Documente Academic
Documente Profesional
Documente Cultură
Why it happened
The attempted reloads of the FCS via the EWS were unsuccessful due to malware infecting the EWS.
The EWS was not protected by appropriate antivirus software. It was found that installation of antivirus and
system hardening was not specified in the contractor’s commissioning scope of work.
Incident #2 – PCD Vendor Ransomware Incident
What happened
In March 2016, a third-party vendor PCD laptop was being used for general office
purposes when it was infected with the Cerber Ransomware. This virus encrypted the files
on the laptop and told the user that they could buy the special software needed to restore
them. Shell provided a replacement laptop and rebuilt the system using recent backups.
No ransom was paid.
Why it happened
Ransomware was activated when the user opened an email attachment.
Figure 2 – Ransom note
Laptop had operating system patches and a freeware antivirus application installed
that did not meet Shell requirements.
Why it Happened
The cybersecurity virus was introduced into the PCD system via USB stick/flash drive.
The USB stick/flash drive had been scanned, but the PCD antivirus software did not detect the virus. The virus
infected additional systems due to the time it took to recognize the problem and escalate via the correct
channels to get an appropriate response.
Lessons learned
Restricting portable media and computer use is the most effective control against malware infections of the PCD.
o Follow site procedures for the appropriate use of USB stick/flash drives in the PCD.
o Involve site PCD site focal point anytime someone wants to connect portable media or computers to the
PCD.
o Consider using dedicated portable media for the sole purpose of file transfer within the PCD.
The threat environment is constantly evolving and changing with the development of new viruses and malware.
We need to be ever-vigilant for these new threats and how to recover quickly from them.
Any suspected or actual PCD IT Security incidents should be reported through your PCD site focal point.
For new systems, commissioning should verify that the latest antivirus and systems patches are installed.
Handover from a project to a run and maintain organisation should highlight the need to maintain the antivirus
software and system patches.
Further information
Learning Materials - to open in pdf, right click on the paper clip near the icon and select ‘open file’
PCD-IT Security page in the Manufacturing Management System (MMS) includes a PCD Security Gemba Card
Think Secure for PCD Shell Open University Course # 00198396
Think Secure Safety Standstill – includes a 4 minute video and discussion package for an engagement
Think Secure Ambassador information
PCD IT Security Knowledge Portal
SecurePlant Cyber Security Management SharePoint including additional training
DSM PCD IT Security Community of Practice SharePoint (restricted access)
Manufacturing PCD Programme Excellence Manager
Manufacturing LFI Coordinator