Galp and 18 other global energy companies have committed at the World Economic Forum, in Davos, to adopt a set of common principles to strengthen their resilience against cyber-attacks, as the industry faces the triple challenge of digitalizing its business, moving from centralized infrastructures to distributed production, and embracing low-carbon energy sources.
The industry’s unified pledge towards unified action on managing cyber risks and promoting a strong cyber security culture starts with the adoption of 10 general principles and adds six oil and gas industry-specific principles to build-up organizational defenses against potential cyber-attacks.
The principles are a result of the World Economic Forum’s Cyber Resilience in Oil and Gas Initiative, launched in 2020. They are the work of a group of senior executives from more than 30 institutions from the oil and gas industry, including Galp, tasked with laying a blueprint for evaluating cyber risk and enhancing cyber resilience across the industry. The group led in-depth discussions to identify the industry’s best practices and to create new solutions that help corporate leaders address cyber risk.
“This Pledge advances Galp’s commitment to joint action on managing cyber risks and protecting cybersecurity of critical energy infrastructure by creating awareness and a unified stance on cyber resilience in the global energy sector”, said Andy Brown, Galp’s CEO.
With industrial device connections expected to reach 37 billion by 2025, digitalization is rapidly transforming the oil and gas industry from a commodity-based business run on analogue equipment into an automated and artificial intelligence-driven industry that makes risk-based decisions with internet-like speed.
This rapid pace of digitalization comes at a cost, however: as oil and gas companies digitize operations, they also expose their companies to cyber risks. The global cost of cybercrime is expected to reach $10.5 trillion annually by 2025.
The organizations that have taken the pledge are Aker ASA, Aker BP, Aramco, Check Point Software Technologies, Claroty, Cognite, Dragos, Ecopetrol, Eni, EnQuest, Galp, Global Resilience Federation, Maire Tecnimont, Occidental Petroleum, OT-ISAC, Petronas, Repsol and Suncor.
To implement these principles and fully realize their intended benefits, cyber resilience must not be an after-thought but must be embedded into an organization’s culture and incorporated into all aspects of a business’s norms. Therefore, aside from defining the principles, the pledge also sets practical recommendations for corporate officers and managers responsible for cyber resilience to put them into practice and to assist board members in exercising their oversight.
For more information on the Plege, please visit https://initiatives.weforum.org/cyberresiliencepledge.