Protecting Critical Infrastructure from Cyber Attacks: Chemical Sector
August 26, 2015
This is a post series on our nation’s plans for securing critical infrastructures and the threats they face on a daily basis. This post will concentrate on the Chemical sector, but you can jump to any of the other sectors using the links below:
- Commercial Facilities
- Critical Manufacturing
- Defense Industrial Base
- Emergency Service
- Food and Agriculture
- Financial Services
- Government Facilities
- Healthcare and Public Heath
- Information Technology
- Nuclear Reactors, Materials and Waste
- Water and Wastewater Systems
Chemical Sector: CRITICAL INFRASTRUCTURE #1
The chemical sector has their hand in over 96% of all goods manufactured in the US, creates over 70,000 unique products, employs 800,000 people and contributes roughly 25% to the GDP. In addition, five other national critical infrastructures also depend on the chemical sector to support their processes. They include:
- Transportation Systems
- Information Technology
The chemical sector is subject to a number of physical and cyber threats that can bring down their systems and with the majority of all organizations under this sector being privately owned/operated, coordinating information can be troublesome. The chemical sector also ships over 866 million tons of products, as such, plants are strategically located near coastal ports putting them at risk for not only cyber, but natural disasters.
Top Cyber Threats to the Chemical Sector in 2015
The chemical sector utilizes industrial control systems (ICSs) as well as large international networks and everything in between to run their operations. These networks are subject to attacks such as:
- Intentional cyber attacks or insider threats
- System failures
- Breaks in the supply chain process
- Unintentional human error
The chemical sector has also opened up a few ICSs to updates through 3rd-party devices and Internet accessibility. This will also open up the opportunities for remote cyber attacks against chemical sector systems.
What is the Cyber Plan for the Chemical Sector?
The chemical sector’s primary method for combating cyber risk is thorough education and collaboration. The majority of their action items, as set forth in their 2015 Chemical Sector-Specific Plan, seem to be for developing these collaboration opportunities. Since the majority of chemical sector facilities are privately held it is imperative that the opportunity to collaborate across public and private sector and across the varying company sizes be opened. Such training opportunities for cyber awareness and capabilities are offered through the following programs.
Cyber- Dependent Infrastructure Identification
This work group has completed significant research in identifying cyber-critical assets. The purpose of this group provide even greater physical and cyber risk assessments to the chemical sector as a whole.
CFATS Risk-Based Performance Standards
The Risk-Based Performance Standards (RBPS) document is in line with the standards set forth in the NIST Cybersecurity Framework. This document will stand as a tool for the chemical sector to measure their RBPS compliance levels and strengthen their overall cyber risk management programs.Critical Infrastructure Cyber Community (C³) Voluntary Program
This program is designed to bring together partners within the chemical sector to develop a Chemical Sector Framework Implementation Guide. This guide will be base on the NIST Cybersecurity Framework and serve as a tool to improve the overall cyber security efforts throughout the chemical sector.
Cyber Storm Exercises and Preparedness
This program offers the opportunity for members of the chemical sector to put their skills to use in Cyber Storm exercises and identify areas for improvement. Additionally, this area is researching the development of an Information Sharing and Analysis Center (ISAC) similar to that used in the Financial Services Sector.
Partnership-Developed Cyber security Resources
This resource is designed to offer a number of sector specific tools including security guides, cyber exercise and overall tips for making cyber investments.
The chemical sector is leveraging trade associations to offer assessments and tools that focus on developing the industry’s standards and usage of information technology trends. Trade associations often hold annual conferences that provide another outlet for this type of education.
Workshops, Presentations & Webinars
The chemical sector and DHS Office of Cybersecurity and Communications host the annual Chemical Sector Security Summit to facilitate opportunities for cyber collaboration and education. Cyber workshops, webinars and other learning events are designed to promote general cyber education and report on emerging cyber threats.
The Cross-Sector Cybersecurity Working Group (CSCSWG) allows the chemical sector and others to promote cross-sector collaboration. Information that is shared includes:
- Strategies for cyber risk management
- Cybersecurity awareness processes
- Research findings
- New products
- Opportunities for cyber interdependencies and dependencies