Securing our nation’s chemical sector infrastructure is crucial to our economic prosperity, national security, and public health and safety. Every day, thousands of chemical facilities across the country—from small companies to national laboratories—use, manufacture, store, and transport hazardous chemicals in a complex, global chain that affects other critical infrastructure sectors.
Enhancing security and resilience across the chemical industry to reduce the risk of hazardous chemicals being weaponized requires a collaborative effort. To this end, the Cybersecurity and Infrastructure Security Agency (CISA) has developed voluntary and regulatory programs and resources to help stakeholders—private industry, public sector, and law enforcement—secure chemical facilities from many threats: cyberattacks, biohazards, insider threats, and theft and diversion for use in chemical or explosive weapons.
ALERT: Due to the critical nature of the ongoing Microsoft Exchange vulnerabilities, CISA is recommending that all facilities that use Microsoft Exchange Server on-premises products review Alert AA21-062A: Mitigate Microsoft Exchange Server Vulnerabilities, check for signs of compromise, and apply the necessary Microsoft Exchange Server updates to affected systems to protect against these exploits and avoid being compromised. While CFATS high-risk facilities are not being required to implement heightened security measures under Risk-Based Performance Standard (RBPS) 14 of their security plans or under other CFATS authorities at this time, CISA may activate these requirements in the future.
ANNOUNCEMENT: CISA released Secure Your Chemicals: Before, During, and After a Pandemic—a resource developed in collaboration with the Federal Bureau of Investigation’s Weapons of Mass Destruction Directorate (FBI WMDD) and the Defense Threat Reduction Agency (DTRA) to ensure chemical facilities that manufacture, store, use, or transport hazardous chemicals are prepared for and remain diligent to secure hazardous chemicals during a pandemic event.