At a glance.
- The importance of public-private partnership.
- US FBI requests a cyber budget increase.
The importance of public-private partnership.
This week at the World Economic Forum Annual Meeting 2022, eighteen global oil and gas organizations signed a Cyber Resilience Pledge vowing to work together to improve the cyber resilience of their industry. The goal of the agreement, supported by the World Economic Forum’s Cyber Resilience in Oil and Gas initiative, is to “empower organizations to take concrete steps to enhance cyber resilience across their industry” through cultivating a resilience-by-design culture. The World Economic Forum reports that the organizations taking the pledge are Aker ASA, Aker BP, Aramco, Check Point Software Technologies, Claroty, Cognite, Dragos, Ecopetrol, Eni, EnQuest, Galp, Global Resilience Federation, Maire Tecnimont, Occidental Petroleum, OT-ISAC, Petronas, Repsol, and Suncor
Alexander Klimburg, Head of the World Economic Forum’s Centre for Cybersecurity, stated, “First endorsed by key CEOs in the oil and gas value chain, the Cyber Resilience Pledge is a landmark step as it signals recognition of the complexities of building a cyber-resilient industry ecosystem and a commitment towards collective action to achieve it. The World Economic Forum Centre for Cybersecurity is proud to have led this effort in conjunction with our partners. We look forward to scaling the pledge to other industries in the future.” Amin H. Nasser, CEO of Saudi Aramco adds, “As the world deepens its digital footprint, cyber threats are becoming more sophisticated. But one company, working alone, is effectively like locking the front gate while leaving the back door wide open.”
In related news, Accenture has just released its "State of Cybersecurity Resilience 2021" report, and the data indicate that CEOs need to do more to protect their businesses from cyberthreats. The report shows there were, on average, 270 attacks per company last year, a 31% increase over 2020, SecurityBrief Asia reports. The number of successful breaches through the supply chain increased from 44% to 61%, indicating a rise in third-party leaks.
The report identifies four business categories based on their approach to cyber resilience: Business Blockers, who prioritize cyber resilience over business strategy; the Vulnerable, who exercise lack of care and minimal security; Cyber Risk Takers, who accept high cyber risk to align with business strategy; and Cyber Champions, who strike a perfect balance of cyber resilience and business objectives, and as a result experienced the lowest number of attacks. Approximately half of the CEOs/CFOs surveyed say siloed responsibilities and unclear accountability challenge their companies’ cybersecurity goals. The takeaways are that a broader, more inclusive approach to cybersecurity must be taken, that organizations must invest in cybersecurity in line with their business goals with more involvement from CEOs.
FBI requests budget increase for cybersecurity law enforcement.
On Wednesday US Federal Bureau of Investigation (FBI) Director Christopher Wray asked Congress for an additional $106 million in its fiscal 2023 budget to fight cyber threats, CyberScoop reports. The funding, Wray explained, would go toward fighting threats from foreign intelligence services and international and domestic terrorism, as well as upgrading IT in order to process the FBI’s ever-increasing investigation-related data. Wray explained, “It is not uncommon for FBI investigations to generate more than one terabyte of data per day, an amount that could normally take two days to transit FBI networks at current bandwidth levels.” The FBI hopes to spend $52 million to add 137 bureau positions focused on cyber information-sharing abilities and improving cyber tools. “Throughout these last two years, the FBI has seen a wider-than-ever range of cyber actors threaten Americans’ safety, security, and confidence in our digitally connected world,” Wray told the Senate Appropriations Committee Subcommittee on Commerce, Justice, Science and Related Agencies. He also noted that the FBI has taken over 1,100 actions against cyber adversaries, worth noting considering that on Tuesday Democrats from the Senate Homeland Security and Governmental Affairs Committee issued a report criticizing the FBI and the Department of Homeland Security for their failure to effectively support ransomware victims.