Earlier this week a little bird told me (okay it was a tweet from CFATS, an American Chemistry Council spokesperson) about a letter that the ACC had sent to the leaders of the Senate Committee on Commerce, Science and Transportation for that committee’s hearing this week on cyber security issues. I didn’t pay much attention to this hearing since none of the witnesses were very much concerned with SCADA or ICS security issues. While I wish that the ACC had been asked to provide a live witness for the hearing, I’m glad that they were proactive enough to send this letter. I fully understand that the issue of cyber security is a very broad topic that covers a number of grievous sins. The problems of denial of service attacks, identity theft, phishing, and even cyber espionage all attract a great deal of public attention because most people can understand the consequences of those problems. The potential consequences of an attack on cyber control systems or other cyber control systems incidents is more difficult for most people (including congresscriters) to understand. But, that does not diminish the seriousness of the problem. ACC and DHS have both been active in their work on cyber control system security issues, but these two organizations only directly touch a relatively small hand full of chemical facilities that have both hazardous chemicals and cyber control systems. ACC’s direct effect is limited to their membership and DHS has only limited enforcement authority at the CFATS covered facilities. While the DHS CERT does provide cyber security training to non-CFATS facilities, they have no regulatory authority.
ACC is to be commended on their efforts to keep this issue before our legislators. I’m sure that other organizations are doing the same (and I would be more than happy to give direct kudos if they would share information on their efforts when I don’t see it), but all of us in the chemical security community need to be proactive in our communications with our personal representatives in Congress about the need to fund programs addressing this critical issue.