For the first time, leading oil and gas stakeholders are calling for industry to come together to stop harmful cyberattacks.
The action is in response to major security breaches in the past two years that have highlighted the vulnerability of critical infrastructure. At the World Economic Forum Annual Meeting 2022, 18 companies have come together to take a Cyber Resilience Pledge, in recognition of the fact that much more collective preparedness is needed.
The pledge aims to mobilize global commitment towards strengthening cyber resilience across industry ecosystems. Organizations endorsing the pledge commit to collaborating and taking collective action on cyber resilience. Launched with the support of organizations engaged in the World Economic Forum’s Cyber Resilience in Oil and Gas initiative, the pledge seeks to empower organizations to take concrete steps to enhance cyber resilience across their industry.
The organizations that have taken the pledge are: Aker ASA, Aker BP, Aramco, Check Point Software Technologies, Claroty, Cognite, Dragos, Ecopetrol, Eni, EnQuest, Galp, Global Resilience Federation, Maire Tecnimont, Occidental Petroleum, OT-ISAC, Petronas, Repsol and Suncor.
“First endorsed by key CEOs in the oil and gas value chain, the Cyber Resilience Pledge is a landmark step as it signals recognition of the complexities of building a cyber-resilient industry ecosystem and a commitment towards collective action to achieve it,” said Alexander Klimburg, Head, Centre for Cybersecurity, World Economic Forum. “The World Economic Forum Centre for Cybersecurity is proud to have led this effort in conjunction with our partners. We look forward to scaling the pledge to other industries in the future.”
The pledge promotes a shift towards a resilience-by-design culture, ecosystem-wide, cyber-resilience plans and greater collaboration between players.
“As the world deepens its digital footprint, cyber threats are becoming more sophisticated,” said Amin H. Nasser, CEO of Saudi Aramco. “But one company, working alone, is effectively like locking the front gate while leaving the back door wide open.” Companies must work together if they want to truly protect the critical energy infrastructure that billions of people around the world depend on.
Cyberattacks on the Colonial Pipeline in the United States in May 2021 and on European oil facilities in February 2022 forced the facilities to operate at limited capacity, causing huge economy and society-wide disruptions.
Common, industry-wide, cyber-resilience practices are essential, said Robert M. Lee, CEO and Co-Founder of Dragos. “As our world becomes more digitally connected it is imperative, especially for our industrial and operational technology, to ensure our infrastructure’s secure and safe operation.”
“The oil and gas industry is going through a digital revolution that has been a catalyst to the energy transition and sustainability. Cyber resilience is key in this revolution, as staying ahead of vulnerabilities is fundamental to our business. The pledge is a step further by developing a collective effort to embed cyber-resilience and a cyber-risk aware culture across the energy industry,” said Felipe Bayón, CEO of Ecopetrol.
“The pledge advances Galp’s commitment to joint action on managing cyber risks and protecting cybersecurity of critical energy infrastructure, by creating awareness and a unified stance on cyber resilience in the global energy sector,” said Andy Brown, CEO of Galp.
“Petronas upholds the safety of its people, assets and the environment as our utmost priority, including reinforcing better cyber security and safety practices. Petronas is committed to and fully supports the World Economic Forum’s Cyber Resilience Pledge and its principles in safeguarding our ability to deliver energy responsibly and securely,” said Tengku Muhammad Taufik, CEO of Petronas. “In this respect, we believe that addressing the risks and enhancing cyber resilience is critical as the oil and gas industry embraces greater digitalization to capture valuable opportunities in this digital era.”
The Forum will continue to promote the pledge across multiple industry ecosystems with the objective of facilitating the implementation of the cyber resilience principles.