Chemical facilities are vulnerable to crippling cyberattacks due to outdated government cybersecurity guidance, the Government Accountability Office (GAO) concluded in a report released this week.
The report released Thursday found that the Department of Homeland Security (DHS), which oversees the security of “high-risk” chemical facilities through the Chemical Facilities Anti-Terrorism Standards program, hasn't updated cybersecurity guidance for those facilities in more than a decade.
“A successful cyberattack against chemical facilities’ information and process control systems can disrupt or shut down operations and lead to serious consequences, such as health and safety risks, including substantial loss of life,” the GAO wrote.
ADVERTISEMENT
The agency found that DHS does not collect data to track or assess the cybersecurity knowledge of inspectors in the program who evaluate the facilities, jeopardizing overall security.
The GAO said that the “inspectors that are evaluating a facility’s cybersecurity posture may not have the knowledge, skills, and abilities to fully support the program’s cybersecurity-related mission."
The watchdog agency said DHS should consider revising its cybersecurity guidance for chemical facilities, along with developing a plan to track and assess cybersecurity training for the inspectors.
DHS concurred with all six recommendations laid out in the GAO report.
“Cybersecurity is an integral part of DHS’s national approach to chemical security,” DHS official Jim Crumpacker wrote in response to GAO. “The Department remains committed to ensuring that high-risk chemical facilities are implementing appropriate physical and cyber security measures.”
The security vulnerabilities are complicated by the fact that the Chemical Facilities Anti-Terrorism Standards program is in danger of expiring in July. The House Homeland Security Committee approved a bill to renew it last year, but the legislation h ..
Support the originator by clicking the read the rest link below.
