Review – ChemLock – Secure Your Chemicals – Cyber

Share on facebook
Share on twitter
Share on linkedin
Share on reddit

NOTE: On November 18th, 2021, CISA announced their new voluntary chemical security program, ChemLock. This post is part of a deep dive into that program. Earlier posts in this series include:

CISA Announces ChemLock – Voluntary Chemical Facility Security (short version)

ChemLock and the Chemical Security Summit

ChemLock – On-Site Assessments and Assistance (short version)

ChemLock – Secure Your Chemicals – Overview (short version)

ChemLock – Secure Your Chemicals – Detect (short version)

ChemLock – Secure Your Chemicals – Delay (short version)

As is increasingly becoming obvious to organizations across the country, cyber assets are increasingly becoming a prime target for attacks on industrial organizations, including chemical facilities. Terrorists could leverage cyberattacks to cause chemical releases or to divert precursor chemicals to allow for the construction of chemical weapons or improvised explosives. With that in mind, Chapter 6 of the Secure Your Chemicals manual provides an overview of cybersecurity actions that can be taken by chemical facilities.

Cybersecurity Definition

The introduction to the chapter provides a very good, operational definition of cybersecurity:

“Cybersecurity is the capability to protect critical information, business, and control systems against damage, unauthorized on-site or remote access, modification, or exploitation.”

A key word in that definition is ‘critical’. While every piece of electronic equipment in the facility deserves protection, facility security managers are going to have to prioritize their activities to protect critical systems. Those could include systems that:

• Monitor and/or control physical processes that contain a chemical.

• Manage physical processes that contain a chemical which could be used to cause disruption or even destruction to the process and surrounding environment.

• Contain business or personal information that, if exploited, could result in the theft, diversion, or sabotage of a chemical.

Missing Discussion

One critical cybersecurity area not addressed in this manual is the intersection of cybersecurity and process safety. Facilities that use industrial control system to control the handling, manufacturing and use of hazardous materials need to ensure that a key component of their cybersecurity response plan addresses the safe shutdown of chemical processes. Additionally, facilities must ensure that chemical process safety controls

Read more

Explore the site

More from the blog

Latest News