Last week I mentioned that the House Homeland Security Committee was holding a hearing on the Cyber Initiative (see: “DHS Appearances Before Congress”)and that it might have some bearing on chemical facility security matters. OOPS, I was wrong. Even though it was billed as addressing issues of computer security in Critical Infrastructure it focused almost entirely on computer security issues in DHS.
In ten items (letters, statements and testimony) shown on the Committee Web Site there is only one paragraph that really mentions the implementation of cyber security actions in the Critical Infrastructure Sector Specific Plans. According to the Letter from Rep Langevin, Chairman of the Emerging Threats, Cybersecurity, and Science and Technology Subcommittee, a GAO report on the 17 separate Sector Specific Plans (including the Chemical Sector) “found that none of the plans fully addressed all 30 cybersecurity criteria.”
These sector plans are all voluntary initiatives and the Chemical Sector Plan has nothing to do with the CFATS rule. I would be willing to bet that few chemical facilities have any idea what the Chemical Sector Plan says. Well, that’s an issue for another day. Today there is no news to report on this hearing.