Skip to main content

Always on Guard


When we have a
better understanding
of the adversary’s
target, we can more
efficiently respond

Through Advanced Cybersecurity, Chevron’s Marisa Ruffolo Protects Vital Energy Infrastructure.

Chevron’s
Marisa Ruffolo

It’s before dawn as Marisa Ruffolo flows from one yoga pose to the next before heading off to work. Her mind is calm and singularly focused. The class is a kind of controlled endurance trial. It’s a fitting workout, especially the mental preparation, for the kinds of challenges she faces every day as a cybersecurity enterprise architect at Chevron.

Marisa is part of America’s Generation Energy: deploying technologies to support best-in-class cybersecurity standards, protocols and collaborations that safeguard industry and help maintain American energy leadership.

As the job title above suggests, Marisa is a designer and builder. Not of physical structures, but of solutions – measures to defeat cyberattacks targeting industry operations and intellectual property, from corporate offices to well pads to pipelines – which if successful could impact U.S. energy and national security. The threat never rests; neither do Marisa and her industry counterparts. “At some point you come to terms with the fact that the adversaries are out there, and that there will always be those who are looking to do you harm,” she says.

The digital solutions of the 21st century have increased the reliability, efficiency and safety of natural gas and oil operations to unprecedented levels. Advanced security means Americans can have reliable access to cleaner and more affordable energy options that power their modern lives.

With these benefits also come a growing number of cyber-based attacks on the operational technologies that monitor and control rigs, wells, pipelines and refineries.

Countering the threat are today’s industry cybersecurity professionals, who represent a diverse and well-trained cadre of specialists. Collectively, they protect the industrial control systems – the digital brains of physical assets – as well as the information technology, which stores and protects intellectual property and other corporate data, preventing energy disruptions that could harm national security and the public. All but gone are the days when hackers living in their parents’ basement dreamed up nuisance attacks for kicks.

“Sharing helps us better understand whether a threat is just focused on one company or is an industry-wide attack.”

According to Marisa, the modern hacker – or “adversary,” as they are known in cybersecurity circles – is as highly skilled, motivated and proficient as the experts assigned to protect against their attacks.

“Today’s hackers are educated engineers and computer science professionals who have been hired by nation states or cybercriminal organizations to develop attacks against companies and governments,” Marisa says.

Recognizing today’s realities, natural gas and oil companies recruit talented professionals to stay a step ahead in a cyber chess match that’s anything but a game. Marisa is one of the leaders in her field. An electrical engineer by training with a doctorate from Northwestern University, she spent seven years at a national laboratory, exploring the role of cybersecurity in national defense applications.

These days, well-educated cyber professionals have the attention of industry’s C-suite executives, helping natural gas and oil transition to a new, state-of-the-art level of preparedness. A number of corporate boards and executives are actively engaged with their growing cybersecurity departments as they execute defense-in-depth approaches to cyber protection. Marisa says that executives focus on cybersecurity because they see it as enterprise-wide risk management, placing it among the highest levels of corporate priorities.

The focus on security is prevalent even at the most basic operational level. Safety briefings before worker shifts at refineries, pipelines and well sites long have been an industry practice. Marisa notes that Chevron now also focuses specifically on cybersecurity concerns, such as phishing attacks and critical security updates, during these safety briefings.

Chevron’s
Marisa Ruffolo

In addition to this focus, she says that information sharing across the industry and with government agencies makes a real difference in identifying and addressing attacks. Threat information and indicators of potential security breaches are shared by the U.S. intelligence community with cybersecurity experts from natural gas and oil companies as well as industry collaborations like the Oil and Natural Gas Information Sharing and Analysis Center (ONG-ISAC) on an ongoing basis. Threat countermeasures are continually incorporated into company cybersecurity programs.

“This sharing helps us better understand whether a threat is just focused on one company or is an industry-wide attack,” she says. “When we have a better understanding of the adversary’s target, we can more efficiently respond.”

That response is built on international standards and proven guidelines including a Cybersecurity Framework established by the National Institute of Standards and Technology (NIST) with five core focus areas: identify, protect, detect, respond and recover. This same framework is used across U.S. industries from banking to manufacturing. A disciplined approach to protection is necessary because the fight is never over.

“The energy industry is so important to our economy, so it makes sense that adversaries would want to disrupt it through cyberattacks,” Marisa says.

Her day ends much as it began on the yoga mat – with unwavering focus. Fortunately, the natural gas and oil industry – and a country that counts on secure, reliable energy – has cyber defenders like Marisa Ruffolo.


America's Generation Energy

Stacy Nachbauer, Hess

Stacey Nachbaur
Hess Corporation

Hess’ Stacey Nachbaur is on point in the digital oil field.

Read More »

Drew Pomerantz

Drew Pomerantz
Schlumberger

Schlumberger’s Drew Pomerantz is helping industry capture methane.

Read More »

Pratyush Nag

Pratyush Nag
Siemens

Siemens’ Pratyush Nag is developing the latest turbine technology to amplify natural gas’ role in powering Americans’ lives.

Read More »

Jennifer Osterhaus, BP

Jennifer Osterhaus
BP

Jennifer Osterhaus of BP is using technology to responsibly harness America’s deep water energy.

Read More »

Alex Biholar, Devon

Alex Biholar
Devon Energy

Data and technology help Devon Energy’s Alex Biholar pinpoint America’s energy treasures.

Read More »

Marisa Ruffalo, Chevron

Marisa Ruffolo
Chevron

Through advanced cybersecurity, Chevron’s Marisa Ruffolo protects vital energy infrastructure.

Read More »

Klint VanWingerden, Alyeska Pipeline

Klint VanWingerden
Alyeska Pipeline

Alyeska Pipeline’s Klint VanWingerden and cutting edge technologies keep the Trans Alaska flowing.

Read More »

Jennifer Smith, Enbridge

Jennifer Smith,
Enbridge

Jennifer Smith of Enbridge listens, engages and builds relationships­ – one handshake at a time.

Read More »

Lautrice Mac McLendon, Shell

Lautrice “Mac” McLendon
Shell

Shell’s ‘Mac’ McLendon brings his own energy to protecting offshore workers and the environment.

Read More »

Tyler Pedersen, Cheniere

Tyler Pedersen
Cheniere Energy

Cheniere Energy’s Tyler Pedersen­—on the frontier of exporting U.S. natural gas.

Read More »

Karen Work, ConocoPhillips

Karen Work
ConocoPhillips

For ConocoPhillips’ Karen Work, Reusing Water is Key to Good Stewardship in the Permian Basin.

Read More »

Fred Walas, Marathon Petroleum

Fred Walas
Marathon Petroleum

Marathon Petroleum’s Fred Walas finds art in the science of crafting fuels for today and tomorrow.

Read More »

Mike Kerby, ExxonMobil

Mike Kerby
ExxonMobil

Mike Kerby of ExxonMobil believes technology is vital to solve energy and climate challenges.

Read More »


Top