Two reports address different aspects of information security in the US energy and chemicals sector. The first, prepared by the Department of Energy’s Sandia National Laboratories at the request of the Office of Fossil Energy analyzes e-commerce standards for the energy sector. The second, authored by the American Chemistry Council (ACC), addresses ‘cyber security’ in the chemical industry.
PKI
The Sandia report, ‘Wholesale Electric Quadrant Draft Technical Standards for Public Key Infrastructure’ analyzes draft public key infrastructure (PKI) standards developed by the North American Energy Standards Board (NAESB) that support secure electronic bidding and purchase of fossil fuels. The report found some vulnerability within transactions and offered mitigation strategies which ‘will result in higher standards for the future.’
Chemicals
The Chemical Sector Cyber Security Strategy report is strong on entreaties and rather light on solutions. The chemical industry, like oil and gas, relies on technology solutions from the information and telecommunications sector and is highly dependent on service providers. These and other interdependencies demonstrate the importance of ‘proactive risk management and reduction strategies’ to ‘protect chemical industry companies, communities and the nation as a whole.’
Cascade
According to the report, the physical structure of the chemical industry ‘reduces the likelihood and scope of a cascading failure effect.’ Processes and equipment are contained within the physical boundaries of a facility and security checks determine the validity of incoming information before it is used in a control action.
Combined attack
The report acknowledges however that ‘cyber attacks could result in business interruption, lost capital, risks to plant employees and communities.’ Moreover ‘the potential of a combined physical and cyber attack and the criminal use of illegally obtained information represent threat scenarios that could impact industries such as the chemical sector.’ Further information and guidance documents are available at www.chemicalcybersecurity.com .
© Oil IT Journal - all rights reserved.