G7 countries vow to establish collective cybersecurity framework for operational tech

The Group of Seven (G7) countries have agreed to establish a collective cybersecurity framework around operational technologies for both manufacturers and operators, the White House announced Tuesday.

At last week’s summit in Italy, the gathered G7 leaders “committed to taking critical action to strengthen the cybersecurity of the global supply chain of key technologies used to manage and operate electricity, oil, and natural gas systems across the world,” National Security Advisor Jake Sullivan said.

The initiative seeks to address the continuous cyberattacks targeting energy systems around the world that are “vulnerable to disruption.”

“As new digital clean energy technologies are integrated, we must ensure they are cyber secure to prevent destruction or disruption in services,” Sullivan said.

Such attacks on energy companies — like the ransomware attack on Colonial Pipeline in the U.S. or other a variety of incidents involving energy companies in Europe — have continued to roil governments around the world and prompt regulations.

The G7 — made up of Italy, the United States, the United Kingdom, Germany, France, Canada, and Japan — discussed a range of issues at the summit related to cybersecurity, including ransomware, cyberattacks by the Chinese government, Russian attacks in Ukraineand the establishment of a newly created G7 Cybersecurity Working Group.

Within a lengthy G7 statementthe world leaders noted that the energy sector continues to be “heavily targeted by adversarial countries and criminals” with cyberattacks. They pledged to increase resilience and security while also encouraging manufacturers to build more secure products.

“To incentivize tech companies to build more secure Internet of Things products we will promptly explore avenues towards establishing mutual recognition of schemes for reliable cyber-safe products,” they said.

“We are willing to work with all those who share our common objective to ensure a cyberspace that supports inclusive and democratic societies, narrows the gender gap in this field, and promotes multi stakeholder partnerships, including with the private sector.”

The U.S. Department of Energy released a new set of Supply Chain Cybersecurity Principles on Tuesday backed by a handful of prominent suppliers and manufacturers serving the energy sector, including GE Vernova, Schneider Electric, Hitachi Energy, Honeywell, Schweitzer Engineering Laboratories, Rockwell Automation and Siemens.

The principles cover “foundational actions and approaches needed to deliver strong cybersecurity throughout the vast global supply chains that build energy automation and industrial control systems (ICS).”

The goal is to create an “enduring framework to drive best practices today, while informing international coordination to advance those practices into the future.”

“The Supply Chain Cybersecurity Principles are explicitly written to address points where both supplier and end-user actions are necessary to achieve the desired security outcomes,” the document explains.

“Our principles capture the mirror-image of responsibilities between both the supplier and user relationship—including relationships between manufacturers and their upstream suppliers.”

The principles were developed in coordination with industrial control systems manufacturers and owners, as well as international government agencies.