Home » Physical Security » Critical Infrastructure

Chemical Industry Security: Bonding Time

Chemical companies may be terrorist targets. The industry is pulling together to tighten physical and electronic security, but it still faces a troubling mixture of vulnerabilities.

Greg Holton is leader of the security vulnerability analysis team at Crisis Management Worldwide, a security consultancy that works with chemical companies. Holton says many small companies believe they're unlikely targets for attacks, and therefore aren't as prepared as their big brothers. But given recent media attention to threats against "soft targets," they too need to take steps to guard against security breaches. In tightly interconnected industries, a breach in a small company can have a snowball effect. "The chemical industry is highly integrated, and to a large extent, companies are customers and suppliers to each other," notes Theresa Grant, director of information security at Dow Chemical. "Our security is only as strong as the weakest link. We can have strong security internally and not address the concern of partners in the supply chain, so we'd still be vulnerable."

The economy compounds this problem, of course. Budgets are battened down. "In tough economic times, it's hard getting the people and resources to participate in projects," says Grant. And the little guys have the fewest resources to begin with.

Nevertheless, collaborative projects are chipping away at both this problem and the need for greater information-sharing. One such project is the Chemical Sector Information Sharing and Analysis Center (ISAC), formed in April 2002 with the FBI's National Infrastructure Protection Center (NIPC). The ISAC, similar to efforts in other industries, enables security-related information to move effectively between the NIPC and chemical companies. It will be operated by the Chemical Transportation Emergency Center, the emergency response communications center for a group called the American Chemistry Council (ACC). "We've embraced ISAC as a key capability for sharing information about security," says Christine Adams, Dow's performance chemicals business IS manager.Adams is also the program manager of the Cyber-Security Program, another team effort within the Chemicals Sector Cyber-Security Information Sharing Forum, also formed in April 2002. Adams says the program is developing a road map to help companies identify information for law enforcement agencies. She expects it to be available by the third quarter of this year. A key forum goal is getting the word out about security guidelines to all chemical companies, says Adams. "The success of our program hinges directly on the rate of adoption of the work that comes out of the program." She says the forum will also work with security technology vendors to identify ways the vendors can better serve the chemical industry through new products or upgrades.