© 2016 Chevron Corporation – Company Confidential
Michael J. Lewis Policy and Framework Advisor
Chevron June 22, 2016
Cybersecurity Foundations for Oil and Natural Gas
2
Light blue 0-157-217
Mid blue 0-102-178
Dark blue 11-45-113
Light teal 0-178-189
Mid teal 0-112-140
Dark teal 0-54-83
Light green 178-204-52
Mid green 118-146-49
Dark green 68-75-13
Light red 226-24-54
Mid red 151-0-46
Dark red 88-0-28
Light orange 250-171-24
Mid orange 229-96-31
Dark orange 113-27-0
Light purple 186-48-147
Mid purple 117-18-105
Dark purple 58-13-54
Light gray 219-220-221
Mid gray 140-143-147
Dark gray 107-109-111
Warm color family R-G-B
Cool color family R-G-B
Use the color picker or type in the RGB values to select color. Do not use tints from the color palette.
Background gray 237-237-238
© 2016 Chevron Corporation – Company Confidential
This document is intended only for use by Chevron for presentation at the Cyber Security for Process Control Remove Oil and Gas Assets conference held June 22-23, for inclusion in conference handouts to attendees, and for posting on the conference website. No portion of this document may be copied, displayed, distributed, reproduced, published, sold, licensed, downloaded, or used to create a derivative work, unless the use has been specifically authorized by Chevron in writing.
2
TERMS OF USE
3
Light blue 0-157-217
Mid blue 0-102-178
Dark blue 11-45-113
Light teal 0-178-189
Mid teal 0-112-140
Dark teal 0-54-83
Light green 178-204-52
Mid green 118-146-49
Dark green 68-75-13
Light red 226-24-54
Mid red 151-0-46
Dark red 88-0-28
Light orange 250-171-24
Mid orange 229-96-31
Dark orange 113-27-0
Light purple 186-48-147
Mid purple 117-18-105
Dark purple 58-13-54
Light gray 219-220-221
Mid gray 140-143-147
Dark gray 107-109-111
Warm color family R-G-B
Cool color family R-G-B
Use the color picker or type in the RGB values to select color. Do not use tints from the color palette.
Background gray 237-237-238
© 2016 Chevron Corporation – Company Confidential
Topics
• Cybersecurity issues for Oil and Natural Gas
• Cybersecurity threat environment
• Threat actors
• Threat vectors
• Cybersecurity principles
• Questions & answers
4
Light blue 0-157-217
Mid blue 0-102-178
Dark blue 11-45-113
Light teal 0-178-189
Mid teal 0-112-140
Dark teal 0-54-83
Light green 178-204-52
Mid green 118-146-49
Dark green 68-75-13
Light red 226-24-54
Mid red 151-0-46
Dark red 88-0-28
Light orange 250-171-24
Mid orange 229-96-31
Dark orange 113-27-0
Light purple 186-48-147
Mid purple 117-18-105
Dark purple 58-13-54
Light gray 219-220-221
Mid gray 140-143-147
Dark gray 107-109-111
Warm color family R-G-B
Cool color family R-G-B
Use the color picker or type in the RGB values to select color. Do not use tints from the color palette.
Background gray 237-237-238
© 2016 Chevron Corporation – Company Confidential
cybersecurity issues for oil and natural gas
cyber security for process control remote oil and gas assets 2016
5
Light blue 0-157-217
Mid blue 0-102-178
Dark blue 11-45-113
Light teal 0-178-189
Mid teal 0-112-140
Dark teal 0-54-83
Light green 178-204-52
Mid green 118-146-49
Dark green 68-75-13
Light red 226-24-54
Mid red 151-0-46
Dark red 88-0-28
Light orange 250-171-24
Mid orange 229-96-31
Dark orange 113-27-0
Light purple 186-48-147
Mid purple 117-18-105
Dark purple 58-13-54
Light gray 219-220-221
Mid gray 140-143-147
Dark gray 107-109-111
Warm color family R-G-B
Cool color family R-G-B
Use the color picker or type in the RGB values to select color. Do not use tints from the color palette.
