Reader Comment – 04-15-09 – CFATS Reauthorization

Yesterday reader Pan Kamal responded to a blog I wrote last month about Sen. Leiberman’s letter to the Senate Budget Committee. Pan wrote:

“CFATS needs to get reauthorized. The protection afforded by CFATS is well thought out. The remaining piece of technology that will give us a huge leg up in protecting our critical infrastructure and other homeland assets is software and systems to link physical access control with the IT systems that manage and monitor chemical processes and storage of hazardous materials. There are companies starting to offer these technologies today.”

I am sure that there are people that oppose CFATS, but I have not seen any public outcry against the reauthorization. There has been opposition to some of the implementation processes, notably by farm groups and petroleum product suppliers, but that opposition has been about details, not about the program. I am not so sure that I agree with Pan’s argument for linking “physical access control with the IT systems that manage and monitor chemical processes”. Part of the problem with the vulnerability of control systems is their helter-skelter linkage with business IT systems. Any linkage of access control systems with process control systems or business IT systems needs to be carefully thought out and precisely implemented. Having said that, control systems, safety systems and business IT systems all need better access controls. Limiting access to all critical systems is a key security requirement for all manufacturing systems, but it is especially important for potentially hazardous systems. Further linkage of business, security and safety systems may be one way to accomplish this task, but it does raise the specter of the failure of a single system adversely affecting an entire enterprise.