Last week the Cybersecurity and Infrastructure Security Agency (CISA) announced that they had released Sector-Specific Goals (SSGs) for the Chemical Sector. The brief document provides a broad description of three voluntary cybersecurity related goals for the chemical sector. A link to a restricted page dealing with Cross-sector Cybersecurity Performance Goals is provided.
The three SSGs for the Chemical Sector are:
Chem.1
- System Lifecycle Management,
Chem.2
- Disable unnecessary systems, applications, and services, and
Chem.3 - Mobile Device Management
Commentary
What is missing from this ‘new’ cybersecurity management
tool is an explanation of why these three goals are tailored specifically to
the chemical sector. For example, there is no mention in any of these three goals
about the relationship between cybersecurity and process safety, a key concern
for the chemical sector. Any cybersecurity program for this sector that does
not address that linkage is going to fail to prioritize cybersecurity processes
tied to potentially catastrophic outcomes from successful attacks.
For a more detailed look at the three goals and the supporting
information provided by CISA, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/cisa-provides-chemical-sector-specific
- subscription required.
Posts
No comments:
Post a Comment