Security Experts:

Connect with us

Hi, what are you looking for?



White House Adds Chemical Sector to ICS Cybersecurity Initiative

The White House announced on Wednesday that the Industrial Control Systems (ICS) Cybersecurity Initiative has been expanded to include the chemical sector.

The White House announced on Wednesday that the Industrial Control Systems (ICS) Cybersecurity Initiative has been expanded to include the chemical sector.

The ICS Cybersecurity Initiative was first announced in July 2021 — after the disruptive attack on Colonial Pipeline — and its goal is to improve critical infrastructure security by encouraging and facilitating the deployment of threat detection technologies and systems.

Chemical is the fourth sector added to the initiative, after electric, pipeline and water. Chemical organizations can analyze the best practices and lessons learned from these other sectors and create a cybersecurity action plan for the next 100 days.

The plan needs to focus on high-risk chemical facilities, and it needs to drive information sharing between the government and the chemical sector.

The government says it will not endorse or recommend any specific provider or technology. Instead, owners and operators are encouraged to deploy solutions based on their own risk assessment and cybersecurity posture.

The plan also needs to focus on the continuity of chemical production critical to national and economic security — the Biden-Harris administration highlights that the chemical sector produces disinfectants, personal care products, fertilizers, and energy sources.

It’s worth noting that sophisticated threat actors targeting chemical companies is not unheard of.

Several industry professionals have commented on the White House’s initiative…

Jerry Caponera, general manager, cyber risk, ThreatConnect:

“There are a couple of things that worry me concerning the chemical sector. The first is that the chemical sector produces items that we may not necessarily think about but can’t survive without in modern society. Imagine a world without plastics to store our food or chemicals to make electronics.


The second is the real risk. We saw three ransomware attacks in 2019, including 2 in the US (a bigger one was Norsk Hydro). They mitigated the impact because the hit was on IT, not OT systems. But it could have been worse.


Third, there’s a massive risk with the materials in question. Chemicals produce much of what we need, but a chemical material in raw form can be dangerous. A cyber attack on a chemical system where the IT and OT systems are linked could cause a consequential loss of life.


I’m glad the chemical industry is high on the list of sectors to watch. The ransomware attack on the Colonial pipeline caused a minor blip in the supply of gas. Suppose a significant ransomware attack on chemical plants would destroy plastic packaging. That would be devastating.”

Learn more about industrial cybersecurity at SecurityWeek’s ICS Cyber Security Conference

Padraic O’Reilly, co-founder and chief product officer, CyberSaint Security:

“The biggest issue is that almost all infrastructure is privately held. Analogous to the pipeline: large cyber-to-physical systems with extensive OT. Complex segregation issues and legacy protocols and infrastructure. Malicious attacks and control of SCADA systems and PLCs are real vulnerabilities. Internet-connected devices and cloud migration are an issue, too. On the upside, the chemical sector has been under CFATS through DHS for over a decade. That will oil the gears. Likely that sophisticated monitoring and detection lag behind the most mature industries. Likely, too, that cyber risk management needs to be done at the executive level to ensure proper resourcing.”

Chris Gray, AVP of cybersecurity, Deepwatch:

“The Chemical Sector is a significant component of both the critical infrastructure and manufacturing industries. As part of the interoperability of critical infrastructure chains, the Chemical Sector heavily influences and enables areas such as agriculture, water, nuclear, defense, and transportation. Damages to chemical manufacturing, storage, transportation, and use are not self contained; they have significant effects upon a much broader ecosystem, including economic markets.


The big security concerns in this sector include safety, including physical and potential for downstream environmental damages. The interoperability and reliance that exist between the Chemical Sector and other industries is another major consideration. If the production and delivery of chemicals is stopped or impeded, massive effects will be felt by manufacturing, healthcare, fuel, and many other areas. A third concern is system and platform vulnerability. The last major security framework requirements that have governance over this area predate 2010. This sector is likely underserved, highly remote and unattended, old technologies, and outdated security standards and expectations.”

Related: Chemicals Company Element Solutions Discloses Cybersecurity Incident

Related: Major U.S. Chemical Firms Hit by Cyberattack

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Twenty-one cybersecurity-related M&A deals were announced in December 2022.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...


The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...