A robust cybersecurity culture is critical to the energy industry’s resilience. Here’s why

(Credit: Unsplash)

This article is brought to you thanks to the collaboration of The European Sting with the World Economic Forum.

Author: Øyvind Eriksen, President and Chief Executive Officer, Aker & John Markus Lervik, Chief Executive Officer, Cognite & Karl Johnny Hersvik, Chief Executive Officer, Aker BP ASA

  • The scale and impact of cyber attacks is rising exponentially due to an expanding network of digital platforms.
  • Without adequate preventative strategies the energy industry is vulnerable to future threats.
  • A new playbook from the World Economic Forum defines a set of industry guidelines to enable a sustainable, resilient digital future.

Imagine a cyberattack knocks out a major North American pipeline supplying the east coast of the US during one of the busiest commercial weeks of the year. Or, hackers gain access to gas distribution systems during one of the coldest snaps in Western Europe in recorded history, shutting down heat to about 100 million households. Or, cyber criminals penetrate an offshore rig’s computer system causing pressure sensors to malfunction, crippling production and risking a full evacuation.

Though these are all hypothetical worst-case scenarios batted around by crisis prevention teams, the more disturbing reality is that it’s not a matter of if any of these situations will come to pass it’s when.

We are living in a time where digitalization is on an exponential growth curve. And as digital platforms connect an ever-expanding virtual network of households, vehicles, offices, factories, energy grids and oil rigs, we see an increasing number of attack attempts like these.

While online attacks are nothing new, what is different now is the scale of the risk and impact, which is directly related to the scale of digital connectivity and the massive ecosystem changes resulting from digitalization, decentralization and energy transition. Our cyber adversaries are more agile and sophisticated in their abilities to wreak great havoc from a distance with little to no risk. This needs to change.

Before we can move the needle on these challenges, we need to first ask ourselves some important questions.

  • Do we have the understanding, the digital resilience and the general wherewithal to employ a systematic approach to the new threat and risk landscape across our companies and institutions?
  • What will it take to fight from a place of strength?

How to avoid playing defensively

The threat and risk landscape in heavy asset industries, in particular in the oil and gas industry, is developing at the speed of light with increased complexity, compounded by a reduction in situational awareness.

Barring any action on our parts, we will very soon be left with little choice but to try to close the gaps and play from a position of weakness. Rather than proactively mitigating vulnerabilities and pre-empting attacks, we will react defensively. There are existing opportunities and strengths inherent to industries which can prevent this outcome, and we still have time to take full advantage of them.

As one of the world’s most sophisticated and complex industries makes a multifaceted transition – from analogue to digital, centralized to distributed and fossil-based to low-carbon – managing cyber risk and preventing cyberthreats are quickly becoming critical to company value chains. —Cyber Resilience in the Oil and Gas Industry: Playbook for Boards and Corporate Officers White Paper, World Economic Forum, 2021.

A century of experience deployed at the speed of light

The first category of strengths and opportunities lies in the centuries of experience industrial companies have as operators of high profile, high value, physically complex assets, and knowing how to keep such infrastructure physically safe and secure.

This knowledge and experience is baked into the industrial DNA and spans the entire ecosystem. It will continue to play an important role as a springboard to industrial cybersecurity, but alone it is not enough.

The defences needed for tomorrow must combine industrial knowledge with the power of digital capabilities.

“The more you sweat in peace, the less you bleed in war”

If an organization already has the industrial experience in securing massive physical assets, along with ground-breaking digital platforms, security software, and teams of technology experts, what else can they do be cyber resilient?

Wars, including this new kind of cyber war, are not won with brilliant military strategists, the best trained soldiers and most experienced special ops personnel alone. To win, you need secure supply lines, the best intelligence operations, committed allies, and informed and engaged citizens.

Thus, establishing a diverse, vibrant, sustainability-minded, security and safety-first culture is critical not only to building cyber resilience, but also enabling industry’s digitalization. Running relevant, up to date, and engaging awareness programmes builds robust defensive layers. Culture and awareness efforts should not be perceived as small nor simple. They might very well be what tips the scale in our favour.

What is the World Economic Forum doing on cybersecurity

The World Economic Forum’s Centre for Cybersecurity is leading the global response to address systemic cybersecurity challenges and improve digital trust. We are an independent and impartial global platform committed to fostering international dialogues and collaboration on cybersecurity in the public and private sectors. We bridge the gap between cybersecurity experts and decision makers at the highest levels to reinforce the importance of cybersecurity as a key strategic priority. World Economic Forum | Centre for Cybersecurity

Our community has three key priorities:

Strengthening Global Cooperation – to increase global cooperation between public and private stakeholders to foster a collective response to cybercrime and address key security challenges posed by barriers to cooperation.

Understanding Future Networks and Technology – to identify cybersecurity challenges and opportunities posed by new technologies, and accelerate forward-looking solutions.

Building Cyber Resilience – to develop and amplify scalable solutions to accelerate the adoption of best practices and increase cyber resilience.

Initiatives include building a partnership to address the global cyber enforcement gap through improving the efficiency and effectiveness of public-private collaboration in cybercrime investigations; equipping business decision makers and cybersecurity leaders with the tools necessary to govern cyber risks, protect business assets and investments from the impact of cyber-attacks; and enhancing cyber resilience across key industry sectors such as electricity, aviation and oil & gas. We also promote mission aligned initiatives championed by our partner organizations.

The Forum is also a signatory of the Paris Call for Trust and Security in Cyberspace which aims to ensure digital peace and security which encourages signatories to protect individuals and infrastructure, to protect intellectual property, to cooperate in defense, and refrain from doing harm.

For more information, please contact us.

