G7 to Develop Cybersecurity Framework for Energy Sector
The G7 nations will develop a collective cybersecurity framework for operational technologies in energy systems, aimed at both manufacturers and operators.
US National Security Advisor Jake Sullivan announced the agreement at the G7 Leaders’ Summit in Apuliu on June 18.
The framework aims to strengthen the cybersecurity of the global supply chain of key technologies used to manage and operate electricity, oil and natural gas systems across the world.
Sullivan commented: “Energy systems around the world face continuous cyber-attacks and are vulnerable to disruption. As new digital clean energy technologies are integrated, we must ensure they are cyber secure to prevent destruction or disruption in services.”
The G7 is an intergovernmental political and economic forum consisting of some of the world’s largest economies – Canada, France, Germany, Italy, Japan, the UK and US.
US Releases Energy Supply Chain Security Principles
Coinciding with the G7 announcement, the US Department of Energy (DOE) released a new set of Supply Chain Cybersecurity Principles. These principles characterize the foundational actions and approaches needed to deliver strong cybersecurity throughout the vast global supply chains that build energy automation and industrial control systems (ICS).
The DOE noted that energy ICS are inherently complex, with a single product or system potentially containing hundreds of subcomponents sourced from suppliers and manufacturers across the globe.
“This creates a dense web of stakeholders that all play a role in the security and resilience of the resulting energy infrastructure. Security is inevitably a shared responsibility among the engineers, manufacturers, integrators, service providers, and system operators along a complex, global supply chain,” the DOE stated.
The principles condense a range of international cybersecurity regulations, frameworks and guidance into 20 high-level objectives energy suppliers and manufacturers can use to align best practices in supply chain cybersecurity.
These include secure development and implementation, lifecycle support and management and proactive vulnerability management.
The principles are already supported by a number of prominent suppliers and manufacturers serving the energy sector, including GE Vernova, Schneider Electric, Hitachi Energy, Honeywell, Schweitzer Engineering Laboratories, Rockwell Automation, Siemens and Siemens Energy.
Building on US Government Supply Chain Security Initiatives
The agreement at the G7 builds on US government efforts to strengthen supply chains critical to its economic and national security.
On June 14, 2024, President Joe Biden issued an Executive Order on White House Council on Supply Chain Resilience. This order set out the White House Council on Supply Chain Resilience’s role in coordinating and promoting Federal Government efforts to strengthen long-term supply chain resilience.
Supply chain security also forms a major part of the US National Cybersecurity Strategy, published in March 2023.