A crucial program intended to defend the country from terrorist attacks on its chemicals sector has been urged by the US Cybersecurity and Infrastructure Security Agency ( CISA ) to be reauthorized by Congress.
The Chemical Facility Anti-Terrorism Standards ( CFATS ) program’s statutory authority expired four months ago, exposing the industry for the first time in 15 years.
According to CISA associate director for chemical security Kelly Murray, “CFATS offers crucial resilience for the chemical industry by enabling chemical facility owners and operators to comprehend the risks associated with their biochemical safety holdings, develop site security plans and programs, conduct site inspections,” coordinate with local law enforcement and first responders, and continue to reevaluate each facility’s security posture based on changes in its chemical holding and threat nexus.”
” We at CISA follow our own advice: we believe in putting the proper security plans and countermeasures in place before an incident occurs to lessen the likelihood of incidents occurring and to improve resilience both during and after incidents to reduce the impact on our communities and our nation.”
Murray issued a warning that the CISA estimates that 200 fresh facilities have acquired hazardous chemicals over the previous four months, while others may be saving chemicals to dangerous levels, raising the possibility of terrorist attacks.
She continued, “CISA has been unable to vet an estimated 36, 000 employees in the sector against a Terrorist Screening Database for the prior couple months.” CISA has been unable to find security gaps and recommend corrective action because hundreds of site inspections have even been missed.
Given that facilities are managed and controlled by computer systems, the program has a strong cyber component despite focusing primarily on bodily security.
In fact, the Industrial Control Systems ( ICS) Cybersecurity Initiative chose the chemical industry last year as the fourth critical infrastructure ( CNI ) sector to participate in a 100-day cybersecurity sprint.