23 May 2011 20:40 [Source: ICIS news]
WASHINGTON (ICIS)--The White House on Monday urged Congress to establish new cyber security standards that critical infrastructure industries such as chemicals production would have to meet in order to reduce the risk of terrorist or criminal attacks.
Philip Reitinger, deputy under secretary at the Department of Homeland Security (DHS), told a Senate hearing that “cyber security vulnerabilities in our government and critical infrastructure are a risk to national security, public safety and economic prosperity” and must be countered.
“Our critical infrastructure - such as the electricity grid, financial sector and transportation networks that sustain our way of life - have suffered repeated cyber intrusions,” he said.
Reitinger had earlier cited what he termed “a growing spectrum of cyber threats to the chemicals sector” that is becoming more sophisticated and voluminous. Other DHS security officials have previously identified the chemicals sector as a particular target of cyber probes that must be assumed to be hostile.
Testifying before the Senate Homeland Security and Governmental Affairs Committee, Reitinger urged the panel to incorporate into any cyber security legislation the administration’s proposal for a new task force comprised of DHS and other federal agencies “to work with industry to identify and prioritise the most important cyber risks to critical infrastructure”.
DHS, other federal agencies and third-party standards organisations would then work with industry “to propose standardised risk mitigation frameworks, which focus not on compliance but instead on increasing actual security in a cost-effective manner”, he said.
Reitinger, who is in charge of the national protection and programmes directorate at the DHS, told the committee that “Then, each critical infrastructure operator would propose a plan that identifies the steps it will take to address the identified risks as guided by the applicable framework”.
“Each critical infrastructure entity’s plan will be assessed by a third-party, commercial evaluator,” he explained, noting that “DHS would work with firms to help them shore-up plans that are deemed insufficient by commercial evaluators”.
The administration’s proposal for increased cyber security appears similar to the broader antiterrorism security mandate that the DHS has had for chemical plants since 2007.
That four-year-old programme, the Chemical Facility Anti-Terrorism Standards (CFATS), sets security criteria for chemical plants against which operators may chose a variety of measures to satisfy DHS inspectors.
The CFATS programme, however, already covers cyber issues, so it is unclear whether the administration’s new cyber-specific security proposal would add another layer of regulatory oversight or requirements on the process industry.
Reitinger said that individual company’s “mitigation frameworks” to deflect cyber attacks and evaluation of those plans would be combined in a high-level summary that “would be publicly accessible in order to facilitate transparency and to ensure that the plan is adequate”.
The Senate Homeland Security committee was hearing testimony on the administration’s cyber security proposals as part of its plans to move legislation designed to increase ?xml:namespace>
($1 = €0.70)
Paul Hodges studies key influencers shaping the chemical industry in Chemicals and the Economy
|ICIS news FREE TRIAL|
|Get access to breaking chemical news as it happens.|
|ICIS Global Petrochemical Index (IPEX)|
Asian Chemical Connections