31 July 2012 22:26 [Source: ICIS news]
BALTIMORE, Maryland (ICIS)--Cyber security is increasingly critical in protecting US chemical facilities from terrorist attacks, top government security officials said on Tuesday as they urged industry executives to take greater precautions.
Rand Beers, the Department of Homeland Security (DHS) undersecretary responsible for the department’s National Protection and Programs Directorate (NPPD), told a chemicals industry conference that “we now face a more appreciated risk in cyber security” in protecting chemical facilities from terrorist attack.
“It is first and foremost the new appreciation for the need for owners and operators of chemical facilities to protect their systems with good cyber security precautions,” Beers said.
The NPPD is in charge of implementing the Chemical Facility Anti-Terrorism Standards (CFATS), established by Congress in 2007 to set security benchmarks that plant operators were to meet in order reduce if not eliminate the risk of attacks by terrorists seeking to cause massive off-site casualties by targeting a chemical plant.
While a site attack by truck bomb or other frontal assault remains a possibility that facility operators must guard against, federal officials have become more focused on theft and diversion of chemicals and cyber penetrations as more likely threats to plant security and safety.
Speaking to some 600 chemical industry executives at the sixth annual Chemical Sector Security Summit (CSSS), Beers urged those attending to do everything possible to enhance cyber security at their plants, and he welcomed further industry cooperation with the department in effecting those protections.
Suzanne Spaulding, deputy undersecretary at the directorate, also cautioned the summit audience that cyber security is every bit as critical as physical anti-terrorism protections at plant sites, and is perhaps central to those physical measures as well.
“It is critical that we take a holistic approach to cyber security in partnership with physical security,” she said.
“The many systems that are running chemical plants and processes often are connected to the Internet in one way or another,” she said, “and that makes them all vulnerable to a cyber attack.”
She cautioned that efforts to penetrate on-line chemical facility controls and other computer systems may employ social or professional networks to mask an attack.
Spaulding said attackers will use those networks to assemble a list of contacts for a chemical facility official, then take pains to construct a Trojan horse e-mail message that appears to come from one of the official’s contacts, with other associates copied, concerning a fictitious meeting and offering an attached document of results.
“If you click on that attachment,” she said, “you download the malware along with the phony document, and the malware begins its conversation with the attacker-sender to take control of the targeted computer.”
She urged summit participants to educate their employees to the department’s “stop, think, connect” recommendations, suggesting that before responding to the least suspicious e-mail, the recipient should contact the source with a separate e-mail or phone call to ensure that the suspect e-mail is legitimate.
Co-sponsored by DHS and the industry-based Chemical Sector Co-ordinating Council (CSCC), the summit runs through Wednesday.
|ICIS news FREE TRIAL|
|Get access to breaking chemical news as it happens.|
|ICIS Global Petrochemical Index (IPEX)|
Asian Chemical Connections