Background gray 237-237-238
© 2016 Chevron Corporation – Company Confidential
“Keep the bad guys out”
6
Light blue 0-157-217
Mid blue 0-102-178
Dark blue 11-45-113
Light teal 0-178-189
Mid teal 0-112-140
Dark teal 0-54-83
Light green 178-204-52
Mid green 118-146-49
Dark green 68-75-13
Light red 226-24-54
Mid red 151-0-46
Dark red 88-0-28
Light orange 250-171-24
Mid orange 229-96-31
Dark orange 113-27-0
Light purple 186-48-147
Mid purple 117-18-105
Dark purple 58-13-54
Light gray 219-220-221
Mid gray 140-143-147
Dark gray 107-109-111
Warm color family R-G-B
Cool color family R-G-B
Use the color picker or type in the RGB values to select color. Do not use tints from the color palette.
Background gray 237-237-238
© 2016 Chevron Corporation – Company Confidential
• Oil and natural gas (ONG) business models
• Regulation
• Technology
• Threats
“The times they are a-changin’ ”
7
Light blue 0-157-217
Mid blue 0-102-178
Dark blue 11-45-113
Light teal 0-178-189
Mid teal 0-112-140
Dark teal 0-54-83
Light green 178-204-52
Mid green 118-146-49
Dark green 68-75-13
Light red 226-24-54
Mid red 151-0-46
Dark red 88-0-28
Light orange 250-171-24
Mid orange 229-96-31
Dark orange 113-27-0
Light purple 186-48-147
Mid purple 117-18-105
Dark purple 58-13-54
Light gray 219-220-221
Mid gray 140-143-147
Dark gray 107-109-111
Warm color family R-G-B
Cool color family R-G-B
Use the color picker or type in the RGB values to select color. Do not use tints from the color palette.
Background gray 237-237-238
© 2016 Chevron Corporation – Company Confidential
• Joint ventures and partnerships
• Specialized computing environments
• Process control
• Supervisory control and data acquisition (SCADA)
• Exotic environments
Information security challenges Oil and natural gas business models
8
Light blue 0-157-217
Mid blue 0-102-178
Dark blue 11-45-113
Light teal 0-178-189
Mid teal 0-112-140
Dark teal 0-54-83
Light green 178-204-52
Mid green 118-146-49
Dark green 68-75-13
Light red 226-24-54
Mid red 151-0-46
Dark red 88-0-28
Light orange 250-171-24
Mid orange 229-96-31
Dark orange 113-27-0
Light purple 186-48-147
Mid purple 117-18-105
Dark purple 58-13-54
Light gray 219-220-221
Mid gray 140-143-147
Dark gray 107-109-111
Warm color family R-G-B
Cool color family R-G-B
Use the color picker or type in the RGB values to select color. Do not use tints from the color palette.
Background gray 237-237-238
© 2016 Chevron Corporation – Company Confidential
• Sarbanes-Oxley (2002) • State data breach notification laws
(first in 2002) • Homeland Security Presidential
Directive HSPD-7 • Chemical Facility Anti-Terrorism
Standards (CFATS) (2007) • Transportation Security Administration
(TSA) Pipeline Security Guidelines (2008)
• Federal Energy Regulatory Commission (FERC) Critical Infrastructure Protection (CIP) (2008)
• Department of Energy (DOE) ONG Cybersecurity Capability Maturity Model (C2M2) (2012)
• National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity (2014)
• State of the Union proposals (Information sharing/Data Breach Notification) (2015)
• Cybersecurity Information Sharing Act (2015)
• Etc. Etc. Etc. Etc…………………
Cybersecurity regulation Oil and natural gas Industry
9
Light blue 0-157-217
Mid blue 0-102-178
Dark blue 11-45-113
Light teal 0-178-189
Mid teal 0-112-140
Dark teal 0-54-83
Light green 178-204-52
Mid green 118-146-49
Dark green 68-75-13
Light red 226-24-54
Mid red 151-0-46
Dark red 88-0-28
Light orange 250-171-24
Mid orange 229-96-31
Dark orange 113-27-0
Light purple 186-48-147
Mid purple 117-18-105
Dark purple 58-13-54
Light gray 219-220-221
Mid gray 140-143-147
Dark gray 107-109-111
Warm color family R-G-B
Cool color family R-G-B
Use the color picker or type in the RGB values to select color. Do not use tints from the color palette.
