Cybersecurity for Chemical Industry

Cybersecurity risks threaten the critical infrastructure of all sectors of the US economy. Moreover, threats posed to the chemical industry inherently have greater destructive potential since the industry deploys processes and handles products that may be highly hazardous to humans and the environment. To mitigate such disasters, the Chemical Facility Anti-Terrorism Standards (CFATS) implemented requirements and protocols that protect crucial process control systems and business networks in chemical companies. In 2013, President Barack Obama issued an executive order for the National Institute of Standards and Technology (NIST) to work with industry on cybersecurity regulation. Working in tandem with CFATS, NIST worked to develop a risk-based set of standards and best practices for organizations within the chemical industry. A strategy guide was provided as a framework for individual organizations to fully establish, placing an emphasis on a multi-layered “defense-in-depth” approach that covers intrusion detection, asset protection, and continuous monitoring. Furthermore, organizations are encouraged to foster awareness for cybersecurity. However, a persistent challenge arises because smaller companies tend to adopt more commercially available off-the-shelf-technologies which are more vulnerable to cyberattacks.