The chemical industry must work together to help identify current threats and mitigation strategies to protect against a security breach of industrial control systems (ICS). This requires increasing awareness, education, and communication between the engineering, security, information technology, process safety, and manufacturing operations communities.
The Roadmap provides milestones to focus specific efforts and activities, including developing and communicating an “industry view” of what is required for more secure systems. The ultimate responsibility for securing a specific ICS environment lies with the owner/operator. There are specific actions that can be taken in support of the roadmap direction, including:
- Ensure one person takes ownership of ICS security and is accountable.
- Open the lines of communication between engineering, security, IT, process safety communities, and manufacturing operations communities within your own company.
- Conduct an audit of current ICS security measures and implement obvious fixes.
- Follow-up with an ICS security vulnerability analysis (risk assessment) for a complete identification of vulnerabilities and recommendations for corrective action.
- Utilize the free Cyber Security Evaluation Tool (CSET) developed by DHS that can be downloaded at http://www.us-cert.gov/control_systems/satool.html. The CSET provides users with a systematic and repeatable approach for assessing the cybersecurity posture of their industrial control system networks. This tool also includes both high-level and detailed questions applicable to all industrial control systems (ICS).
- Implement an ICS security management program that is integrated with existing company management systems for security, safety, quality, etc.
- Email firstname.lastname@example.org to obtain additional information including the Roadmap Awareness Campaign DVD.
Look through the information provided, bring it to your company management, ask key questions about how your company is addressing ICS security, and become an advocate in your company on this important issue!