Strengthening cyber resilience in the oil and gas industry

(Credit: Unsplash)

This article is brought to you thanks to the collaboration of The European Sting with the World Economic Forum.

  • The oil and gas industry uses a variety of complex systems and technologies that are becoming increasingly vulnerable to cyberattacks.
  • To improve the cybersecurity posture of the industry, the World Economic Forum has established the Cyber Resilience in Oil and Gas initiative.
  • Through the Cyber Resilience Pledge, over 20 global CEOs committed to work together to improve cyber resilience across the ecosystem.

The impact.

The oil and gas industry uses a range of complex systems and interconnected technologies to extract, transport and refine oil and gas products. While these these technologies are necessary to support the delivery of energy services and products, they are increasingly vulnerable to cyberattacks thus making cybersecurity critical to collective resilience.

The World Economic Forum’s Centre for Cybersecurity launched in 2020 the Cyber Resilience in Oil and Gas initiative to strengthen the cybersecurity posture of the industry. The initiative comprises of a community of over 40 public and private organizations working together to drive forward collective action on cyber resilience.

One of the key initiatives of the community is the Cyber Resilience Pledge. A first-of-its-kind, the pledge is endorsed by 21 oil and gas chief executives committed to taking a common approach to cyber resilience and protecting digital infrastructure and assets in the sector.

Pledge endorsers include Aker, Check Point Software Technologies, Claroty, Cognite, Dragos, Ecopetrol, Eni, EnQuest, Galp, Global Resilience Federation, Institute for Security and Safety (ISS), KnowBe4, Maire Tecnimont, Occidental, OT-ISAC, PETRONAS, Repsol, Shell, Saudi Aramco, Schneider Electric and Suncor Energy.

By signing the Cyber Resilience Pledge, all parties endorsed the cyber resilience principles to guide leadership and board members through the process of cultivating a cyber-aware and resilient corporate culture.

“One company working alone is effectively like locking the front gate while leaving the back door wide open. We must work together if we want to truly protect the critical energy infrastructure that billions of people around the world depend upon.”— Amin H. Nasser, President and Chief Executive Officer, Saudi Aramco

The challenges of cybersecurity in the oil and gas industry.

The oil and gas industry powers the global economy and is vital to national security. For this reason, protecting this part of the critical infrastructure is fundamental for maintaining the security of people and stability of societies.

With a heavy reliance on technology and information systems to operate, a successful cyberattack against an oil and gas company could have serious consequences, such as operational disruptions, economic losses, reputation damage and even environmental harm.

“Critical infrastructure security is at a pivotal juncture, where threats are proliferating and evolving, but there’s also a growing collective interest and desire in protecting our most essential systems.”— Yaniv Vardi, Chief Executive Office, Claroty

To illustrate, an attack against a major US pipeline system in 2021 not only resulted in the disruption of operations and financial losses for the company, but also had a cascading effect on other industries. For example, the aviation sector saw disruptions due to jet fuel shortages, and the fear of a gasoline crisis caused panic buying, which in turn led to price spikes at gas stations across the US.

Additionally, during times of geopolitical conflict, the oil and gas sector, as the owner and operator of critical infrastructure, is a target for nation-state actors, hacktivists, and other attackers motivated by political, economic, or strategic interests. For example, prior to the Ukraine crisis, at least 21 gas producers in the US experienced cyberattacks targeting the production, exportation and distribution of liquified natural gas.

Our approach to strengthening cyber resilience.

The Cyber Resilience in Oil and Gas initiative is a programme that brings together a multistakeholder community of more than 100 senior executives and practitioners from the oil and gas and ICT industries. By involving a diverse group of stakeholders from multiple industries, the initiative aims to foster collaboration and information sharing.

The Cyber Resilience Pledge was launched at the Annual Meeting in Davos in 2022. It is based on six guiding principles for cyber resilience that are specific to the oil and gas industry. These principles are designed to help boards of directors take action on cybersecurity within their organizations.

In addition to the Cyber Resilience Pledge, the initiative has also developed several other resources and tools. One of these is a harmonized and streamlined approach for managing third-party cyber risks. With the increasing use of third-party vendors and service providers in the oil and gas industry, managing these risks has become a critical issue. The initiative has provided a framework for companies to assess and mitigate these risks in order to help them ensure the protection of their digital infrastructure and assets.

Cyber resilience in oil and gas
Cyber resilience in oil and gas: Key benefits of adopting a holistic approach to third-party risk management

Another key area of focus is the zero-trust model in cybersecurity which has been subject to a lot of confusion and misunderstanding. To develop a shared understanding of the security model, the community has outlined a set of guiding principles for its successful implementation, providing a valuable resource for companies looking to improve their cybersecurity readiness.

The initiative has also launched a guidebook to help organizations and their cyber leaders along a cyber secure and resilient energy transition journey. This guidebook is intended to support executives manage the energy transition while embedding cybersecurity and resilience into corporate processes and in the design of green technologies.

“It is imperative that actors from the industry join strengths and cooperate to make the cyberspace safer and more resilient. We invite other industry players to join this collective effort to deliver sustainable, safe, and reliable energy.”— Barbara Frei, Executive Vice-President and Chief Executive Officer, Industrial Automation, Schneider Electric

Get involved.

The Cyber Resilience in Oil and Gas initiative is led by the Forum’s Centre for Cybersecurity and Platform for Shaping the Future of Energy, Materials and Infrastructure.

Organizations are invited join this initiative and bring their expertise to collaborate and strengthen the cyber resilience of the global oil and gas infrastructure.

Speak your Mind Here

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: