White House Launches Chemical Sector Security Sprint

Written by

The Biden–Harris administration has launched a new initiative designed to improve the security of industrial systems in the chemical sector over the next 100 days, as part of ongoing efforts to reduce cyber-risk in critical infrastructure (CNI).

The sector is the fourth to be covered by the Industrial Control Systems (ICS) Cybersecurity Initiative, following similar initiatives in the electricity, pipeline, water and railway industries.

Incorporating lessons learned from those previous efforts, the 100 day security “sprint” will focus on:

  • Information sharing and coordination between federal government and the private sector
  • Prioritizing “high-risk chemical facilities” which “present significant chemical release hazards”
  • Driving collaboration between sector owners and operators to ensure the right technologies are deployed based on individual risk assessments

The White House emphasized the criticality to national and economic security of protecting the sector, noting that it produces chemicals “that are used directly or as building blocks in the everyday lives of Americans,” including fertilizers and disinfectants, personal care products and even energy sources.

While the focus initially will be on those high-risk facilities, the goal is to disseminate best practices for enhanced ICS cybersecurity across the entire chemical sector.

Chris Gray, AVP of cybersecurity for Deepwatch, works directly with chemical sector organizations. He explained that these businesses “heavily influence and enable” related sectors such as agriculture, water, nuclear, defense and transportation.

“If the production and delivery of chemicals is stopped or impeded, massive effects will be felt by manufacturing, healthcare, fuel, and many other areas,” he added.

“Another concern is system and platform vulnerability. The last major security framework requirements that have governance over this area pre-date 2010. This sector is likely underserved, with highly remote and unattended legacy technologies, and outdated security standards and expectations.”

What’s hot on Infosecurity Magazine?