Department of Homeland Security (DHS), National Protection and Programs Directorate (NPPD), Office of Infrastructure Protection (IP)
Pursuant to Homeland Security Presidential Directive (HSPD) - 7, DHS is responsible for managing, coordinating and promoting activities to enhance security and resilience across the chemical sector. Within DHS, this overarching responsibility is delegated to the National Protection and Programs Directorate’s (NPPD) Office of Infrastructure Protection (IP) and specifically the Sector-Specific Agency (SSA) Executive Management Office (EMO) Chemical Security Branch. Serving as the SSA for the chemical sector, the Chemical Security Branch oversees voluntary security efforts and the implementation of the Chemical Sector-Specific Plan, and helps the sector coordinate with federal agencies implementing chemical security regulations.
The Chemical Security Branch works closely with public and private partners to develop voluntary, all-hazards protective programs and resilience strategies, improve information sharing forums, and develop training and security awareness initiatives based on current threats and sector requirements. Resources and tools include industry best practices that cover physical security, cybersecurity and insider threats. In addition to the development of materials, the Chemical Security Branch facilitates sector participation in incident management exercises such as the Cyber Storm Exercise series. For more information on voluntary programs in the chemical sector, please visit www.dhs.gov/chem-voluntary-resources.
The DHS Office of Infrastructure Protection (IP) also oversees the regulatory Chemical Facility Anti-Terrorism Standards (CFATS) for the sector’s highest risk facilities. The requirements under CFATS are spelled out in 18 risk-based performance standards covering all aspects of security measures. CFATS regulated facilities are required to address cybersecurity under RBPS #8, which requires facilities to: “Deter cyber sabotage, including preventing unauthorized onsite or remote access to critical process controls, such as supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), process control systems (PCS), industrial control systems (ICS); critical business systems, and other sensitive computerized systems.” For more information on CFATS, please visit www.dhs.gov/chemicalsecurity.
Department of Homeland Security, National Protection and Programs Directorate, National Cybersecurity Division (NCSD)
DHS is responsible for safeguarding our nation’s critical infrastructure from physical and cyber threats that can affect our national security, public safety and economic prosperity. NCSD is the lead DHS entity for securing cyberspace and our nation’s cyber infrastructure.
Critical infrastructure and key resources (CIKR) support the essential functions and services that underpin American society. Some CIKR elements are so vital that their mere interruption could have a debilitating impact on national security, our economic well-being, and the essential services we depend upon to maintain our basic standard of living. For example, water treatment is vital to maintaining a healthy supply of drinking water and preventing disease.
Although each of the CIKR industries is vastly different, they all have one thing in common - dependence on ICS to monitor, control, and safeguard their processes. Over the past decade, ICS have been transitioning from proprietary closed systems to more commercial off-the-shelf technologies, many connected to open networks via the Internet. This transition exposes control systems to potential cyber risks and threats. A successful cyber-attack on a control system could potentially disrupt public services such as public transportation and water utilities. Consequently, DHS recognizes that protecting and securing control systems is essential to the nation’s overarching security and economic stability.
Control Systems Security Program
To lead this effort, NCSD established the Control Systems Security Program (CSSP). The goal of the CSSP is to reduce the cyber threat to industrial control systems by coordinating the efforts of stakeholders in government and private industry. The CSSP provides guidance and reduces risk to CIKR control systems by:
- Leading the implementation of the DHS Strategy to Secure Control Systems as part of its mission to coordinate and lead efforts to improve control systems security in the nation’s critical infrastructures;
- Operating the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) in coordination with the United States Computer Emergency Readiness Team (US-CERT) for control systems related incidents and cybersecurity situational awareness activities;
- Maintaining a technical analysis center to conduct assessments of commercially available control systems and components;
- Creating informational products and tools to assist vendors and owners/operators in designing, procuring, installing, and operating controls systems to mitigate risks;
- Providing strategic recommendations to the research and development community for development and testing of next-generation secure control systems;
- Assisting national and international standards organizations develop control systems cybersecurity standards;
- Managing and operating the Industrial Control Systems Joint Working Group (ICSJWG) to provide a formal mechanism to protect information and foster the coordination of activities and programs across government and private sector stakeholders; and
- Performing outreach activities and improving awareness in the control system community through training and education.
The CSSP, in alignment with the DHS National Infrastructure Protection Plan (NIPP) partnership framework, works closely with, and coordinates efforts among, government entities, national laboratories, private industry, as well as technical professionals across the control systems community. This coordination “landscape” is comprised of the many functions, stakeholders, and processes that further the implementation of technology and methods to improve control systems security. Some of the coordination groups include:
- The Industrial Control Systems Joint Working Group (ICSJWG), which manages six subgroups to address specific issues related to international matters, research and development, workforce development, information sharing, vendor concerns, and the creation of a cross sector roadmap to secure ICS;
- The Cross-Sector Cyber Security Working Group, which works with federal partners and private industry to coordinate cybersecurity efforts across the 18 critical infrastructure sectors;
- The Industrial Control Systems Cyber Emergency Response Team, which provides cyber incident response services and analysis capabilities, addresses the security, threat, and awareness issues unique to control systems, and provides a means to share information across all CIKR.