We recognize that cyberattacks represent a potentially significant risk to our company and industry.
Cybersecurity is overseen by Cheniere’s vice president and chief security risk officer (VP-CSRO), and our chief information security officer (CISO) manages the technology security team. This team is responsible for maintaining our technology defense posture and program, educating and informing Cheniere’s users about information security risks and how best to avoid them, and for developing end-to-end incident response and recovery plans throughout the company. Our VP-CSRO and CISO report risk mitigation activities and cybersecurity issues and performance to the Board on a quarterly basis.
Cheniere’s Information Technology Security Policy follows an “identify, assess and mitigate” approach to cybersecurity, in alignment with the National Institute of Standards and Technology’s Cybersecurity Framework. We conduct regular internal audits, cross-functional risk mitigation exercises and risk strategy sessions to assess cybersecurity threats, applicable regulatory requirements and industry standards. To support these efforts, we contract with third parties to perform facility and system penetration tests, compromise assessments and security maturity assessments of both our corporate and operational networks. Cheniere also maintains a comprehensive cybersecurity training program to proactively help our personnel identify and assist in mitigating cyber and data security threats.