The increasing nature of culture and awareness can help us today, and more importantly, create necessary organizational capabilities for tomorrow. We need to prepare the board of directors to treat the new risk landscape as its bottom line. We need to equip the domain experts and frontline remote workers with a deeper understanding of the new hybrid reality and associated risks that our industries now operate in, along with its ever-changing stakeholders and dependencies.

This isn’t a simple undertaking, but as the old wartime adage goes, “The more you sweat in peace, the less you bleed in war.”

We need to do the hard work to build a culture where all the layers are working together, sharing knowledge and information. We need to transform our security function from a central, poorly scalable one to a distributed defensive structure, primed to support and protect people, environment, and assets.

Building a resilient future

There is a growing understanding of the massive changes that are in motion and the systemic risks that follow. The new risk landscape will require a different approach to security and safety, a more holistic and integrated approach tailored to the challenges at hand.

The World Economic Forum has invited some of the leading experts and companies to work on how to address our challenges and identify our opportunities. The white paper, Cyber Resilience in the Oil and Gas Industry: Playbook for Boards and Corporate Officers, aims to set the stage through the definition of principles, use of real-life examples, and last but not least implementation guidelines.

The success of any such work is dependent on organizational adoption, and the width, breadth and sustainability of the safety and security programmes.

In the future, and in order to play from a position of strength, it will be of critical importance that industry leaders take the opportunity now and use it to set clear expectations and goals for the security and safety of the digital industrial future.

A sustainable future powered by data and algorithms, informed by centuries of industrial knowledge and built on a strong culture of safety, the environment and critical assets. A future where sharing of knowledge and competency is used to build culture and increased resilience.

the sting Milestones

Featured Stings

Can we feed everyone without unleashing disaster? Read on

These campaigners want to give a quarter of the UK back to nature

How to build a more resilient and inclusive global system

Stopping antimicrobial resistance would cost just USD 2 per person a year

Australia urged to evacuate offshore detainees amid widespread, acute mental distress

Any doubt?

From funders to partners: elevating community expertise to help communities thrive

German opposition win in Lower Saxony felt all over Europe

London is becoming the world’s first National Park City

Yemen consultations have started, insists top UN negotiator

Commission approves emergency measures to protect eastern Baltic cod

How data can help mining companies tackle their trust deficit

From drought to floods in Somalia; displacement and hunger worsen, says UN

From raised fists at the 1968 Olympics to taking the knee: A history of racial justice protests in sport

Will the European Court of Justice change data privacy laws to tackle terrorism?

This is how travel hotspots are fighting back against overtourism

Do all you can to resolve climate change ‘sticking points’ UN chief urges South-East Asian leaders, in Bali

Four lessons from Africa on building effective business ecosystems

Australian homes are turning to solar power in record numbers

European research priorities for 2021-2027 agreed with member states

Meeting the basic needs of our healthcare workers

Mental health: a medical school’s demand

Embracing the diversity in a multicultural city of Romania

The EU Commission lets money market funds continue the unholy game of banks

How the power of sport can bring us together and drive social justice

EU Blue Card: Commission welcomes political agreement on new rules for highly skilled migrant workers

Why building consumer trust is the key to unlocking AI’s true potential

Ukraine’s new political order not accepted in Crimea

Protecting European consumers: toys and cars on top of the list of dangerous products

This is how New York plans to end its car culture

Progress against torture in Afghan detention centres, but Government needs to do more, says UN report

European Citizens’ Initiative: Commission registers ‘Mandatory food labelling Non-Vegetarian / Vegetarian / Vegan’ initiative’

Is South Korea set to lose from its FTA with the EU?

Anti-vaccers: does the empty can rattle the most?

The role of public affairs in student NGOs

Future Forces Forum: Prague will be hosting the most important project in the field of Defence and Security

Latin America’s cities are ready to take off. But their infrastructure is failing them

Political power of women suffering ‘serious regression’, General Assembly President warns

7 top things to know about coronavirus today

How global trade can save lives and livelihoods – and help protect the planet

EU job-search aid worth €9.9 million for 1,858 former Air France workers

European Semester 2018 Spring Package: Commission issues recommendations for Member States to achieve sustainable, inclusive and long-term growth

COVID-19: Save European culture and values, MEPs tell Commission

Children suffering ‘atrocities’ as number of countries in conflict hits new peak: UNICEF

We need to rethink ESG to ensure access to water and sanitation for all

International Court of Justice orders Pakistan to review death penalty for Indian accused of spying

Rise in violent conflict shows prevention ‘more necessary than ever’: UN chief

Top UN political official updates Security Council on Iran nuclear deal

It’s not summer holidays what lead to the bad August of the German economy

How can the world end viral hepatitis by 2030? 5 experts explain

How to talk about climate change: 5 tips from the front lines

Failure to open accession talks with Albania and North Macedonia is a mistake

Myanmar doing too little to ensure displaced Rohingya return: UN refugee agency chief

Further reforms in Sweden can drive growth, competitiveness and social cohesion

EU-UK relations: solutions found to help implementation of the Protocol on Ireland and Northern Ireland

Statistics show the ugly face of youth training schemes

Croatian Presidency outlines priorities to EP committees

Media and entertainment in flux: it’s time for the close-up

5 droughts that changed human history

Are the G20 leaders ready to curb corporate tax-avoidance?

European Youth, quo vadis?

China is the first non-EU country to invest in Europe’s €315 billion Plan

EU institutions agree on priorities for coming years: A common agenda for our recovery and renewed vitality

Coronavirus Global Response: EIB and Commission pledge additional €4.9 billion

More Stings?


  1. […] rapidamente se tornando essenciais para as cadeias de valor das empresas. Para ler mais, acesse o link. (The European Sting – […]

Speak your Mind Here

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s