CISA to Congress: US Under Threat of Chemical Attacks

  /     /     /  
Publicated : 23/11/2024   Category : security


CISA to Congress: US Under Threat of Chemical Attacks


Dropping the ball on chemical security has precipitated a national security gap too great to ignore, CISA warns.



CISA warned this week that facilities maintaining dangerous chemicals across the US are no longer receiving adequate security support.
Compared with such industries as energy, water, and telecoms, cybersecurity professionals tend to be less au courant with the chemicals sector, despite the
physical and cybersecurity threats
it faces.
CISA used to plug that gap with its Chemical Facility Anti-Terrorism Standards (CFATS). In
CISAs own words
, CFATS identifies and regulates high-risk facilities to ensure security measures are in place to reduce the risk that certain dangerous chemicals are weaponized by terrorists. But on July 28, Congress allowed the statutory authority of the CFATS program to expire.
Yesterday, in a
blog marking the fourth monthiversary
of that decision, CISA associate director for chemical security Kelly Murray warned that the absence of the CFATS program is a national security gap too great to ignore, likely leading to security gaps, unsafe conditions, and possibly even access by a terrorist.
There are four primary pillars to CFATS, each with an important security function.
Firstly, CISA has screened over 40,000 chemical facilities through the program, identifying 3,200 of them as high-risk. With four months of downtime, the agency estimates that at least 200 new facilities have likely acquired dangerous chemicals, and that facilities could be stockpiling these chemicals in excess of their existing security precautions, increasing the risk of terrorist exploitation.
Equally, through CFATS, CISA worked with facilities to identify risks to them and their surroundings, and develop cyber and physical safety plans to mitigate those risks, improving their security postures by around 60%. As Murray explained, approximately one third of CISAs site visits historically tended to reveal security gaps, thus we can safely estimate that hundreds of security gaps have gone unidentified since July.
Perhaps most importantly, chemical facilities used CFATS to run personnel against a Terrorist Screening Database. CISA used to vet an average of 9,000 names per month, flagging in all more than 10 individuals with terrorist ties. At these rates, Murray estimated, its missed screenings likely would have identified an individual with or seeking access to dangerous chemicals as a known or suspected terrorist at some point over the past four months.
Lastly, CFATS was designed to help the chemical industry stay ahead of the evolving threat landscape, both from a physical and cyber standpoint. Prior to the lapse in authority, this process was going to be further enhanced by a proposed rulemaking effort to enhance the physical and
cybersecurity standards
required of CFATS, Murray explained, though now no longer.
Murray ended the letter with a call to Congress to reinstate CFATS. This is a resolution we cannot afford to break, she concluded.

Last News

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
CISA to Congress: US Under Threat of Chemical Attacks