Background gray 237-237-238
© 2016 Chevron Corporation – Company Confidential
• Privacy
• Localization
• International Standards
– IEC 62443
– ISO 27000
• In progress European Union work
– Network and Information Security Directive
– Data Protection regulation
Cybersecurity regulation Oil and natural gas industry
10
Light blue 0-157-217
Mid blue 0-102-178
Dark blue 11-45-113
Light teal 0-178-189
Mid teal 0-112-140
Dark teal 0-54-83
Light green 178-204-52
Mid green 118-146-49
Dark green 68-75-13
Light red 226-24-54
Mid red 151-0-46
Dark red 88-0-28
Light orange 250-171-24
Mid orange 229-96-31
Dark orange 113-27-0
Light purple 186-48-147
Mid purple 117-18-105
Dark purple 58-13-54
Light gray 219-220-221
Mid gray 140-143-147
Dark gray 107-109-111
Warm color family R-G-B
Cool color family R-G-B
Use the color picker or type in the RGB values to select color. Do not use tints from the color palette.
Background gray 237-237-238
© 2016 Chevron Corporation – Company Confidential
Technology shifts
In 2005, a “cloud” was a meteorological event
11
Light blue 0-157-217
Mid blue 0-102-178
Dark blue 11-45-113
Light teal 0-178-189
Mid teal 0-112-140
Dark teal 0-54-83
Light green 178-204-52
Mid green 118-146-49
Dark green 68-75-13
Light red 226-24-54
Mid red 151-0-46
Dark red 88-0-28
Light orange 250-171-24
Mid orange 229-96-31
Dark orange 113-27-0
Light purple 186-48-147
Mid purple 117-18-105
Dark purple 58-13-54
Light gray 219-220-221
Mid gray 140-143-147
Dark gray 107-109-111
Warm color family R-G-B
Cool color family R-G-B
Use the color picker or type in the RGB values to select color. Do not use tints from the color palette.
Background gray 237-237-238
© 2016 Chevron Corporation – Company Confidential
Technology shifts
In 2005, the only thing that “tweeted” were birds
12
Light blue 0-157-217
Mid blue 0-102-178
Dark blue 11-45-113
Light teal 0-178-189
Mid teal 0-112-140
Dark teal 0-54-83
Light green 178-204-52
Mid green 118-146-49
Dark green 68-75-13
Light red 226-24-54
Mid red 151-0-46
Dark red 88-0-28
Light orange 250-171-24
Mid orange 229-96-31
Dark orange 113-27-0
Light purple 186-48-147
Mid purple 117-18-105
Dark purple 58-13-54
Light gray 219-220-221
Mid gray 140-143-147
Dark gray 107-109-111
Warm color family R-G-B
Cool color family R-G-B
Use the color picker or type in the RGB values to select color. Do not use tints from the color palette.
Background gray 237-237-238
© 2016 Chevron Corporation – Company Confidential
Technology shifts
In 2005, tablets were made of paper
13
Light blue 0-157-217
Mid blue 0-102-178
Dark blue 11-45-113
Light teal 0-178-189
Mid teal 0-112-140
Dark teal 0-54-83
Light green 178-204-52
Mid green 118-146-49
Dark green 68-75-13
Light red 226-24-54
Mid red 151-0-46
Dark red 88-0-28
Light orange 250-171-24
Mid orange 229-96-31
Dark orange 113-27-0
Light purple 186-48-147
Mid purple 117-18-105
Dark purple 58-13-54
Light gray 219-220-221
Mid gray 140-143-147
Dark gray 107-109-111
Warm color family R-G-B
Cool color family R-G-B
Use the color picker or type in the RGB values to select color. Do not use tints from the color palette.
