New Guidelines for Cyber Resilience: What Chemical Companies Need to Know Now

Identifying Vulnerabilities in the Face of Growing Threats

Cyberattacks on critical infrastructure can have far-reaching and serious consequences, such as

• Operational downtime and production losses
• Data loss
• economic damage
• legal consequences
• potential environmental risks

The introduction of networked systems and the use of Industrial Internet of Things (IIoT) technologies are making production processes smarter and more efficient, but at the same time they are increasing the surface area exposed to cyber threats.

Regulatory requirements: NIS2, TKG, ISO 27001, and national guidelines

The new regulations on cybersecurity for network and information systems—such as the EU NIS 2 Directive—tighten the requirements for operators of critical infrastructure, which includes chemical parks and the companies located there. Affected companies must, for example, report significant security incidents within 24 hours and demonstrate what organizational and technical measures have been taken.

The Telecommunications Act (TKG) requires operators to implement appropriate technical and organizational measures to protect the IT systems they use, particularly in the case of their own networks on-site (e.g., private 5G) or when connecting to external operators or subcontractors.

The ISO/IEC 27001 standard defines globally recognized requirements for the handling and protection of information through the implementation of an information security management system (ISMS). It helps organizations systematically identify, assess, and address information security risks.

The BSI Act and the BSI Critical Infrastructure Regulation (BSI-KritisV) are of central importance to IT security officers in the chemical and pharmaceutical industries. They govern reporting requirements, security requirements, and audit obligations for critical infrastructure. The currently valid version remains based on the KritisV until the new KRITIS umbrella law fully enters into force.

Warning signs from the industry: Cyberattacks on chemical plants are on the rise

In recent years, there have been several major cyberattacks in the chemical industry:

• In 2017, the Triton malware attacked a petrochemical plant in Saudi Arabia and disabled safety-critical systems such as emergency shutdowns. The apparent goal was to trigger a physical disaster.
• The adaptive malware Tardigrade infiltrated biotechnology research facilities in 2021. It was able to evolve on its own.
• The Colonial Pipeline ransomware attack on the U.S. pipeline system had a massive impact on fuel supplies along the U.S. East Coast in 2021.

Our expertise as a chemical park operator: We make your IT and OT systems cyber-resilient

With over a decade of experience in developing and operating digital solutions for chemical parks, we offer modular and practical solutions for a wide range of organizations:

IIoT solutions

Connecting machines, sensors, and systems for smart manufacturing

Interfaces to production systems

Seamless integration and communication between different systems.

Communication and data lines

Secure and reliable data transmission.

Cloud integrations

Flexible and secure access to data and applications.

Logging and analytics systems such as Security Information and Event Management (SIEM)

Centralized logging and real-time analysis of security-related events.

Security Operations Center (SOC)

Round-the-clock monitoring of all security-related systems and regular updates with security patches.

Consulting on ISO 27001

Support ranging from the analysis and assessment of the organization, through a GAP analysis, to the planning of necessary measures and, if applicable, the achievement of successful certification.