Analysis
Attacks and Vulnerabilities
CISA
Critical infrastructure
News
Regulation, Standards and Compliance
Risk & Compliance
Technology & Solutions
Vulnerabilities

Biden administration to address cybersecurity issues faced by chemical sector

August 25, 2022
Biden administration to address cybersecurity issues faced by chemical sector

Following last year’s National Security Memorandum, the administration of U.S. President Joe Biden is set to address the cybersecurity issues faced by the chemical sector. The voluntary-first approach to cybersecurity will assist the chemical sector in a fourth 100-day sprint to gain insights into the cybersecurity posture of the nation’s critical infrastructure and improve its resilience. Operators in the chemical sector will follow their counterparts in the critical electric sector, gas pipelines and water treatment plants in being asked to facilitate visibility into their systems.

“We were asked last year by the White House through a national security memorandum to focus on protection of industrial control systems, and I think the chemical sector is next in line,” Jen Easterly, Cybersecurity and Infrastructure Security Agency (CISA) director, reportedly said at the ongoing 2022 Chemical Security Summit hosted by the security agency. “We’re going to kick off a 100-day sprint with probably many of you here,” she added. 

Easterly also highlighted the chemical sector’s performance standards for addressing IT and OT (operational technology) managed by industrial control systems. “It was really telling to me that even back in 2009, how robust the standards were, laid out for both physical security but also cyber security,” she said. “It was before cyber was really a thing that this community really understood the importance of a collective approach.”

The director also said that the performance-based standards CISA is getting ready to issue for the broader community can be thought of “almost as a subset of some of what you see in the NIST cybersecurity framework.” CISA is also “working together with industry to ensure that that makes sense, where they want to have a focus,” she added.

Last September, the CISA released new guidelines to help chemical facilities know when to report cyber incidents. The directives emphasized that the Risk-Based Performance Standard (RBPS) 8 – Cyber and RBPS 15 – Reporting of Significant Security Incidents will now call upon chemical facilities covered under the Chemical Facility Anti-Terrorism Standards (CFATS) program to establish protocols for identifying and reporting significant cyber incidents to appropriate facility personnel, local law enforcement, and the CISA.

The 2022 Chemical Security Summit is targeted at chemical representatives from across the chemical and interconnected sectors such as energy, communications, transportation, and water, to learn, share perspectives, and engage in dialogue. Securing chemicals in an evolving threat environment requires cross collaboration between facility owners and operators, industry, law enforcement, community members, and all levels of government. It features important chemical security information for industry organizations, facility owners and operators, government officials, first responders, and law enforcement.

The sessions will cover the latest in chemical security best practices, the state of chemical security—updates for the CFATS program, and CISA’s voluntary chemical security initiative, ChemLock. It will also reflect on 15 years of CFATS and provide an analysis of the CFATS RBPS and best practices. The summit will also include chemical threat briefings and cyber hygiene services, such as vulnerability scanning.

The national security memo followed the DarkSide ransomware attack against Colonial Pipeline, bringing attention to the vulnerability of critical ICS (industrial control systems). As a result, the administration rolled out the Industrial Control Systems Cybersecurity Initiative, a voluntary, collaborative effort between the federal government and the critical infrastructure community to enhance the cybersecurity of these critical systems. 

The initiative must defend the nation’s critical infrastructure by encouraging and facilitating the deployment of technologies and systems that provide threat visibility, indications, detection, and warnings. The move enables response capabilities for cybersecurity in essential control systems and operational technology networks. Additionally, the initiative must work towards expanding the deployment of these technologies across priority critical infrastructure.

In April this year, ​​Symantec, a division of Broadcom Software, disclosed that the North Korea-linked advanced persistent threat (APT) group, Lazarus, has been conducting an espionage campaign targeting organizations operating within the chemical sector. “In January, Symantec detected attack activity on several organizations based in South Korea networks. The organizations were mainly in the chemical sector, with some being in the IT sector.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

House Committee emphasizes importance of CIRCIA implementation for cyber preparedness
House Committee emphasizes importance of CIRCIA implementation for cyber preparedness
Global cybersecurity agencies issue alert on threat to OT systems from pro-Russia hacktivist activity
Global cybersecurity agencies issue alert on threat to OT systems from pro-Russia hacktivist activity
Insane Cyber
Insane Cyber closes $4.2 million funding round to safeguard critical infrastructure installations
Building a Culture of Cyber Resilience in Manufacturing (WEF)
WEF playbook addresses cyber resilience in manufacturing and supply chains, provides three guiding principles
DOE, EPA support NSM-22 focused on critical infrastructure security and resilience
DOE, EPA support NSM-22 focused on critical infrastructure security and resilience
White House releases National Security Memorandum on critical infrastructure security and resilience
White House releases National Security Memorandum on critical infrastructure security and resilience
US DHS delivers safety and security guidelines to secure critical infrastructure from AI-related threats
US DHS delivers safety and security guidelines to secure critical infrastructure from AI-related threats
Xage’s Zero Trust Session Collaboration tool delivers remote access, collaboration across industrial frameworks
Xage announces AI-powered analytics and insight capabilities to boost zero trust access and protection
US DHS establishes AI Safety and Security Board to advise on safe deployment in critical infrastructure
US DHS establishes AI Safety and Security Board to advise on safe deployment in critical infrastructure
AI for Energy - Opportunities for a Modern Grid and Clean Energy Economy (DoE)
US DOE rolls out initial assessment report on AI benefits and risks for critical energy infrastructure