Friday, July 1, 2022

Canadian energy provider Suncor among firms vowing to increase cyber resiliency

Calgary-based oil sands developer Suncor Energy and cybersecurity provider Check Point Software are among 18 energy and technology-related firms that have vowed to improve their cybersecurity resiliency at the annual gathering of the World Economic Forum (WEF).

The announcement that the companies have agreed to the Cyber Resilience Pledge to enhance cybersecurity throughout their systems was made this morning from Davos, Switzerland, where the annual meeting of the discussion group is taking place.

“The action is in response to major security breaches in the past two years that have highlighted the vulnerability of critical infrastructure,” the forum said in a news release.

Separately the federal ministry of Natural Resources announced support for a cybersecurity incident response playbook (see below).

One high-profile energy sector breach was last year’s ransomware attack on the IT systems of Colonial Pipelines in the U.S., which forced the company to temporarily shut operations. That caused huge lineups for gasoline across the U.S. east coast. More recently, the forum notes, there have been cyberattacks on the Amsterdam-Rotterdam-Antwerp (ARA) oil refining hub and on two German energy firms.

In March the U.S. charged four Russians with allegedly being involved in attacks on the energy sector between 2012 and 2018. (See this news release for more detail)

Related content: Threat actors have new tools for attacking ICS, SCADA devices, say US cyber agencies

The forum first began developing a resiliency pledge for the energy sector in 2020. Last year the forum released a cyber resilience playbook for the oil and gas sector.

Organizations that agree to the non-binding pledge promise to

  • strengthen ecosystem-wide cyber resilience by adopting six cyber resilience principles. These include cyber-resilience governance, taking a holistic-risk management approach, including resilience by design in operations, collaborating on cyber resilience across an organization’s ecosystem, taking corporate responsibility for cyber resilience and making ecosystem-wide cyber resilience plans;
  • engage senior cyber leaders from signatory organizations to take collective action by developing global approaches and improving cyber resilience across ecosystems;
  • advocate and showcase experiences by demonstrating the impact achieved by the Cyber Resilience Pledge.

The initial companies agreeing to the pledge are Aker ASA, a Norwegian industrial investment company with ownership interests concentrated in oil and gas; Aker BP; Saudi Aramco, which suffered a huge wiperware attack in 2012; Check Point Software Technologies; Claroty, which specializes in IoT cybersecurity; Cognite, a Norwegian industrial IT company; Dragos, and industrial IoT cybersecurity provider; Ecopetrol of Columbia; Italian energy provider Eni; EnQuest, Galp, the Global Resilience Federation, Maire Tecnimont, an Italian engineering firm in the energy sector; Occidental Petroleum; OT-ISAC, the Singapore-based Operational Technology Information Sharing and Analysis Center; Malaysia-based energy provider Petronas; Repsol, an energy provider in Spain; and Suncor, which also owns the Petro-Canada gas chain.

“First endorsed by key CEOs in the oil and gas value chain, the Cyber Resilience Pledge is a landmark step as it signals recognition of the complexities of building a cyber-resilient industry ecosystem and a commitment towards collective action to achieve it,” said Alexander Klimburg, head of the WEF’s Centre for Cybersecurity.

The Canadian federal government has several initiatives in place to strengthen cybersecurity in the energy sector.

Today it announced a $156,514 investment in a Canadian engineering company’s playbook that provides instructions and guidelines which energy sector organizations can leverage to counter and recover quickly from cyber attacks. A government spokesperson said the money was for the creation of the playbook

Created by the Canadian consulting engineering firm BBA, the Industrial Automation and Control Systems (IACS) Cyber Security Incident Response Playbook relies on industry best practices to provide for strong cyber security responses to ensure organizations are prepared to react systematically during times of emergency. In 2020 Ottawa selected BBA to create a methodology for assessing cyber risks for industrial control systems.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Related Tech News

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.