media center

Securing Our Nation's Chemical Facilities: The Crucial Role of CFATS

The chemical industry is a vital part of the American economy. Chemicals are used in everything from the medicines that maintain our health to the treatment of our drinking water to the fuel for our vehicles, and even the microchips that run our smartphones. Since chemical distributors import, handle, distribute, and store these critical products, the U.S. Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) has labeled our industry a critical infrastructure sector. The significant role of our industry comes with unique vulnerabilities that requires collaboration with government agencies, like CISA, to stay ahead of these ever-evolving cyber threats.

Unfortunately, these threats aren’t just notional. Over the past two years, NACD members have experienced an uptick in incidents involving nefarious actors attempting to impersonate legitimate companies to acquire regulated substances. That’s in addition to ongoing cybercriminal attempts to steal proprietary and sensitive information.

As Kelly Murray, Chemical Security Associate Director at CISA, told us on a recent Chemline podcast, “The threat of chemical terrorism is as real and as relevant as it has ever been. According to a 2022 annual threat assessment of the U.S. intelligence community issued by the Office of the Director of National Intelligence, terrorists remain interested in using chemical and biological agents in attacks against American interests, and possibly the U.S. homeland.” She went on to say, “I think it’s important for us to remember that chemicals are vital to our economy, and it’s important to take the right steps to protect those chemicals and understand those risks in order to protect them and keep our economy strong.”

The Chemical Facility Anti-Terrorism Standards (CFATS) program is a critical tool to protecting our nation’s high-risk chemical facilities from cybercrime. As the first U.S. regulatory program to focus explicitly on physical and cyber security at these sites, the CFATS program is one of the most successful chemical security programs available to the industry has at its disposal. NACD and other impacted organizations are diligently working to ensure Congress reauthorizes CFATS before its expiration on July 27 to keep this program in place.

Another tool NACD members use to keep up with cybersecurity tactics and best practices is   NACD’s Responsible Distribution program.

“The Responsible Distribution program provides a framework for companies to recognize security threats, implement security practices, protect physical and cyber assets, and respond to threats and incidents accordingly,” says Caroline Brooks, NACD’s Director of Responsible Distribution. “Companies must recognize the importance of protecting their information and business systems from cybersecurity threats and implement sound security management systems. The implementations of these management systems are then routinely verified by third parties during the verification process.”

Unfortunately, NACD continues to receive reports from members about attempted fraud. As an industry, we are working closely with the Federal Bureau of Investigation (FBI) and DHS’s CISA to address this ongoing problem, but it is important for companies to remain vigilant. The fraudsters continually adopt new tactics, the most recent being posing as legitimate companies and presenting detailed and disturbing fake documents, including “purchase orders” with NACD members’ logos, financial records similar to companies’ actual documents, registration and license certificates, and even Responsible Distribution Verification Certificates of Completion.

NACD informs members of the latest fraud tactics through alerts and by sharing bulletins prepared by the U.S. Federal Bureau of Investigation (FBI). Understanding the core cyber threats and the tactics these criminals use will better serve your business and better protect our industry in the years to come. You can also visit NACD’s Security Issue Page or CFATS resource page to learn more about cybersecurity best practices you can carry out all year long.

If your company experiences actual or attempted fraud, please report these cases to the FBI’s Internet Crime Complaint Center at www.ic3.gov, and let NACD’s Jennifer Gibson know.

You must be logged in to post a comment.

Click here to log in