Cybersecurity

Woodside’s approach to cybersecurity remains multi-faceted and dynamic to reflect the changing cyber threat landscape.

IMPORTANT TOPIC

Responding to widespread, sustained cyber attacks and preventing breaches requires vigilance, layered security controls and a cyber aware mindset across Woodside

We have built a strong internal cyber capability that aims to protect our people, assets, reputation and brand.

Our approach1

Woodside’s approach to cybersecurity remains multi-faceted and dynamic to reflect the changing cyber threat landscape. Our cyber program includes focusing on protecting data and securely connecting Operational Technology while tightly managing, verifying and assuring vital systems.

We have built a strong internal cyber capability that aims to protect our people, assets, reputation and brand. We collaborate with peers, government and our partners to build and maintain the right culture, processes and technology.

Following the merger with BHP petroleum’s business, we have established a United States cyber hub and a global response capability. We continue to prioritise the safety and security of our people, assets, reputation and brand in all of our locations.

  1. This section refers to current intentions, plans or stated targets (where applicable). It also outlines information regarding our Management System and relevant processes and procedures. Where we refer to our activities without reference to a previous calendar year or using present tense, the relevant content may be updated from time to time at our discretion but no reliance should be placed by the reader on this page being up-to-date. We also recommend checking our Announcements page regarding our most recent business activities.
view larger image
view larger image view larger image
view larger image

Our performance1

Woodside responded to an increase in cyber related events in 2023. We reported six2 events to the Australian Cyber Security Centre (ACSC) in 2023, including one eligible disclosure to the Office of the Australian Information Commissioner (OIAC) relating to the breach of a third party supplier.

The reports provided to the ACSC were voluntary and the events did not result in any material business impact.

Woodside complied with all Security of Critical Infrastructure (SoCI) commitments and prepared a comprehensive risk management plan for our Australian assets. We reported our cybersecurity maturity for Information Technology and Operational Technology to the Australian Energy Market Operator for a third year, maintaining our maturity indicator levels in both domains.

Woodside maintains a watching brief on new legislation in the countries where we operate. We have seen, as expected, an increased government focus with legislative obligations on compliance to help prevent the loss or theft of personal and commercially sensitive information across all jurisdictions.

Operational Technology Cyber Security Incident Response Team

The Operational Technology Cyber Security Incident Response Team (CSIRT) capability is based on Woodside’s mature Information Technology CSIRT model and continues to be extended with the intent to be able to detect and respond rapidly, effectively and consistently to cyber incidents across our Operational Technology environment. The Operational CSIRT provided support to Australian asset turnaround activities, to increase the security of our assets. Importantly, they are given the same priority as the assets’ traditional emergency response capabilities in the event of a cyber event.

This enables recovery of Operational Technology systems as quickly as possible to limit any health, safety, environmental or financial impacts.

Cyber awareness

Our company wide cyber education and awareness continued to be expanded in 2023. Fundamental training for all Woodside personnel was refreshed and aligned to current threats, risks and best practices. Targeted role based training ensures all Information Technology Administrators are competent when working in our digital ecosystem. Tailored threat based briefings were delivered to senior leaders, executives and directors that gave context to current cyber threats and protective controls enabled across the environment.

Organisation wide events for Cybersecurity Awareness Month in October highlighted emerging digital threats and promoted four key cyber practices our workforce could take into their personal digital lives to uplift security.

Woodside’s Audit & Risk Committee of the Board has direct oversight of cybersecurity matters including evolving risk and business considerations.

  1. This section refers to our performance within a specific time period. Please note that the relevant year, where the activity applies, is stated where appropriate. Where we refer to our activities without reference to a previous calendar year or using present tense, the relevant content may be updated from time to time at our discretion but no reliance should be placed by the reader on this page being up-to-date. We also recommend checking our Announcements page regarding our most recent business activities.
  2. Any observable occurrence in a user’s activities, system, and/or network. Events can be used to identify indicators of attack.

Sustainability links

Click the links below to navigate through to more sustainability pages.

Sustainability Strategy and Plan
Materiality for sustainability topics
United Nations Sustainable Development Goals
Environment
Social
Governance
Sustainability Data Tables
Last updated: 1/02/2024 12:54:00 AM