As is increasingly becoming obvious to organizations across the country, cyber assets are increasingly becoming a prime target for attacks on industrial organizations, including chemical facilities. Terrorists could leverage cyberattacks to cause chemical releases or to divert precursor chemicals to allow for the construction of chemical weapons or improvised explosives. With that in mind, Chapter 6 of the Secure Your Chemicals manual provides an overview of cybersecurity actions that can be taken by chemical facilities.
The introduction to the chapter provides a very good, operational definition of cybersecurity:
“Cybersecurity is the capability to protect critical information, business, and control systems against damage, unauthorized on-site or remote access, modification, or exploitation.”
A key word in that definition is ‘critical’. While every piece of electronic equipment in the facility deserves protection, facility security managers are going to have to prioritize their activities to protect critical systems. Those could include systems that:
• Monitor and/or control physical processes that contain a chemical.
• Manage physical processes that contain a chemical which could be used to cause disruption or even destruction to the process and surrounding environment.
• Contain business or personal information that, if exploited, could result in the theft, diversion, or sabotage of a chemical.
One critical cybersecurity area not addressed in this manual is the intersection of cybersecurity and process safety. Facilities that use industrial control system to control the handling, manufacturing and use of hazardous materials need to ensure that a key component of their cybersecurity response plan addresses the safe shutdown of chemical processes. Additionally, facilities must ensure that chemical process safety controls