Background gray 237-237-238
© 2016 Chevron Corporation – Company Confidential
Technology shifts
• Cloud computing
• Social media
• Mobility
• Internet of things
14
Light blue 0-157-217
Mid blue 0-102-178
Dark blue 11-45-113
Light teal 0-178-189
Mid teal 0-112-140
Dark teal 0-54-83
Light green 178-204-52
Mid green 118-146-49
Dark green 68-75-13
Light red 226-24-54
Mid red 151-0-46
Dark red 88-0-28
Light orange 250-171-24
Mid orange 229-96-31
Dark orange 113-27-0
Light purple 186-48-147
Mid purple 117-18-105
Dark purple 58-13-54
Light gray 219-220-221
Mid gray 140-143-147
Dark gray 107-109-111
Warm color family R-G-B
Cool color family R-G-B
Use the color picker or type in the RGB values to select color. Do not use tints from the color palette.
Background gray 237-237-238
© 2016 Chevron Corporation – Company Confidential
cybersecurity threat environment cyber security for process control remote oil and gas assets 2016
15
Light blue 0-157-217
Mid blue 0-102-178
Dark blue 11-45-113
Light teal 0-178-189
Mid teal 0-112-140
Dark teal 0-54-83
Light green 178-204-52
Mid green 118-146-49
Dark green 68-75-13
Light red 226-24-54
Mid red 151-0-46
Dark red 88-0-28
Light orange 250-171-24
Mid orange 229-96-31
Dark orange 113-27-0
Light purple 186-48-147
Mid purple 117-18-105
Dark purple 58-13-54
Light gray 219-220-221
Mid gray 140-143-147
Dark gray 107-109-111
Warm color family R-G-B
Cool color family R-G-B
Use the color picker or type in the RGB values to select color. Do not use tints from the color palette.
Background gray 237-237-238
© 2016 Chevron Corporation – Company Confidential
A botnet (Conficker) infected millions of new PCs for 3 years after it was ‘suppressed’
- Gregg Keizer, Computerworld (April 26, 2012)
The New York Times and The Washington Post have been victims of cyber-intrusions
- Craig Timberg and Ellen Nakashima, The Washington Post (February 20, 2013)
Millions of Target customers were impacted by the Target data breach
- Jia Lynn Yang and Amrita Jayakumar, The Washington Post (January 10, 2014)
Sony Suffers Highly Public Data Breach, Reportedly Connected to North Korea
- Keller and Heckman Privacy and Information Security Update prepared for API (November 2014)
Office of Personnel Management (OPM) exposes 21.5 million social security numbers
- OPM Press Release (July 2015)
2016 ???
And finally, we get to threats
16
Light blue 0-157-217
Mid blue 0-102-178
Dark blue 11-45-113
Light teal 0-178-189
Mid teal 0-112-140
Dark teal 0-54-83
Light green 178-204-52
Mid green 118-146-49
Dark green 68-75-13
Light red 226-24-54
Mid red 151-0-46
Dark red 88-0-28
Light orange 250-171-24
Mid orange 229-96-31
Dark orange 113-27-0
Light purple 186-48-147
Mid purple 117-18-105
Dark purple 58-13-54
Light gray 219-220-221
Mid gray 140-143-147
Dark gray 107-109-111
Warm color family R-G-B
Cool color family R-G-B
Use the color picker or type in the RGB values to select color. Do not use tints from the color palette.
