Process Control Cyber Security Requirements of the ACCResponsible Care ? Security Code

摘要

This presentation will discuss cyber security initiatives underway in the chemicalrnsector, timeline requirements, and offer guidance for addressing cyber security of processrncontrol systems.In response to 9/11, the American chemical industry stepped forward to address security riskrnwith a multi-prong program. In 2002, a taskforce comprised of 16 high-level subject matterrnexperts was chartered to create the first Chemical Sector Cyber Security Strategy. T Thernstrategy was reviewed, endorsed and delivered to the industry in June 2002. It wasrnsubsequently appended to the U.S. government's National Strategy to Secure Cyberspace inrnFebruary 2003. The Cyber Security Strategy provides the framework for the Chemical SectorrnCyber Security Program, a sector-wide program that leverages technology, processes andrnpeople to help protect communities, facilitate safe operations, prevent unauthorized access tornproprietary information and enable business continuity throughout the global industry. ThernCyber Security Program brought forth a cross functional team of experts to address cyber risksrnassociated with computer systems used pervasively throughout manufacturing and businessrnfunctions. The Cyber Security Program partnered with an initiative begun by the AmericanrnChemistry Council to expand the scope of the Responsible Care Program to address securityrnrisks associated with the chemical industry.rnIncorporating the guidance published by the Cyber Security Program, the ACC published thernResponsible Care Security Code (RCSC) to address both physical and cyber security ofrnchemical facilities. This security code is widely recognized as the most stringent securityrnprogram in American manufacturing. Under the Responsible Care? Security Code – whichrnaddresses site, cyber, and transportation security – facilities are required to conductrncomprehensive security vulnerability assessments, implement security enhancements andrnobtain independent verification of those enhancements. Implementing the Security Code isrnmandatory for members of the American Chemistry Council.rnThe Responsible Care? Security Code (RCSC) is built around a management system approachrnto addressing cyber security. It is not a prescriptive checklist of security measures to bernimplemented. The guiding principle is that security measures should be commensurate with therncyber risk to the manufacturing process.rnThis presentation will focus on the process control security aspects of the RCSC published byrnthe American Chemistry Council. The speaker will discuss the implementation timingrnrequirements, explain the 19 key elements of the cyber security management system, and offerrnguidance for developing a process control security program within your company.