will regain its strength: op-ed by Ursula von der Leyen, President of the European Commission

Australian homes are turning to solar power in record numbers

UN rights chief slams ‘unconscionable’ US border policy of separating migrant children from parents

‘Essential step’ towards universal health care made at pivotal UN conference

Libyan national conference postponed, nearly 500,000 children at ‘direct risk’ from fighting around Tripoli

Did Draghi ask the Germans to accept a drastic change of austerity policies?

Migrant children at US border have right to protection and ‘be with their families’: UNICEF chief

The Junior Enterprise concept, one of the best ways to develop practical skills

Work is on the brink of a revolution – we need office buildings to match

“A Junior Enterprise is run only by students.. there are no professors or managers that can help you solve your problems”

5 steps businesses can take to protect air quality after COVID-19

Here’s how we can make innovation more inclusive

Trump blocks US warmongers from bombing Iran

Why trust and technology go hand-in-hand

10 tonnes of trash was taken off Everest – and repurposed

What the mighty mangrove tells us about our broken relationship with nature

Climate Change Revolution: by-laws for the world

More Stings?

Speak your Mind Here

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s