01 July 2009 17:15 [Source: ICIS news]
BALTIMORE, Maryland (ICIS news)--US chemical facility computer systems are routinely targeted by cyber attacks whose origin and intent cannot be identified but must be assumed to be hostile, a top federal security official said on Wednesday.
Sean McGurk, director of control systems security in the national cyber security division of the Department of Homeland Security (DHS), told a chemicals sector audience that process industry computer systems “are probed on a routine basis” and that cyber security needs improvement across the industry.
“These probes in many instances might be innocent, or at least not malicious, but they occur in multiple instances as attempts are made to penetrate the information systems of various sectors, including chemicals,” he said.
“At the point of contact or probe to a system, we cannot know the source of the probe or the intent of the person behind it,” McGurk said, “but we have to assume a worst-case scenario, we have to assume that the intent is hostile.”
He said that many of the probes of chemical sector computer systems are likely the result of malware and botnets that plague the Internet and often afflict unprotected business and home computers.
However, because the chemicals sector is part of the nation’s critical infrastructure, its cyber security must be ensured.
Eric Cosman, engineering solutions IT consultant at Dow Chemical, said that a draft roadmap or guidance document for chemical sector cyber security improvements was completed in May this year and soon will be circulated to the industry through the Chemical Sector Coordinating Council, an alliance of chemical industry and related trade groups that works with DHS.
Cosman said the draft roadmap for IT security is focused on industrial control systems in chemical facilities that are part of the critical infrastructure.
When completed and published in final form, the roadmap will assist chemical companies in complying with requirements of the department’s Chemical Facility Anti-Terrorism Standards (CFATS).
Those standards require that chemical manufacturers prevent attacks on their facilities’ cyber systems that could cause economic or strategic damage to a plant. The standards also require that chemical makers implement security measures to prevent the use of a computer system as a means of attack on the facility, its processes or materials.
In addition to thwarting presumably hostile hacker attacks from outside a facility’s computer systems, Cosman and McGurk warned that operators must take precautions against insider use of their computer systems to divert supplies of chemicals that could be used elsewhere as part of a terrorist attack.
Additional information about the chemical industry cyber security programme is available at a sector website.
To discuss issues facing the chemical industry go to ICIS connect
For the latest chemical news, data and analysis that directly impacts your business sign up for a free trial to ICIS news - the breaking online news service for the global chemical industry.
Get the facts and analysis behind the headlines from our market leading weekly magazine: sign up to a free trial to ICIS Chemical Business.
|ICIS news FREE TRIAL|
|Get access to breaking chemical news as it happens.|
|ICIS Global Petrochemical Index (IPEX)|
|ICIS Global Petrochemical Index (IPEX). Download the free tabular data and a chart of the historical index|