IChemE publishes cybersecurity fact files and urges chemical engineers to manage hacking risks against industry

ICHEME has launched a series of fact files to raise awareness of the importance of cybersecurity in the process industries and explain how chemical engineers can help to reduce this widespread and increasing risk.

IChemE says that digital security should be an omnipresent element of a chemical engineer’s job given that the process industries have complex safety and environmentally-critical systems that must be protected to prevent major incidents.

The new series of fact files provide practical explanations of how chemical engineers can help to manage cybersecurity risks. The topics covered include: cloud computing and cloud collaboration; remote access to IT and operating technology (OT) systems; cybersecurity incident response planning; data protection strategies and ‘defence in depth’; maintaining operational cybersecurity; cybersecurity education; and cybersecurity standards.

Digital technologies are transforming chemical engineering, allowing chemical and process engineers to improve operational efficiency, reduce environmental impact and allow colleagues to collaborate across the globe in ways that have never been possible. However, these new opportunities bring new risks with cyber-attacks posing a significant threat to the process industries. Severe negative impacts include major safety and environmental incidents, reputational damage, loss of business data and financial cost.

Recent high-profile attacks on industry include the hacking last year of multiple European oil terminals that disrupted operations, and the attack in 2021 on the US Colonial Pipeline Company that forced it to shut down operations for five days, disrupting fuel supplies across the east coast of the US.

IChemE says chemical engineers have process engineering expertise and understanding of how a cybersecurity incident could impact a process plant and are therefore ideally placed to support IT departments in strengthening processes and planning responses to improve their organisations’ resilience and minimise the risk of a cybersecurity incident.

Helen Kilbride, chair of IChemE’s Digitalisation Technical Advisory Group (DigiTAG), said: “I call on chemical engineers to be proactive, to undertake cybersecurity training and include cybersecurity when developing processes to manage risks. I would also encourage them to implement processes which deliver the most effective response should the worst happen. Companies are taking cybersecurity seriously, and so should our profession.”

It is hard to gauge the scale of successful attacks against industry as companies that have been hacked are hesitant to reveal they have been compromised for fear of reputational damage and flagging their vulnerability. Cybersecurity firm Kaspersky says data from its own antivirus network shows that the percentage of industrial control system computers attacked last year increased last year by one percentage point to 40.6%.

IChemE’s fact files are available to read here. For more information on cybersecurity and other digitalisation topics related to chemical engineering, there is also the digitalisation priority topic area on IChemE’s website and the special issue of its Digital Chemical Engineering journal entitled ‘Autonomy, safety and security for cyber-physical systems in the process industries’.