Chemical & Engineering News Digital Edition ... - IMM@BUCT

More documents

Recommendations

Info

SHUTTERSTOCK GOVERNMENT & POLICY CYBERSECURITY Chemical sector FACES UNCERTAINTY about how to protect critical information ROCHELLE F. H. BOHATY, C&EN WASHINGTON PERHAPS YOU KNOW all too well the casualties of cyber war—loss of time, money, and maybe even your identity. In what seems to be a pandemic, cyber attacks on both individuals and organizations are increasing in frequency, sophistication, and the collateral damage they cause. Cybersecurity is of particular interest to the chemical industry not only because a cyber attack on a company could directly affect its business operations, but the possibility of an attack also places the company under heightened scrutiny by federal regulators who will consider such threats, among other factors, in assessing chemical facilities’ vulnerability to a terrorist attack. For these reasons, chemical industry trade associations have developed cybersecurity programs to help their members comply with federal regulations and mitigate vulnerabilities to cyber attacks. Despite these programs, however, companies will be seriously challenged in deciding what steps to take because of the ever-changing tactics of cyber attackers, the cost of cybersecurity, and the fact that the Department of Homeland Security will decide companies’ cybersecurity on a case-by-case basis. “The chemical sector is not alone in being vulnerable to cyber attacks,” says Sue Armstrong, acting director of DHS’s Infrastructure Security Compliance Division. But an attack has the potential to cause more direct physical damage and injury to the chemical sector than to other sectors such as banking and finance, she adds. “An attack on a chemical facility could have devastating consequences regardless of the type of attack,” Armstrong notes. Types of scenarios could range from cyber attacks such as hacking to physical actions such as bombing. For this reason, she explains, DHS is implementing a regulatory program now. DHS’s cybersecurity efforts are part of its role in assessing and ensuring that chemical installations are secure, thereby decreasing the possibility that terrorists will exploit them in an attack. Under a set of rules known as the Chemical Facility Anti-terrorism Standards (CFATS), DHS has preliminarily ranked more than 7,000 facilities into four tiers according to risk of a terrorist attack (C&EN, July 7, page 7). Ranked facilities are in the process of submitting additional security and vul- “If someone decides specifically to go after your organization, it is going to be very difficult to prevent them from breaking in.” WWW.CEN-ONLINE.ORG 18 NOVEMBER 3, 2008 nerability information to DHS that the department will use to determine each facility’s final ranking. DHS has identified 18 criteria, including cybersecurity and perimeter security, that companies must address for this assessment. The additional data from preliminarily ranked facilities are due to DHS by the end of the year. This means that DHS expects to collect thousands of assessments from the chemical industry—assessments that not only include details about each company’s cybersecurity problems but that also become cybersecurity risks themselves. The security risk of information submitted by the chemical industry through DHS’s online system is something DHS takes very seriously. “The systems that collect all this information from industry under the CFATS program are hosted at federally owned sites, on dedicated subnetworks that have been hardened to meet or exceed” stringent federal security and encryption standards for information processing, Armstrong tells C&EN. Even so, some cybersecurity experts question just how secure these data really will be. The method that DHS uses to “encrypt communications with the chemical industry does not in itself provide much insight into the overall security of the information exchange,” says Ronald W. Ritchey, a cyber associate with consulting group Booz Allen Hamilton. He adds that attackers would tend not to focus on the encryption systems—because they are hard targets—but instead would focus on attacking elements such as workstations or servers used to create, store, process, or transmit the information. For classified government systems such as DHS’s, the “risk is low” for a cyber attack, says Andy Singer, a principal cyber campaign and intelligence consultant with Booz Allen Hamilton. But the system may be a prime target for espionage because of its “aggregate value,” he adds. For example, hacking into a single site that houses a database of chemical companies’ information has more bang for the buck than hacking into a single company’s website. But, Ritchey points out, any network can
e exploited, even those considered lowrisk. “If someone decides specifically to go after your organization, it is going to be very difficult to prevent them from breaking in,” he says. This gives the chemical sector reason to be concerned that DHS’s system could be breeched, resulting in an unintended dissemination of high-risk facilities’ security and vulnerability information. Although DHS requires high-risk facilities to address cybersecurity challenges, including cybersecurity in a plant’s overall security profile is a good business practice, says Christine Adams, director of the Chemical Sector Cyber Security Program for industry trade group American Chemistry Council (ACC) and a senior information systems manager at Dow Chemical. The fact that much of the chemical industry is made up of automated processing plants that handle large quantities of dangerous materials not only makes it a target for terrorist attacks but for cyber attacks, too, according to Ritchey and Singer. And adding to industry’s vulnerability are the sector’s extensive computer networks, which circle the globe and provide