(14f) Process Control Cyber Security Requirements of the Acc Responsible Care Security Code

This presentation will discuss cyber security initiatives underway in the chemical sector, timeline requirements, and offer guidance for addressing cyber security of process control systems.

In response to 9/11, the American chemical industry stepped forward to address security risk with a multi-prong program. The Chemical Sector Cyber Security Program (CSCSP) was stood up to develop the Chemical Sector Cyber Security Strategy for inclusion in the US Government's National Strategy to Secure Cyberspace. The CSCSP brought forth a cross functional team of experts to address cyber risks associated with computer systems used pervasively throughout manufacturing and business functions. The CSCSP partnered with an initiative begun by the American Chemistry Council to expand the scope of the Responsible Care Program to address security risks associated with the chemical industry.

Incorporating the guidance published by CSCSP, the ACC published the Responsible Care Security Code (RCSC) to address both physical and cyber security of chemical facilities. This security code is widely recognized as the most stringent security program in American manufacturing. Under the Responsible Care Security Code ? which addresses site, cyber, and transportation security ? facilities are required to conduct comprehensive security vulnerability assessments, implement security enhancements and obtain independent verification of those enhancements. Implementing the Security Code is mandatory for members of the American Chemistry Council.

The Responsible Care Security Code (RCSC) is built around a management system approach to addressing cyber security. It is not a prescriptive checklist of security measures to be implemented. The guiding principle is that security measures should be commensurate with the cyber risk to the manufacturing process.

This presentation will focus on the process control security aspects of the RCSC published by the American Chemistry Council. The speaker will discuss the implementation timing requirements, explain the 19 key elements of the cyber security management system, and offer guidance for developing a process control security program within your company.