The chemical sector is next in line under the Biden administration’s plan to examine cybersecurity of U.S. critical infrastructure sectors with an ultimate aim of improving resilience in those sectors.
Last year the administration released the National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems that instructs the Cybersecurity and Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST) to establish cybersecurity performance goals for private-sector owners and operators of critical infrastructure.
“The cybersecurity threats posed to the systems that control and operate the critical infrastructure on which we all depend are among the most significant and growing issues confronting our nation,” the White House stated in the initial memo.
The initiative began with a pilot effort with the electricity subsector, and was followed by similar efforts for gas pipeline and water and wastewater sector systems.
Critical infrastructure operators in the chemical sector are next up in the process, and are being asked to facilitate visibility into their systems through a 100-day sprint.
CISA Director Jen Easterly announced the new sprint exercise during the 2022 Chemical Security Summit hosted by the agency this week. The 100-day plan includes aggressive but achievable milestones and will assist owners and operators as they modernize cybersecurity defenses.
CISA is also preparing to issue performance-based standards for the broader chemical sector, which can be thought of as a subset of some standards laid out in the NIST cybersecurity framework. CISA is also working with industry to ensure that the standards are applicable and make sense.