In Depth

Chemical Industry Security: Bonding Time

Chemical companies may be terrorist targets. The industry is pulling together to tighten physical and electronic security, but it still faces a troubling mixture of vulnerabilities.

By Bob Violino

August 01, 2003 — CSO — Every five seconds, a Web-attached camera snaps a picture of the computer room at Arch Chemicals. Those images go to a central security console for review. Should an intruder appear, Arch security personnel will be alerted instantly. Not that it'll be easy for the intruder to get there in the first place; after all, Arch has new fences, more guards, better lighting, employee ID badges and a raft of other recent security improvements.

This is the aftermath of 9/11, a day when chemical businesses experienced an abrupt shift in their thinking about potential security threats. As Arch CSO Ross Barnes says, "Chemical companies typically haven't looked at this from an adversarial standpoint—what we have on the [manufacturing] sites that could be a target for terrorists," as opposed to perhaps simpler problems such as accidents or, at worst, vandalism. Now the industry's CSOs are pondering things like how to stop someone from blowing up a truck next to a processing plant, or finding an electronic inroad to disable shutoff valves in a hazardous mixing process. And this isn't just CSO paranoia talking. "Chemical facilities may be attractive targets for terrorists intent on causing economic harm and loss of life," said the U.S. General Accounting Office in a March report highlighting the vulnerabilities of the industry.

As Arch Chemicals demonstrates, a new set of threats requires a new set of security measures. These challenges have set off a wave of cooperation and communication throughout the industry. At Arch, Barnes is working more closely than ever with Vice President of Information Technology and CIO Al Schmidt to keep logical and physical security in sync. And collaboration doesn't stop at company borders. The industry is taking a gang-tackling approach, creating joint efforts such as the Chemicals Sector Cyber-Security Information Sharing Forum to determine and disseminate best practices. "We've seen industries where the response is to put up a wall of lawyers and deflect responsibility as long as possible. We're making a very serious attempt" to ensure collaboratively that plants and computer infrastructures are secure, says Schmidt.

That's good because there is a lot of work to do. Chemical companies face a number of significant hurdles in their race toward better security: Small companies in the supply chain lack resources to enact new measures. Information-sharing within the industry and with the government still needs improvement. And while the industry shows progress in those two areas, there's a spanner in the works: process control systems that are increasingly internetworked but resistant to standard infosecurity tools and practices.Baby StepsTwo of the easier hurdles to jump are ensuring that small companies also improve their security, and fostering information-sharing across the industry.

• Email
• Print
• Comments
• Digg This
• SlashDot

• Sector Security Cooperation: All Together Now
• Chemical Sector Security: Uncle Sam Wants More
• Security Standards for Power Companies
• Power Play: Protecting the Power Grid
• SCADA System Security: Out of Control