FUELING CONCERN is the fact that the Federal Bureau of Investigation is currently examining thousands of cyber attacks. Already, the FBI has noticed that the usual suspects are evolving, changing tactics, and increasing the sophistication of their attacks. For example, in the past, cyber assailants did not associate with each other, but now virtual gangs are a growing threat, according to Shawn Henry, assistant director of the FBI’s Cyber Division. Hackers are banding together to pool their expertise and carry out coordinated attacks, he said at a briefing in Washington, D.C., on Oct. 17. Cyber experts with Booz Allen Hamilton also agree that attackers’ tactics are changing to become more sophisticated and, they say, more prevalent. When it comes to breeching a system, Ritchey says targeting an individual who has broad access within an organization with the intention of stealthily extracting information or waging an attack is the simplest way for a cyber assailant to affect companies in the chemical industry. He says the industry is extremely vulnerable to such “targeted phishing attacks.” For example, Ritchey explains, a company employee could receive an e-mail that says: “Hey Joe, I saw you talking on such and such a topic. The attached report might interest to you.” The attached file may in fact be interesting, relevant, and appear completely authentic, Ritchey says, but when Joe opens the file, his user profile, computer, or network could be compromised without Joe even knowing. “At this point the attackers have control,” Ritchey tells C&EN. This scenario could cause problems for a company and for its employees, who could become suspects if information such as user names and passwords were used by perpetrators to coordinate an attack. The fear of what terrorists might do if they had access to valuable business information or learned how to remotely control a manufacturing process is one of the reasons that DHS has included cybersecurity when evaluating a chemical facility’s risk of attack, agency officials note. Whether you are looking for a simple instrument for a teaching lab or a sophisticated research instrument, Shimadzu FTIR spectrophotometers have you covered. Our instruments provide outstanding performance and specifications that will give you comfort with the quality of your data. Delivering optimum FTIR performance, sensitivity, and reliability, the IRPrestige-21 features a S/N ratio of 40,000:1 and expansion capabilities to the Near IR and Far IR ranges. Superior to generalpurpose instruments, the new IRAffinity-1 FTIR is ideal for highprecision infrared analysis to confirm, identify and detect foreign matter in a multitude of application areas. These powerful instruments feature: Q Long-term stability via a patented flexible joint system and a dynamic alignment mechanism Q High-sensitivity DLATGS detector Q Increased reliability with self-diagnosis at initialization and continuous monitoring of instrument during operation Q Protection from humidity with a triple protection interferometer Q Analysis support programs Q Compatibility with a wide range of accessories, including the completely automated AIM-8000 microscope IRsolution software emphasizes operability with specialized windows. A variety of optional programs and accessories, such as those facilitating PLS and multilinear regression, deconvolution, and mapping measurement, are also available. Shimadzu FTIR spectrophotometers clearly deliver maximum performance and value. You demand performance and productivity— Shimadzu delivers. Learn more about Shimadzu’s FTIR products. Call (800) 477-1227 or visit us online at www.ssi.shimadzu.com/FTIR Shimadzu Scientific Instruments Inc., 7102 Riverwood Dr., Columbia, MD 21046, U.S.A. Order consumables and accessories on-line at http://store.shimadzu.com WWW.CEN-ONLINE.ORG 19 NOVEMBER 3, 2008
Page 1 and 2: NOVEMBER 3, 2008 CYBERANXIETY Prepa
Page 3 and 4: VOLUME 86, NUMBER 44 NOVEMBER 3, 20
Page 5 and 6: CHEMICAL & ENGINEERING NEWS 1155—
Page 7 and 8: The new Administration will have li
Page 9 and 10: tron microscopy of Wolfgang Buchhei
Page 11 and 12: NF 3 MEASURED IN AIR ATMOSPHERIC CH
Page 13 and 14: NEWS OF THE WEEK NEW MATERIAL FOR D
Page 15 and 16: BUSINESS CONCENTRATES BLAST AT CANA
Page 17 and 18: BUSINESS CHEMEXPLORER LILLY DROPS A
Page 19: GOVERNMENT & POLICY CONCENTRATES FD
Page 23 and 24: GOVERNMENT & POLICY BIOLOGICAL SCIE
Page 25 and 26: SCIENCE & TECHNOLOGY CONCENTRATES
Page 27 and 28: SCIENCE & TECHNOLOGY 3M SEEKING AN
Page 29 and 30: CHIP CLARK/SMITHSONIAN INSTITUTION
Page 31 and 32: minimize that risk, Smithsonian sci
Page 33 and 34: SCIENCE & TECHNOLOGY GARY MEEK/GEOR
Page 35 and 36: SCHOOL SPENDING ON CHEMICAL R&D Gro
Page 37 and 38: TOP 25 UNIVERSITIES IN 2006 R&D SPE
Page 39 and 40: ACS NEWS OFFICIAL REPORTS FROM THE
Page 41 and 42: and several units of the American I
Page 43 and 44: the Office of Public Affairs. One i
Page 45 and 46: employment outlook OPPORTUNITIES FO
Page 47 and 48: will be adjusted according to the e
Page 49 and 50: CHEMICAL ENGINEERS Downward trend c
Page 51 and 52: noticed that recruiters are fewer t
Page 53 and 54: TARGETED GENETICS CORP. plications
Page 55 and 56: “Responsibility can be the most e
Page 57 and 58: EMPLOYMENT OUTLOOK COURTESY OF PHOE
Page 59 and 60: EMPLOYMENT OUTLOOK BENJAMIN LU INTE
Page 61 and 62: internship placement company, Hydac
Page 63 and 64: NanoTube Your research on video Nan
Page 65 and 66: Green Chemistry. Golden Opportunity
Page 67 and 68: A future worth working for Breaking
Page 69 and 70: INTERNATIONAL CENTER FOR ADVANCED R
Page 71 and 72:
ACADEMIC POSITIONS ACADEMIC POSITIO
Page 73 and 74:
ACADEMIC POSITIONS NATIONAL UNIVERS
Page 75 and 76:
Registration Now Open! New for 2009
show all

Chemical & Engineering News Digital Edition ... - IMM@BUCT

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?