World Economic Forum’s Cyber Resilience Promise in the Oil and Gas Sector
In the year since the calamitous Colonial Pipeline cyberattack, we have seen increased awareness and commitment to cybersecurity initiatives from government and industry leaders. For example, President Biden issued an ambitious executive order in May 2021 to improve federal cybersecurity. In 2022, the SEC proposed a change to its reporting requirements regarding cyber incidents. More recently, in the private sector, the World Economic Forum (WEF) introduced the Cyber Resilience Pledge at its annual meeting, Davos 2022. The Pledge is an initiative for global oil and gas players, and it aims build cyber resilience against dangerous attacks. and “mobilize global engagement” across industries.
Davos 2022 was the first in-person WEF meeting since the start of Covid-19. It was themed “History at a turning point: government policies and commercial strategies”, and the issue of cyber resilience in oil and gas proved a necessary addition to the list of more traditional topics such as food crises, health issues and the global economy. Featured speaker Puesh Kumar from the US Department of Energy cited the colonial attack as a direct influence on this initiative. He underscored the importance of leaders in the oil and gas community coming together to absorb and act on the lessons presented by what is now considered one of the most significant attacks on our nation’s critical infrastructure. The operational technology that supports the oil and gas industry is highly susceptible to hackers, and we’ve reached a point where business leaders must work together to protect the assets that millions of people rely on.
It’s time for world leaders to step up
Director of the WEF’s Center for Cybersecurity, Alexander Klimburg, hailed the pledge as a “historic step” towards cultivating an industry-wide cyber-resilient “ecosystem”. Champions such as Dragos, Claroty, Saudi Aramco and many more have come together to establish a framework for executive leadership to assess cyber risk and foster cyber resilience. The oil and gas sector has been grappling with supply chain issues through the Covid-19 pandemic and heightened geopolitical tensions that have resulted from the Ukraine-Russia conflict. Board members and corporate executives are increasingly aware of the devastating impact cybercriminals are having on their already precarious situation. The challenge for these business leaders is to exercise due diligence and effectively manage and mitigate the cyber threats facing their organizations. With the ever-expanding threat landscape, the task seems daunting, but The Cyber Resilience Pledge intends to provide such guidance. It is based on six “Consensus Principles” that set industry guidelines in helping business leaders build cyber resilience across industries:
- Cybersecurity is a strategic business enabler
- Understand the economic drivers and impact of cyber risk
- Align cyber risk management with business needs
- Ensure organizational design supports cybersecurity
- Integrate cybersecurity expertise into board governance
- Encourage systemic resilience and collaboration
The WEFs Playbook for corporate boards and executives, describes these six principles in detail along with accompanying case studies.
This path to cyber resilience is well aligned with the core tenets of Axio’s risk-based approach to cybersecurity, as it takes technical problems and translates them into actionable business problems. These decision makers need to know how a cyber incident could affect their bottom line. This approach leads board members to make quantifiable decisions by answering the following questions:
- What are the most significant risks and how do they translate into financial terms?
Cyber risk quantification provides business leaders with a clear picture of different solutions and associated cost scenarios.
- What is our level of cyber maturity against established cybersecurity frameworks, and how does this level of maturity align with the answer to the previous question?
Maturity-based assessments promote a framework that any business, regardless of size or stage of maturity, can use.
- Do we have the funds and insurance to recover financially when an attack occurs?
Cyber risk management is an ever-evolving goal, and risk posture can change in the blink of an eye; a risk-based approach means the program can adapt quickly to operational or fiscal changes at any time.
- How does our risk management and mitigation strategy align with that of our peers?
When the public interest is at stake, benchmarking and transparent and actionable data are necessary to stay reasonably informed before, during or after a cyberattack.
Axio’s approach to cyber resilience has given rise to Axio360, a decision support software platform for risk assessment that answers these questions. The system generates reports that contextualize risk exposure, risk tolerance levels and an overview of the industry risk landscape. It also provides a dynamic and continuous assessment process, which is essential in dealing with today’s growing threat landscape and the increasing digitalization that is sweeping all industries (especially the oil and gas sector). To learn more about this topic, download our board guide, “Getting the Right Board Game: A Board Guide to Making Informed Cybersecurity Decisions.”
To get started with Axio360 today and help your organization prepare for and prevent a cyber disaster, request a demo or contact [email protected]