Background gray 237-237-238
© 2016 Chevron Corporation – Company Confidential
Not just hype The threat is real to oil and natural gas
US National Counterintelligence Executive Report (October 2011) • “The pace of foreign economic collection and industrial espionage activities against
major US corporations and US Government agencies is accelerating.” • Energy and natural resources companies are among those likely to be “priority targets”
Documented attacks/threats • Tripwire/Dimensional Research Study (2016)
• 82% of respondents have seen an increase is successful cyberattacks over 2015 • 53% of respondents indicated rate of attacks has increased between 50 and 100 per
cent • ICS-CERT Statistics (2015)
• 295 incidents involving critical infrastructure in 2015, 50 more than 2014 • Over 46% of incidents were in energy sector
• Destructive attacks • Shamoon (Saudi Aramco/Qatar RasGas – 2012)
• Stuxnet • Ukraine Power Incident (December 2015)
17
Light blue 0-157-217
Mid blue 0-102-178
Dark blue 11-45-113
Light teal 0-178-189
Mid teal 0-112-140
Dark teal 0-54-83
Light green 178-204-52
Mid green 118-146-49
Dark green 68-75-13
Light red 226-24-54
Mid red 151-0-46
Dark red 88-0-28
Light orange 250-171-24
Mid orange 229-96-31
Dark orange 113-27-0
Light purple 186-48-147
Mid purple 117-18-105
Dark purple 58-13-54
Light gray 219-220-221
Mid gray 140-143-147
Dark gray 107-109-111
Warm color family R-G-B
Cool color family R-G-B
Use the color picker or type in the RGB values to select color. Do not use tints from the color palette.
Background gray 237-237-238
© 2016 Chevron Corporation – Company Confidential
Threat actors and characteristics External Nation-State
• Objectives:
§ Intellectual Property
§ Destruction (CyberWar)
• Highly skilled
• Long-term focus
Hacktivist • Objectives:
• Brand damage
• Mayhem
• Moderately skilled
• Short-term focus
Organized crime • Objective: Financial gain
through illicit activities
• Highly skilled
• Short-term focus
Opportunist • Objectives
• Financial gain
• Thrill
• Low skills
• Short-term focus
Internal Malicious insider
• Objectives:
• Intellectual Property
• Financial gain
• Skills vary (because they may have authorized access to the data)
• Focus may be long or short
Non-malicious insider • Objectives: none (action is unintentional)
• No skill or focus (accident)
• Examples
• Inadvertent Email
• Lost mobile devices
18
Light blue 0-157-217
Mid blue 0-102-178
Dark blue 11-45-113
Light teal 0-178-189
Mid teal 0-112-140
Dark teal 0-54-83
Light green 178-204-52
Mid green 118-146-49
Dark green 68-75-13
Light red 226-24-54
Mid red 151-0-46
Dark red 88-0-28
Light orange 250-171-24
Mid orange 229-96-31
Dark orange 113-27-0
Light purple 186-48-147
Mid purple 117-18-105
Dark purple 58-13-54
Light gray 219-220-221
Mid gray 140-143-147
Dark gray 107-109-111
Warm color family R-G-B
Cool color family R-G-B
Use the color picker or type in the RGB values to select color. Do not use tints from the color palette.
Background gray 237-237-238
© 2016 Chevron Corporation – Company Confidential
Top threats to process control (according to German Federal Office of Information Security (BSI))
• Primary attack vectors – Malware Infection via Internet and Intranet – Introduction of Malware on Removable Media and External Hardware – Social Engineering – Human Error and Sabotage – Intrusion via Remote Access – Control Components Connected to the Internet† – Technical Malfunctions and Force Majeure – Compromising of Smartphones in the Production Environment† – Compromising of Extranet and Cloud Components† – (D)DoS Attacks
• Subsequent attacks : – Escalation of privilege – Unauthorized access to additional internal systems. – Manipulation of fieldbus communication – Manipulation of network components: https://www.allianz-fuer-cybersicherheit.de/ACS/DE/_/downloads/BSI-CS_005E.pdf?__blob=publicationFile&v=2
19
Light blue 0-157-217
Mid blue 0-102-178
Dark blue 11-45-113
Light teal 0-178-189
Mid teal 0-112-140
Dark teal 0-54-83
Light green 178-204-52
Mid green 118-146-49
Dark green 68-75-13
Light red 226-24-54
Mid red 151-0-46
Dark red 88-0-28
Light orange 250-171-24
Mid orange 229-96-31
Dark orange 113-27-0
Light purple 186-48-147
Mid purple 117-18-105
Dark purple 58-13-54
Light gray 219-220-221
Mid gray 140-143-147
Dark gray 107-109-111
Warm color family R-G-B
Cool color family R-G-B
Use the color picker or type in the RGB values to select color. Do not use tints from the color palette.
