As noted in the recent National Terrorism Advisory System (NTAS) Bulletin, certain offensive cyber operations have been attributed or allegedly attributed to the Iranian government, which has targeted a variety of industries and organizations including financial services, energy, government facilities, chemical, healthcare, critical manufacturing, communications, and the defense industrial base.
The Cybersecurity and Infrastructure Security Agency (CISA) is urging all facilities with chemicals of interest (COI) listed on the Chemical Facility Anti-Terrorism Standards’ Appendix A to consider enhanced security measures to decrease the likelihood of a successful attack. We would ask that you distribute this document with your council’s members and membership networks. It outlines measures facilities should consider to increase their physical and cyber protection—regardless of whether they are tiered under CFATS. This bulletin is also available on the CISA Insights webpage.
As of January 15, 2020, tiered CFATS facilities are not being required to implement the heightened security measures outlined under Risk-Based Performance Standards 13 and 14. We are monitoring the intelligence information and will inform high-risk chemical facilities if there are changes that warrant activation of RBPS 13 or 14.
Additionally, Chemical Security Inspectors (CSI) around the country are available to assist facilities, including non-tiered facilities. To request additional information, facilities can email CFATS@hq.dhs.gov.
CISA offers many additional free resources to strengthen the capacity of stakeholders to achieve their security and resilience mission. Visit the CISA.gov website for additional information and access to resources.
Thank you for your continued partnership.