CHEMICAL PLANTS AT RISK
Chemical facilities are vulnerable to crippling cyberattacks due to outdated government cybersecurity guidance, the Government Accountability Office (GAO) concluded in a report released this week.
The report released Thursday found that the Department of Homeland Security (DHS), which oversees the security of “high-risk” chemical facilities through the Chemical Facilities Anti-Terrorism Standards program, hasn’t updated cybersecurity guidance for those facilities in more than a decade.
“A successful cyberattack against chemical facilities’ information and process control systems can disrupt or shut down operations and lead to serious consequences, such as health and safety risks, including substantial loss of life,” GAO wrote.
The agency found that DHS does not collect data to track or assess the cybersecurity knowledge of inspectors in the program who evaluate the facilities, jeopardizing overall security.
The GAO said that the “inspectors that are evaluating a facility’s cybersecurity posture may not have the knowledge, skills, and abilities to fully support the program’s cybersecurity-related mission.”
The watchdog agency said DHS should consider revising its cybersecurity guidance for chemical facilities, along with developing a plan to track and assess cybersecurity training for the inspectors.
DHS concurred with all six recommendations laid out in the GAO report.