Throughout the duration of the Biden administration, federal agencies have maintained a sustained focus on the cybersecurity of critical infrastructure.
Led by the White House, federal agencies have released updated cybersecurity guidelines and requirements, with previous announcements of public-private initiatives to advance the resilience of the electric, pipeline, and water sectors to threats in the cyber realm.
The chemical sector is the latest focus, with the administration advancing its “Chemical Action Plan” in an October statement. Bulk liquid terminals are a vital link in supply chains of many key commodities essential to the U.S. economy. Notably, bulk liquid terminals provide storage and logistic support for a wide variety of chemicals that are used as inputs for many industries and for applications in many end uses.
According to a statement issued by the White House, The Chemical Action Plan will:
- Focus on high-risk chemical facilities that present significant chemical release hazards with the ultimate goal of supporting enhanced ICS cybersecurity across the entire chemical sector
- Drive information sharing and analytical coordination between the Federal Government and the chemical sector
- Foster collaboration with the sector owners and operators to facilitate and encourage the deployment of appropriate technologies based on each chemical facility’s own risk assessment and cybersecurity posture
- Support the continuity of chemical production critical to the national and economic security of the United States
The administration’s previous focus on the pipeline sector has led to new directives from the Transportation Security Administration (TSA) regarding cyber readiness for companies operating pipelines. This latest announcement regarding the chemical sector may be a sign that more regulatory action will follow.
In May and July 2022, the Transportation Security Administration (TSA) issued two Security Directives for Pipelines, generally referred to as SD02B and SD02C. The stated goal of these directives is to improve cybersecurity awareness, reporting, and preparedness. SD02C requires the implementation of specific cybersecurity recommendations including submission of a TSA-approved Cybersecurity Implementation Plan (CIP). SD02C contains a strict schedule for compliance – 90 days to file the CIP for TSA approval. The CIPs were due on October 25.
ILTA member companies understand the importance of their role in ensuring the safety, resilience, and efficiency of chemical supply chains. Terminal operators also understand that cybersecurity is essential in our modern economy. The nature of the threat landscape is changing continuously. For example, increased automation, and the growing relevance of the industrial internet of things is changing operations at terminal facilities. Increased levels of machine-to-machine communication have motivated terminal company executives to reassess and update their business risk assessments and response plans.
The ILTA Security Committee is one forum where terminal industry professionals come together to discuss common challenges and exchange best practices. ILTA and its member companies are also actively involved in peer exchange groups such as the Oil and Natural Gas Subsector Coordinating Council (ONG SCC) managed by the U.S. Department of Energy. These opportunities for learning and information exchange are crucial to industry’s effort to endlessly evolve defenses to cyber threats that are increasing both in number and in sophistication.
Terminal companies must have the flexibility and autonomy to innovate and respond with individualize approaches that best serve their facilities and employees. Overly prescriptive regulations will only hamper efforts by cybersecurity professionals to respond to a constantly evolving threat landscape. Restrictive policies could have adverse impacts not only for terminal companies, but for the industries and consumers that depend upon the products they handle and store.
For more information, visit ilta.org.
