Impact
Cybersecurity

Strengthening cybersecurity in the oil and gas industry

Published · Updated
Cybersecurity in oil and gas

Protecting refineries is critical to ensure cybersecurity in oil and gas Image: REUTERS/Bing Guan TPX IMAGES OF THE DAY

Related Centres: Centre for Cybersecurity

Listen to the article

  • The oil and gas industry uses a variety of complex systems and technologies that are becoming increasingly vulnerable to cyberattacks.
  • To improve the cybersecurity posture of the industry, the World Economic Forum has established the Cyber Resilience in Oil and Gas initiative.
  • Through the Cyber Resilience Pledge, over 20 global CEOs committed to work together to improve cyber resilience across the ecosystem.

The impact of boosting cybersecurity in oil and gas.

The oil and gas industry uses a range of complex systems and interconnected technologies to extract, transport and refine oil and gas products. While these these technologies are necessary to support the delivery of energy services and products, they are increasingly vulnerable to cyberattacks thus making cybersecurity critical to collective resilience.

The World Economic Forum's Centre for Cybersecurity launched in 2020 the Cyber Resilience in Oil and Gas initiative as part of its efforts to strengthen cybersecurity across multiple industries. The initiative comprises of a community of over 40 public and private organizations working together to drive forward collective action on cyber resilience.

One of the key initiatives of the community is the Cyber Resilience Pledge. A first-of-its-kind, the pledge is endorsed by 21 oil and gas chief executives committed to taking a common approach to cyber resilience and protecting digital infrastructure and assets in the sector.

Pledge endorsers include Aker, Check Point Software Technologies, Claroty, Cognite, Dragos, Ecopetrol, Eni, EnQuest, Galp, Global Resilience Federation, Institute for Security and Safety (ISS), KnowBe4, Maire Tecnimont, Occidental, OT-ISAC, PETRONAS, Repsol, Shell, Saudi Aramco, Schneider Electric and Suncor Energy.

By signing the Cyber Resilience Pledge, all parties endorsed the cyber resilience principles to guide leadership and board members through the process of cultivating a cyber-aware and resilient corporate culture.

"One company working alone is effectively like locking the front gate while leaving the back door wide open. We must work together if we want to truly protect the critical energy infrastructure that billions of people around the world depend upon."

Amin H. Nasser, President and Chief Executive Officer, Saudi Aramco

The challenges of cybersecurity in oil and gas.

The oil and gas industry powers the global economy and is vital to national security. For this reason, protecting this part of the critical infrastructure is fundamental for maintaining the security of people and stability of societies.

With a heavy reliance on technology and information systems to operate, a successful cyberattack against an oil and gas company could have serious consequences, such as operational disruptions, economic losses, reputation damage and even environmental harm.

"Critical infrastructure security is at a pivotal juncture, where threats are proliferating and evolving, but there's also a growing collective interest and desire in protecting our most essential systems."

Yaniv Vardi, Chief Executive Office, Claroty

To illustrate, an attack against a major US pipeline system in 2021 not only resulted in the disruption of operations and financial losses for the company, but also had a cascading effect on other industries. For example, the aviation sector saw disruptions due to jet fuel shortages, and the fear of a gasoline crisis caused panic buying, which in turn led to price spikes at gas stations across the US.

Additionally, during times of geopolitical conflict, the oil and gas sector, as the owner and operator of critical infrastructure, is a target for nation-state actors, hacktivists, and other attackers motivated by political, economic, or strategic interests. For example, prior to the Ukraine crisis, at least 21 gas producers in the US experienced cyberattacks targeting the production, exportation and distribution of liquified natural gas.

Our approach to strengthening cyber resilience.

The Cyber Resilience in Oil and Gas initiative is a programme that brings together a multistakeholder community of more than 100 senior executives and practitioners from the oil and gas and ICT industries. By involving a diverse group of stakeholders from multiple industries, the initiative aims to foster collaboration and information sharing.

The Cyber Resilience Pledge was launched at the Annual Meeting in Davos in 2022. It is based on six guiding principles for cyber resilience that are specific to the oil and gas industry. These principles are designed to help boards of directors take action on cybersecurity within their organizations.

In addition to the Cyber Resilience Pledge, the initiative has also developed several other resources and tools. One of these is a harmonized and streamlined approach for managing third-party cyber risks. With the increasing use of third-party vendors and service providers in the oil and gas industry, managing these risks has become a critical issue. The initiative has provided a framework for companies to assess and mitigate these risks in order to help them ensure the protection of their digital infrastructure and assets.

cybersecurity in oil and gas
Cybersecurity in oil and gas: Key benefits of adopting a holistic approach to third-party risk management

Another key area of focus is the zero-trust model in cybersecurity which has been subject to a lot of confusion and misunderstanding. To develop a shared understanding of the security model, the community has outlined a set of guiding principles for its successful implementation, providing a valuable resource for companies looking to improve their cybersecurity readiness.

The initiative has also launched a guidebook to help organizations and their cyber leaders along a cyber secure and resilient energy transition journey. This guidebook is intended to support executives manage the energy transition while embedding cybersecurity and resilience into corporate processes and in the design of green technologies.

"It is imperative that actors from the industry join strengths and cooperate to make the cyberspace safer and more resilient. We invite other industry players to join this collective effort to deliver sustainable, safe, and reliable energy."

Barbara Frei, Executive Vice-President and Chief Executive Officer, Industrial Automation, Schneider Electric

Get involved.

The Cyber Resilience in Oil and Gas initiative is led by the Forum’s Centre for Cybersecurity and Centre for Energy and Materials.

Organizations are invited join this initiative and bring their expertise to collaborate and strengthen the cyber resilience of the global oil and gas infrastructure.

Marco Aguilar
Marketing Communications Lead, World Economic Forum
Stay up to date:

Oil and Gas

Related topics:
CybersecurityForum InstitutionalGlobal Risks
JOIN THE FORUM
Join us today and help shape a better future
Get involved
Share:
Meetings

World Economic Forum Annual Meeting

Partners:
AkerAker BPAramcoCheck Point Software TechnologiesClarotyCogniteDragosEcopetrolEniEnQuestGalpGlobal Resilience FederationInstitute for Security and Safety (ISS)KnowBe4Maire TecnimontPETRONAS (Petroliam Nasional)RepsolShellSuncor Energy
The Big Picture
Explore and monitor how Oil and Gas is affecting economies, industries and global issues
World Economic Forum logo
Global Agenda

The Agenda Weekly

A weekly update of the most important issues driving the global agenda

Subscribe today

You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.

Partnering on cybercrime is taking the fight against cyber threats to new levels

Marco Aguilar and Sean Doyle

January 17, 2024

IoT security: We are keeping consumers safe from cyber threats

About us

Engage with us

  • Sign in
  • Partner with us
  • Become a member
  • Sign up for our press releases
  • Subscribe to our newsletters
  • Contact us

Quick links

Language editions

Privacy Policy & Terms of Service

Sitemap

© 2024 World Economic Forum