07 July 2010 21:50 [Source: ICIS news]
BALTIMORE, Maryland (ICIS news)--Cyber attacks on US chemical plant production and business computer systems are rapidly increasing in both frequency and sophistication, top US government and industry officials said on Wednesday.
“There is a growing spectrum of cyber threats on the chemicals sector, and the attacks are growing more and more sophisticated,” said Philip Reitinger, deputy under-secretary at the Department of Homeland Security (DHS).
Speaking to some 400 industry executives at the eighth annual chemical sector security summit, Reitinger said that “cyber security and chemical security are central to our department’s work”.
“You can’t have a conversation about chemical security without talking about cyber security,” he added.
Reitinger, who heads the department’s National Protection and Programs Directorate (NPPD), said: “I urge you to make cyber security part of the focus of chemical security.”
In her earlier remarks to the security summit on Wednesday, DHS Secretary Janet Napolitano also emphasised the growing threat posed by cyber attacks, which she too described as increasing both in volume and technical sophistication.
The increasing threat level for chemical and refining industry information technology (IT) systems also was reflected in a panel discussion among several IT professionals.
Steve Elwart, a senior IT professional at Ergon Refining, said his company had experienced a sharp advance in cyber attacks.
“We have seen a considerable increase in the frequency and sophistication of cyber attacks,” he said, “and unlike some other industries we don’t always share the details of these attacks among ourselves, but we should.”
Marc Westbrock, an IT security specialist with Flint Hills Resources, also reported an upsurge in cyber attacks at his company, a refining firm that also produces chemicals and polymers.
“Yes, there has been an increase in attacks, with a lot of spam attacks and phishing probes,” he said.
“We’ve gotten some e-mail attacks that look exactly like an e-mail message from our own IT department,” he said, adding that most of the attacks have been on the business operations side of the company rather than on process control systems.
The identity of those attacking and probing chemical industry computer systems cannot always or easily identified, but Westbrock said much of the cyber threat he sees comes from organized crime. “We get hundreds of thousands of attacks,” he said.
The consequences of a successful cyber penetration of business or process IT systems, Elwart noted, could be very costly, including loss of productivity, loss of historical business or production data, and damage or destruction of accounting or environmental records, among other things.
“Even if you routinely back-up data on a daily basis and you have the prior day’s data, it can still be very costly if you have to reconstruct the period from yesterday’s back-up to the point of the present day attack and damage,” Elwart said.
Not all cyber attacks come from outside a company’s IT systems, Elwart said, referring to attacks from within by disgruntled employees or even non-malicious virus infections due to well-meaning employees.
He and other cyber specialists noted that untrained and unthinking employees can inadvertently bring down a company’s network by taking DVDs, CDs and USB memory sticks to work where they unknowingly transfer viruses to company systems.
Elwart noted that even newly developed smart phones pose a risk to otherwise isolated process control computer systems.
“I don’t know if you’ve noticed,” Elwart said, holding up a new wide-screen smart phone, “but these things are power hogs, and they won’t last for a full 12-hour shift in a control room.”
“I’ve seen operators plug their smart phones into the process system just to get a recharge, not knowing that the phone - even if it is off - could be downloading a virus to the control system,” he said.
Elwart and Westbrock agreed that thorough and repeated employee training on the risks posed by cyber attacks was as essential as anti-viral software and all the other engineering and IT countermeasures.
Industry executives attending the summit also learned that the number of attempted physical terrorist attacks against the US had increased sharply in the last year.
Cosponsored by DHS and industry associations in the Chemical Sector Co-ordinating Council, the security conference runs through Thursday.
For the latest chemical news, data and analysis that directly impacts your business sign up for a free trial to ICIS news - the breaking online news service for the global chemical industry.
Get the facts and analysis behind the headlines from our market leading weekly magazine: sign up to a free trial to ICIS Chemical Business.
|ICIS news FREE TRIAL|
|Get access to breaking chemical news as it happens.|
|ICIS Global Petrochemical Index (IPEX)|
|ICIS Global Petrochemical Index (IPEX). Download the free tabular data and a chart of the historical index|