Background gray 237-237-238
© 2016 Chevron Corporation – Company Confidential
cybersecurity principles Cyber Security for Process Control Remote Oil and Gas Assets 2016
20
Light blue 0-157-217
Mid blue 0-102-178
Dark blue 11-45-113
Light teal 0-178-189
Mid teal 0-112-140
Dark teal 0-54-83
Light green 178-204-52
Mid green 118-146-49
Dark green 68-75-13
Light red 226-24-54
Mid red 151-0-46
Dark red 88-0-28
Light orange 250-171-24
Mid orange 229-96-31
Dark orange 113-27-0
Light purple 186-48-147
Mid purple 117-18-105
Dark purple 58-13-54
Light gray 219-220-221
Mid gray 140-143-147
Dark gray 107-109-111
Warm color family R-G-B
Cool color family R-G-B
Use the color picker or type in the RGB values to select color. Do not use tints from the color palette.
Background gray 237-237-238
© 2016 Chevron Corporation – Company Confidential
Align protections to value and risk
Courtesy Ronald Reagan Library
21
Light blue 0-157-217
Mid blue 0-102-178
Dark blue 11-45-113
Light teal 0-178-189
Mid teal 0-112-140
Dark teal 0-54-83
Light green 178-204-52
Mid green 118-146-49
Dark green 68-75-13
Light red 226-24-54
Mid red 151-0-46
Dark red 88-0-28
Light orange 250-171-24
Mid orange 229-96-31
Dark orange 113-27-0
Light purple 186-48-147
Mid purple 117-18-105
Dark purple 58-13-54
Light gray 219-220-221
Mid gray 140-143-147
Dark gray 107-109-111
Warm color family R-G-B
Cool color family R-G-B
Use the color picker or type in the RGB values to select color. Do not use tints from the color palette.
Background gray 237-237-238
© 2016 Chevron Corporation – Company Confidential
Promote defense-in-depth design for resiliency
http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf
PROTECT
DETECT
RESPOND
IDENTIFY
RECOVER
22
Light blue 0-157-217
Mid blue 0-102-178
Dark blue 11-45-113
Light teal 0-178-189
Mid teal 0-112-140
Dark teal 0-54-83
Light green 178-204-52
Mid green 118-146-49
Dark green 68-75-13
Light red 226-24-54
Mid red 151-0-46
Dark red 88-0-28
Light orange 250-171-24
Mid orange 229-96-31
Dark orange 113-27-0
Light purple 186-48-147
Mid purple 117-18-105
Dark purple 58-13-54
Light gray 219-220-221
Mid gray 140-143-147
Dark gray 107-109-111
Warm color family R-G-B
Cool color family R-G-B
Use the color picker or type in the RGB values to select color. Do not use tints from the color palette.
Background gray 237-237-238
© 2016 Chevron Corporation – Company Confidential
Embrace partnerships
23
Light blue 0-157-217
Mid blue 0-102-178
Dark blue 11-45-113
Light teal 0-178-189
Mid teal 0-112-140
Dark teal 0-54-83
Light green 178-204-52
Mid green 118-146-49
Dark green 68-75-13
Light red 226-24-54
Mid red 151-0-46
Dark red 88-0-28
Light orange 250-171-24
Mid orange 229-96-31
Dark orange 113-27-0
Light purple 186-48-147
Mid purple 117-18-105
Dark purple 58-13-54
Light gray 219-220-221
Mid gray 140-143-147
Dark gray 107-109-111
Warm color family R-G-B
Cool color family R-G-B
Use the color picker or type in the RGB values to select color. Do not use tints from the color palette.
