RSSInterested in linking to "Strengthen Your Cyber Security"?
You may use the Headline, Deck, Byline and URL of this article on your Web site. To link to this article, select and copy the HTML code below and paste it on your own Web site.
Strengthen Your Cyber Security
Take a number of steps to achieve a comprehensive and robust plan.
By Andrew Ginter, Industrial Defender
To cast your vote, log in or become a member. This quick, one-time registration gives you access to members-only site benefits.
3 votes
Page 1 of 2
Certain "high risk" chemical facilities present the potential for massive civilian and environmental impact from possible terrorist attacks. Release of chemicals can lead to a major catastrophe, such as the thousands of deaths that followed the leak of methyl isocyanate at a pesticide plant in Bhopal, India, in 1984 (see: "Grasp All the Lessons of Bhopal").
Even sites that use rather than process chemicals can pose substantial hazards. For instance, in 2007 a faulty alarm at a water treatment facility in Spencer, Mass., caused release of excess sodium hydroxide into the water supply, ultimately injuring more than 100 people. Although to date there've been relatively few direct attempts at compromising chemical facilities, many such sites may lack the necessary levels of protection to properly defend themselves against a sophisticated physical or cyber attack.
So, the U.S. Department of Homeland Security (DHS) on April 9, 2007, issued Chemical Facility Anti-Terrorism Standards (CFATS) that aim to ensure effective security at high-risk sites. The mandate of CFATS has been extended to October 2010 and the responsible subcommittee has recommended extending it further to 2015. Every affected facility must conduct a security vulnerability assessment and implement security measures that meet risk-based performance standards (RBPS), which cover such areas as perimeter security, access control, personnel authorization and cyber security. (For a podcast about CFATS, go to www.ChemicalProcessing.com/multimedia/2010/cfats_podcast.html.)
The DHS published a RBPS guidance document in May 2009, to assist high-risk chemical facilities with selecting and implementing appropriate security measures as well as to help DHS personnel with evaluating RBPS compliance.
Many chemical facilities now are in the throes of complying with CFATS. It's crucial that such sites understand practical ways to successfully implement these standards.
Between 2002 and 2008 Industrial Defender performed more than 100 security assessments on critical infrastructure facilities such as chemical plants, refineries, water treatment units, power stations and pipeline systems — and found more than 38,000 control system vulnerabilities. Assessments over the last two years continued to show widespread problems (see sidebar). With these results in mind, this article highlights various security measures and practices that chemical facilities strongly should consider to meet "RBPS 8," which is the cyber component of the RBPS.
Key Implementation Challenges
The objective of RBPS 8 is to help deter cyber sabotage as well as prevent unauthorized onsite or remote access to critical computerized systems, including those for supervisory control and data acquisition (SCADA) and distributed control. Here are some aspects that deserve particular attention:
Security policy. CFATS compliance begins with an effective security policy. Plans, processes and procedures that address a network's specific sensitivities are the starting point of any successful cyber-security plan. Developing and using a change management process to support necessary cyber-security updates to a network and reduce the chance of human error are important elements of an effective security policy. In addition, designating a particular individual to oversee cyber-security efforts establishes accountability and oversight.
Access control. To boost efficiency business and control networks increasingly allow interconnectivity. Unfortunately, the more interconnected and accessible a network is, the more vulnerable it may be. So, setting up an electronic security perimeter around your critical infrastructure network is crucial. Understanding and identifying connectivity beyond typical access points greatly improves a plan's effectiveness (see "Protect Your Plant.")
Page 1 of 2
To cast your vote, log in or become a member. This quick, one-time registration gives you access to members-only site benefits.
3 votes
