Recognizing the critical importance of securing operational technologies (OT) that manage and operate critical energy systems such as electricity, oil, and natural gas, the G7 countries decided to develop a joint cybersecurity framework focused on these technologies. On the same day that the G7 announced their plan, the U.S. Department of Energy (DOE) issued new Supply Chain Cybersecurity Principles that focus on fundamental actions and approaches needed for the global energy supply chain to build stronger cybersecurity postures for energy automation and industrial control systems (ICS).
The G7 effort will improve the security and resilience of global supply chains for key energy sector technologies and ensure appropriate levels of cybersecurity throughout the manufacturing process of related technologies.
The G7 Cybersecurity Framework aims to establish one standard and set of practices to help manage emerging cybersecurity risks globally. The framework provides for cooperation, national sharing, risk management, and resilience, and supports manufacturers and operators to design and adopt appropriate risk management measures while effectively enabling cybersecurity.
The move also builds on efforts by the White House Supply Chain Resilience Council to strengthen supply chains critical to America’s economy and national security, as well as efforts by DOE and Idaho National Laboratory, which have brought significant expertise to securing OT infrastructure.
The G7 initiative will develop a global cybersecurity framework to guide energy systems in order to coordinate globally, protect critical infrastructure, strengthen resilience and support innovation. This framework will achieve harmonization among major economies, ensure that energy systems recover quickly enough in the event of a cyber incident and provide security for the introduction of new technologies in the energy sector.
Supply Chain Cybersecurity Principles focus on a holistic risk management approach to combat potential cybersecurity threats. Essentially, manufacturers and operators, in collaboration with their vendors, should plan a robust incident response and recovery strategy that allows for continuous monitoring to detect and respond to cyber threats in near real-time. This entails regular communication, conducting drills, and updating cybersecurity measures.
So it’s clear that the G7’s efforts to put in place a Joint Cybersecurity Framework and the new Supply Chain Cybersecurity Principles from the U.S. Department of Energy are very much a step in the right direction towards the security and resilience of the global energy system. Taken together, the G7 countries want to improve the energy environment so that it’s safer for all, not just manufacturers and operators, but for the general public.
Industrial Cyber reached out to industrial cybersecurity experts to explore the factors that led to the launch of a global effort to strengthen energy supply chain cybersecurity, and also highlighted the current cybersecurity threats facing the energy supply chain.
Paul Griswold, chief product officer, cybersecurity, Honeywell Connected Enterprise (HCE)
“At last month’s 50th G7 Summit, leaders committed to focusing on building cyber-resilient democratic societies, and part of that focus includes energy as the engine of our economy,” Paul Griswold, chief product officer for cybersecurity at Honeywell Connected Enterprise (HCE), told Industrial Cyber. “Yet we continue to see an increase in cybersecurity intrusions and attacks, particularly through malware, against the energy sector and supply chains, which have the potential to cause significant economic disruption.”
Gadjen Kandiah, President and Chief Operating Officer, Hitachi Digital Corporation
Gajen Kandia, president and COO of Hitachi Digital, chairman of Hitachi Cyber and deputy general manager of Hitachi’s AI Transformation division, told Industrial Cyber that cyber attacks in the energy sector are increasing in frequency and sophistication, from ransomware attacks that halt operations and cyber espionage aimed at stealing confidential information, to cyber attacks aimed at disrupting or disrupting energy production.
“Furthermore, the growing digitalization of the industry that is modernizing and transforming energy supply, and the resulting interconnectedness of modern energy infrastructure, further increase cybersecurity risks, as a breach in one area can spread to others, making the entire system vulnerable to widespread disruptions,” he added.
The executives highlighted the initiative’s key goals and objectives and discussed the main challenges in coordinating global cybersecurity efforts for the energy supply chain.
Griswold said members of the initiative intend to strengthen cybersecurity and build resilience in the energy sector, using systems in key areas such as extraction, production and distribution. “This will include developing a comprehensive cybersecurity framework aligned to the energy supply chain, which will establish best practices for the sector and protect OT assets while ensuring compliance with relevant cybersecurity standards and regulations.”
He added that a major challenge is that the energy sector is highly complex and interconnected across borders: “Not only that, but companies have highly complex energy ICS with parts produced from suppliers around the world, increasing the risk of vulnerabilities and complicating software supply chains.”
“The White House’s global effort seeks to establish a comprehensive cybersecurity framework and principles for operational technologies for both manufacturers and operators, building on existing efforts to strengthen and protect critical energy supply chains,” Candia noted. “The Department of Energy’s Supply Chain Cybersecurity Principles, released in mid-June, seek to promote and advance best practices, facilitate threat information sharing, foster international cooperation, and provide robust incident response strategies.”
He added that the biggest challenge lies in aligning the diverse interests and capabilities of different stakeholders: “There’s also the issue of keeping up with rapidly evolving cyber threats and ensuring that all parts of the supply chain ecosystem have the resources and knowledge they need to maintain strong cybersecurity defenses.”
Executives explained how the effort will address vulnerabilities in the energy supply chain and also shared plans for training and resources companies can use to strengthen their cybersecurity posture.
“A key way is to increase the level of cooperation by establishing a new G7 cybersecurity working group,” Griswold said. “G7 governments have committed to encouraging manufacturers to build more secure products and solutions.”
Kandia said the initiative will employ risk assessments, implement advanced cybersecurity techniques and conduct regular audits to address vulnerabilities. “Training will be provided on threat detection, incident response and cybersecurity best practices. Additionally, toolkits and guidelines will be provided and access to a global network of cybersecurity experts will be provided to help organizations improve their security posture,” he added.
Executives discussed the technologies and innovations currently being used to strengthen cybersecurity across the energy supply chain, including metrics to measure success over the long term.
Griswold noted that many companies are deploying advanced monitoring and detection solutions from established cybersecurity vendors that are increasingly leveraging AI to detect threats and streamline cyber operations. “The G7 also wants to foster the development, adoption and awareness of cyber-safe Internet of Things (IoT) solutions in the energy sector,” he added.
“The initiative involves using technologies such as real-time monitoring and anomaly detection, as well as AI, machine learning, blockchain and advanced cryptography to detect and mitigate threats,” Candia noted. “Criteria for evaluation include reduction in the success rate of cyber attacks, speed of threat detection and response, compliance with cybersecurity frameworks and an overall improvement in cybersecurity maturity across the energy sector.”
The officials highlighted how the initiative plans to stay ahead of evolving cyber threats and discussed the importance of international cooperation and collaboration to the initiative’s success.
“At the same time that the G7 announced its global initiative, other countries announced the expansion of their national programs,” Griswold noted. “The U.S. Department of Energy released new supply chain cybersecurity principles that focus on best practices for ensuring strong cybersecurity in the energy sector, specifically in ICS and supply chains.”
“While we will see complementary principles in some countries, we believe sharing similar practices will enhance cooperation,” he added.
Kandia recognised the importance of a dynamic and proactive approach to cybersecurity to stay ahead of evolving cyber threats, ranging from continuous monitoring of the threat landscape and regular updating of cybersecurity practices and technologies, to continuous innovation in cybersecurity solutions and training of stakeholders.
International cooperation, especially around threat information, joint training exercises and harmonization of cybersecurity standards, is crucial to foster a unified approach and ensure the success of this effort, he added.
