What the cyber-attack on the US oil and gas pipeline means and how to increase security

80% of senior cybersecurity leaders see ransomware as a dangerous growing threat. Image: Quinten de Graaf/Unsplash

Algirde Pipikaite
Lead, Strategic Initiatives, World Economic Forum Geneva
Filipe Beato
Lead, Centre for Cybersecurity, World Economic Forum
Georges De Moura
Head of Industry Solutions, Centre for Cybersecurity, World Economic Forum Geneva
Our Impact
What's the World Economic Forum doing to accelerate action on Cybersecurity?
The Big Picture
Explore and monitor how Oil and Gas is affecting economies, industries and global issues
A hand holding a looking glass by a lake
Crowdsource Innovation
Get involved with our crowdsourced digital platform to deliver impact at scale
Stay up to date:

Oil and Gas

  • The recent cyber-attack on the US major oil and gas pipeline could become one of the most expensive attacks to an economy.
  • 80% of senior cybersecurity leaders see ransomware as a dangerous growing threat that is threatening our public safety.
  • Here are six principles to improve the cybersecurity of critical infrastructure.

The recent cyber-attack on the US major oil and gas pipeline could become one of the most expensive attacks to an economy. It's also the latest reminder that both the frequency and severity of catastrophic digital shocks on critical infrastructure are on the rise.

The increasing digitalization of critical infrastructure sectors such as oil and gas, and the associated industrial systems, is changing the nature of cyber risks. As digitalization drives growth and transition to net-zero emissions, the energy sector’s ecosystem has become increasingly decentralized and complex. According to the 2021 Global Risks Report, cybersecurity failures are among the top mid-term threats facing the world.

Have you read?

The World Economic Forum recently ran a survey among our Cybersecurity Leadership Community members (representing about 100 senior cybersecurity executives from around the globe) and found out that 80% see ransomware as a dangerous growing threat that is threatening our public safety. Moreover, 97% of the community expressed that business continuity is the main risk when it comes to ransomware attacks.

This is exactly what we saw in last week’s cyber-attack on the pipeline.

After a ransomware attack on Friday, Colonial Pipeline, a US fuel pipeline operator, shut down its network. At the time of this writing, the pipeline is still mostly shut. It's estimated that a prolonged shutdown of the pipeline, which supplies almost half of the East Coast's fuel, would cause prices to rise at gasoline pumps across the country.

This cyber incident has underscored that, increasingly, providers of essential services are more vulnerable to widespread cyberthreats. As a result, cybersecurity is becoming a corporate strategic challenge requiring the highest level of oversight in the complex global industrial environment.

Other recent cyber-attacks like those on a Florida water plant and a Solarwinds software provider further emphasized that the success of these events will depend on the shortcomings of the measures in place to mitigate these threats.

To harness the value offered by digitalization and mitigate potential risks, businesses and governments must reimagine how we use and manage our critical infrastructure. This involves understanding how our individual actions impact the collective and establishing frameworks for shared responsibility.

Unless cybersecurity practices are embedded into the corporate or organizational culture and digital products lifecycle, we are likely to see more frequent attacks on industrial systems like oil and gas pipelines or water treatment plants.

The following principles should guide industry stakeholders shape a responsible course of actions based on the recommendations developed by the World Economic Forum and a multi-stakeholder oil and gas community:

  • Establish a comprehensive cybersecurity governance model
  • Promote a security and resilience-by design culture
  • Increase visibility of third parties risk posture and consider broader ecosystem impact
  • Implement holistic risk management and defense mechanisms with effective preventive, monitoring, response and recovery capabilities.
  • Prepare and tests resilience plan based on a list of pre-defined scenarios to mitigate the impact of an attack.
  • Strengthen international public-private collaboration between all stakeholders In the industry

Read more about our project on Cyber Resilience in Oil & Gas here and about our Partnership against Cyber-Crime here.

Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

World Economic Forum logo
Global Agenda

The Agenda Weekly

A weekly update of the most important issues driving the global agenda

Subscribe today

You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.

The rise of smart contracts and strategies for mitigating cyber and legal risks

Jerome Desbonnet and Oded Vanunu

July 16, 2024

About Us



Partners & Members

  • Sign in
  • Join Us

Language Editions

Privacy Policy & Terms of Service

© 2024 World Economic Forum