Washington –A broad cross-section of chemical trade associations and individual companies Monday endorsed an industry cyber-security strategy.
The group, called the Chemicals Sector Cyber-Security Information Sharing Forum, developed a strategy focusing on cyber-security risk management and reduction. Their collective goal is to provide secure information and process control systems that will enable businesses to collaborate.
The forum consists of senior-level company officials and representatives of trade associations. David E. Kepler, Dow Chemical Co. corporate vice president and chief information officer, heads the forum.
The effort builds on other cyber-security projects already underway in the chemicals industry and responds to the President's Critical Infrastructure Protection Board's desire to engage both the public and private sectors in developing security strategies.
"As a critical infrastructure industry, the chemical sector's efforts to develop a cyber-security strategy demonstrate its commitment to safety and security in the information age," said Richard Clarke, Critical Infrastructure Protection Board chair.
According to a forum statement, cyber-security is an integral part of overall security and a natural extension of the industry's practices for securing information and other systems, as well as environmental health and safety. The forum aims to define an action plan to develop the cyber-security standards, products and practices necessary to shield proprietary information and facilitate safe operations.
It chartered a task team comprised of 16 high-level subject matter experts from the chemicals industry to develop the strategy. Team members represent information security, process control security, physical security, supply chain/logistics, information technology strategy development, industry collaborations, standards development, legal and telecommunications.
The joint effort builds on established programs, including an emergency communications network and global industry associations and standards bodies, to define a cyber-security program that uses collective knowledge, shared technology and practices development to establish industry-wide practices and voluntary standards.
The forum's program includes fostering involvement and commitment across the sector; establishing a cyber-security public affairs program; establishing voluntary sector practices and standards; establishing an information sharing network; and encouraging acceleration of improved security technology and solutions development. In addition, a proposed Cyber-Security Information Sharing Network will distribute advance warnings of cyber-security threats, vulnerabilities and incidents.
Officials said the program also will foster collaborating with information technology product and service providers, government and academia to accelerate developing and implementing improved technologies and methodologies to cost-effectively address defined vulnerabilities.