The White House released a statement announcing that the government is extending its public-private cybersecurity partnership to the chemical industry:
The majority of chemical companies are privately owned, so we need a collaborative approach between the private sector and government. The nation’s leading chemical companies and the government’s lead agency for the chemical sector – the Cybersecurity and Infrastructure Agency (CISA) – have agreed on a plan to promote a higher standard of cybersecurity across the sector, including capabilities that enable visibility and threat detection for industrial control systems.
The Chemical Action Plan will serve as a roadmap to guide the sector’s assessment of their current cybersecurity practices over the next 100 days, building on the lessons learned and best practices of the previously launched action plans for the electric, pipeline, and water sectors to meet the needs for this sector.
I secured a pair of comments on this statement from leading industry experts.
Jerry Caponera, General Manager, Cyber Risk at ThreatConnect:
There are a couple of things that worry me concerning the chemical sector. The first is that the chemical sector produces items that we may not necessarily think about but can’t survive without in modern society. Imagine a world without plastics to store our food or chemicals to make electronics.
The second is the real risk. We saw three ransomware attacks in 2019…..
Read more about Jerry’s feedback about the new White House initiative and how risk quantification helps bridge the security information-sharing gap between the government and the chemical sector here on the IT Nerd Blog.