The threats posed by physical incursions onto plant sites are easy to understand, as are most of the necessary countermeasures such as more-thorough checking of employees, contractors and visitors; expanded video surveillance; and enhanced hardware to restrict access.
However, cyber attacks exploit weaknesses that are harder to grasp, at least by nonspecialists. We certainly appreciate the hazards posed by hackers and malware gaining access to corporate and plant software systems, especially since the Stuxnet attack last year that specifically targeted process control systems and led to the destruction of centrifuges at an Iranian nuclear enrichment facility ("Industry Gets Cyber-Security Reality Check,") — but defeating digital demons involves arcane software and network issues foreign to most of us.
So, setting up a cyber-security program and running it on an ongoing basis may appear overwhelming — but it's doable, counsels Rick Kaun of Honeywell. His article ("Achieve Effective Cyber Security,") demystifies what's needed to develop, set up and maintain a robust defense. Breaking down efforts into three steps — inventory, integrate and implement — is essential and, as with safety, corporate culture also plays a crucial role, he stresses.
Complacency isn't an option. Doing the minimum to comply with regulations isn't enough. The chemical industry must continue to improve its safety performance and must elevate security to the same top priority as safety.
Mark Rosenzweig, editor-in-chief of Chemical Processing, cares about your safety. You can e-mail him at firstname.lastname@example.org.