Box 33 Cybersecurity Getting It And Process Control On The Same Page

As they work to improve their physical plant security and to harmonize product stewardship programs to reflect ACC's Responsible Care code, the trade groups representing chemical plants are also addressing cybersecurity. Coordinating these efforts is the chemical sector cybersecurity program (CSCP), which works with 10 trade groups representing more than 2000 chemical companies.

A key effort for the group, which is working closely with the chemical industry data exchange (CIDX) on this project, is getting process control and IT to work more closely together to solve IT security problems. It has not been easy, since, at most chemical companies, process control and IT are separate worlds. "In many companies, process control groups don't all report through a single coordinated executive. There's a lot of autonomy within plant sites," says CSCP's manager Christine Adams.

"Each group has different vendor sets and different requirements at the plant level and you need to integrate them," says Jeff Frayser, director of cybersecurity at CIDX. "You don't want an operator locked out at 3 a.m. during a crisis because his IT password has expired."

A process control team within the program and CIDX has been working with ISA to develop guidance and practices to supplement SP-99, a cybersecurity document published in 2003. CIDX is already working to integrate physical and cybersecurity assessments that companies can deploy to complete their assessments on site. The new project will add guidance for process control, which, Frayser says, had been somewhat overlooked in the past.

CSCP tackled a number of projects in 2004, including:

• Supporting guidance documents based on ISO 17799, which were first released in 2003.

• Working with Sandia National Labs, Albuquerque, NM and AIChE's Center for Chemical Process Safety (CCPS) to develop a combined methodology for physical and cybersecurity methodology.

• Studying ways to develop Information Sharing and Analysis Center capabilities, through the ACC's Chemtrec program, to enhance the repository of validated information on cybersecurity threats.

0 0

Post a comment