Background gray 237-237-238
© 2016 Chevron Corporation – Company Confidential
Secure the Natural Path
24
Light blue 0-157-217
Mid blue 0-102-178
Dark blue 11-45-113
Light teal 0-178-189
Mid teal 0-112-140
Dark teal 0-54-83
Light green 178-204-52
Mid green 118-146-49
Dark green 68-75-13
Light red 226-24-54
Mid red 151-0-46
Dark red 88-0-28
Light orange 250-171-24
Mid orange 229-96-31
Dark orange 113-27-0
Light purple 186-48-147
Mid purple 117-18-105
Dark purple 58-13-54
Light gray 219-220-221
Mid gray 140-143-147
Dark gray 107-109-111
Warm color family R-G-B
Cool color family R-G-B
Use the color picker or type in the RGB values to select color. Do not use tints from the color palette.
Background gray 237-237-238
© 2016 Chevron Corporation – Company Confidential
Summary
• Cybersecurity issues for Oil and Natural Gas
• Cybersecurity threat environment
• Threat actors
• Threat vectors
• Cybersecurity principles
• Questions & answers
25
Light blue 0-157-217
Mid blue 0-102-178
Dark blue 11-45-113
Light teal 0-178-189
Mid teal 0-112-140
Dark teal 0-54-83
Light green 178-204-52
Mid green 118-146-49
Dark green 68-75-13
Light red 226-24-54
Mid red 151-0-46
Dark red 88-0-28
Light orange 250-171-24
Mid orange 229-96-31
Dark orange 113-27-0
Light purple 186-48-147
Mid purple 117-18-105
Dark purple 58-13-54
Light gray 219-220-221
Mid gray 140-143-147
Dark gray 107-109-111
Warm color family R-G-B
Cool color family R-G-B
Use the color picker or type in the RGB values to select color. Do not use tints from the color palette.
Background gray 237-237-238
© 2016 Chevron Corporation – Company Confidential
Resources
• Tripwire/Dimensional Security Study
• http://www.securityweek.com/oil-and-gas-industry-increasingly-hit-cyber-attacks-report
• http://www.tripwire.com/company/research/tripwire-2016-energy-survey-oil-and-gas/
• Heather MacKenzie; “Shamoon Malware and SCADA Security – What are the Impacts?”; Tofino Security; September 25, 2012; https://www.tofinosecurity.com/blog/shamoon-malware-and-scada-security-%E2%80%93-what-are-impacts
• ICS-CERT Monitor Report – November/December 2015; https://ics-cert.us-cert.gov/sites/default/files/Monitors/ICS-CERT_Monitor_Nov-Dec2015_S508C.pdf
• Industrial Control System Security: Top 10 Threats and Countermeasures 2014; BSI; https://www.allianz-fuer-cybersicherheit.de/ACS/DE/_/downloads/BSI-CS_005E.pdf?__blob=publicationFile&v=2
• Framework for Improving Critical Infrastructure Cybersecurity; NIST; http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf
26
Light blue 0-157-217
Mid blue 0-102-178
Dark blue 11-45-113
Light teal 0-178-189
Mid teal 0-112-140
Dark teal 0-54-83
Light green 178-204-52
Mid green 118-146-49
Dark green 68-75-13
Light red 226-24-54
Mid red 151-0-46
Dark red 88-0-28
Light orange 250-171-24
Mid orange 229-96-31
Dark orange 113-27-0
Light purple 186-48-147
Mid purple 117-18-105
Dark purple 58-13-54
Light gray 219-220-221
Mid gray 140-143-147
Dark gray 107-109-111
Warm color family R-G-B
Cool color family R-G-B
Use the color picker or type in the RGB values to select color. Do not use tints from the color palette.
Background gray 237-237-238
© 2016 Chevron Corporation – Company Confidential
questions? Cyber Security for Process Control Remote Oil and Gas Assets 2016