CISA Eyes Cybersecurity Posture Improvements for Chemical Sector

The Cybersecurity and Infrastructure Security Agency wants to enhance the chemical sector’s cybersecurity posture as part of the White House’s national security efforts.

Speaking at a chemical security conference, CISA Director and 2022 Wash100 winner Jen Easterly said the agency will start a 100-day sprint to learn more about the chemical sector’s cybersecurity posture. Information gathered will then be used to determine how critical infrastructure operators could improve protection measures.

CISA’s approach will be similar to the one used on electric utilities, gas pipelines and water treatment facilities when they underwent a cybersecurity posture review, Nextgov reported.

Kelly Murray, associate director for chemical security at CISA, said during the same conference that industry partners are already working closely with the agency. She shared that the agency has also conducted as many voluntary compliance assistance visits to chemical infrastructure operators as it does mandatory inspections.

Tina Won Sherman from the Government Accountability Office said in a separate interview with Nextgov that the chemical sector’s way of implementing performance- and outcome-based approach to regulation has been successful. Sherman considers the industry’s way forward as an alternative to using prescriptions to improve cybersecurity posture.

Meanwhile, industry stakeholders have started pushing back on the government’s performance-based approach to improving security and are calling for a more flexible approach that aligns with the National Institute of Standards and Security‘s cybersecurity standards framework.

The Biden administration put a strong emphasis on cybersecurity in 2021. The White House issued a national security memorandum in the summer of 2021 that requires CISA and NIST to set cybersecurity goals for critical infrastructure operators.

The memo was issued in response to the Colonial Pipeline cyberattack.