Chemical industry drafts cybersecurity plan

A broad cross-section of trade associations and individual companies from the U.S. chemical industry is moving forward this month with a comprehensive plan for improving cybersecurity at chemical companies and facilities.

The plan will be submitted to the White House for inclusion in the forthcoming National Strategy for Protecting Cyberspace and marks the first time the industry has developed a unified strategy for cybersecurity. It was endorsed officially last month by the Chemicals Sector Cyber-Security Information Sharing Forum, a consortium led by David Kepler, corporate vice president and CIO at The Dow Chemical Co., as well as by a dozen other industry associations.

The strategy represents “a road map for developing a cybersecurity standard and practices, and it calls for leveraging technologies, processes and people to protect our communities,” said Christine Adams, a spokeswoman for the forum.

The plan was designed to be flexible enough so that IT security managers at chemical companies of all sizes can pick the modules that are most appropriate for their businesses, said Adams. The strategy also focuses on everything from “traditional business information systems to process control systems.”

The forum chartered a task force of 16 high-level subject matter experts from the chemical industry to develop the strategy.

Adams said the plan also builds on established programs, including an emergency communications network. The proposed Cyber-Security Information Sharing Network will distribute advance warnings of cybersecurity threats, vulnerabilities and incidents.

The American Chemicals Council last month also endorsed a new set of requirements that would compel each of its 163 member companies, which account for 90 percent of all chemicals manufactured in the U.S., to “prioritize and assess security at their facilities, take corrective actions and independently verify what they have done,” said Owen Kean, a senior director at the council.

By this fall, the forum expects to have developed a set of best management practices, he said.

Joe Weiss, an energy cybersecurity analyst at Kema Consulting in Fairfax, Va., said the focus on industrial control systems is a positive development but one whose success is dependent on federal funding.

“Once the government puts money in [control systems cybersecurity development], you can have prototypes, if not products, on the street within three to five years,” said Weiss. “But right now … all of the money is going to traditional business cybersecurity; it’s not going to control systems.”

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now