Operators of chemical facilities will follow those of electric utilities, gas pipelines and water treatment plants in being asked to facilitate visibility into their systems.
The Biden administration’s voluntary-first approach to cybersecurity is set to target the chemical sector in a fourth 100-day sprint to gain insights into the cybersecurity posture of the nation’s critical infrastructure, and to ultimately improve its resilience.
“We were asked last year by the White House through a national security memorandum to focus on protection of industrial control systems, and I think the chemical sector is next in line,” said Cybersecurity and Infrastructure Security Agency Director Jen Easterly, adding, “we’re going to kick off a 100-day sprint with probably many of you here.”
Easterly was addressing participants Wednesday at a 3-day chemical security conference the agency is hosting on the issue.
The national security memo published last summer was in response to the attack on Colonial Pipeline and focussed attention on the vulnerability of critical industrial control systems. Rolling out the initiative, administration officials said the sprints aim to encourage operators to install tools that would help them detect and respond to cyber incidents.
Ideally, pilot programs under the sprints would tap an existing CyberSentry program run by CISA, the officials said, but they were unclear on how or if the operators would be compensated for implementing censors in their environments. Regardless, they say, more than 150 utilities have installed—or have committed to installing—the technology.