AIChE, Metro New York Blog Homepage

October 2018 Blog on Cybersecurity
(Some Occasional Comments on the Chemical Engineering Field and its Future. These particular comments are not the opinion of the AIChE or the AIChE, Metro NY Section, but solely those of its Webmaster.)

Is Cybersecurity the "new" Process Safety?
As a Chemical Engineer, you know that Process Safety is a key operational activity in your life. A quick check for that topic on a
job board (the AIChE's CareerEngineer website) comes up with over a 1,000 hits. Try the keyword "Cybersecurity" and you will find a handful of jobs having it as part of their work description, and only one has it as part of its Job Title. But, that may be changing.

´╗┐But, perhaps "Process Safety" is "so last century" - most definitely not - but companies now need to expand their due diligence efforts beyond their plant property, and also be concerned with any possible incidents of electronic hacking of their processes beyond their borders. And, those incidents have been increasing in recent years - some publicly discussed, but many not disclosed at all for obvious reasons. Perhaps, the most notable event happened in 2010, when a malacious computer worm (called Stuxnet)
reportedly ruined almost one fifth of Iran's nuclear centrifuges that were used for separating and enriching its nuclear material.

Cybercrime is a Major Threat and Growing Fast
Cybercrime is forecast to cost the world some $6 trillion annually by 2021, doubling 2015's figure of 2015. That would include all forms of attacks ranging from denial of service attacks to cyber attacks on individuals. On the industrial side, the concern are attacks focusing on Industrial Control Systems (ICS) or
Supervisory Control and Data Acquisition (SCADA) systems.

Many industries have already recognized cyber attacks as a major future threat. (
See below section for web listings of such industrial cyber attacks.) These sectors range from the electrical and water utilities to the financial industry, as well as the many sectors of the chemical processing industries. In fact, financial companies rate cyber risk as its greatest threat (78% of surveyed companies) versus geopolitical risks (69%) and the impact of new regulations (45%), as reported in a recent New York Times special business section exploring that industry a decade after the financial crisis.

As individuals, we have entrusted much of our personal and financial lives to the Internet and computer access to our accounts. Accordingly, we need to be ever vigilant to personal attacks via email phishing, and other scams that may result in money theft or identity theft. We need to take extra steps to ensure that we work on secure networks, have strong passwords, and, when available, getting a security code via two-factor authenication.
Before you become a victim of identity fraud, check out these resources at IdentityTheft.gov and the Identity Theft Resource Center.

Why You Should Attend our October 15th Meeting on Cybersecurity
First some thoughts worth repeating from Past Chair Herbert Cooper's
introductory remarks at our September 2011 dinner meeting - You know that many new fields are emerging, and that our world’s technological, regulatory and social components are becoming more complex. The simple fact is that none of us ever knows when a particular bit of information may be the critical factor in making a career decision that turns out well or perhaps helps us avoid unfortunate choices. Or it might be just what we need to make a better recommendation when evaluating a proposed project or technology. Joining our Section and attending our meetings is an extremely time- and cost-efficient way to gain an exposure to a broad range of subjects, technologies, business considerations and the like.

Professional meetings - either local luncheons or dinners or national meetings - can often provide insight into new fields and future technologies. In many cases, the people programming the topics and speakers may well be ahead of their audience. A wise man (Albert Einstein) once stated: “Scientists investigate that which already is; engineers create that which has never been.” I remember (as a Director of another group) programming decades ago what turned out to be a poorly-attended luncheon for the new topic of 3D printing (then known as rapid prototyping and additive manufacturing). In that vein (finding new topical trends that may change your future), we programmed the October meeting with an expert in this field for a subject that we have never presented before: on cybersecurity, and its possible impact on the CPI and the future of emerging jobs. Details at:
www.aiche-metrony.org.

What's to be done - Education and New Jobs
As you would expect, a number of schools already offer cybersecurity courses with the top schools being (the usual "cast of characters") ranging from Carnegie Mellon and MIT, to others, such as the University of Maryland, George Mason, NYU, Syracuse, Purdue, and the University of Southern California, among others.

Earlier this month, the New York City Economic Development Corp. (EDC) announced a $100 million initiative (called "Cyber NYC") to support a new center for training students, and a space for ten start-ups. The Global Cyber Center will open early next year at 115 Seventh Avenue in the Chelsea section of Manhattan. The aim is generate about 10,000 cybersecurity jobs over the next decade from this training. Currently, there are said to be 6,000 cybersecurity jobs in NYC. In other local news, venture capital firm Jerusalem Venture Partners will open a hub for young cybersecurity firms in NYC's Soho. Also, EDC is commissioning Columbia University to connect entrepreneurs with academics who have patented cybersecurity technologies.

The firm of
Cybersecurity Ventures predicts there will be 3.5 million (unfilled) cybersecurity job openings by 2021worldwide. (The Cybersecurity Jobs Report is sponsored by Herjavec Group, a leading global information security advisory firm and Managed Security Services Provider (MSSP) headed by Robert Herjave of Shark Tank fame.) In 2017, the U.S. employed nearly 780,000 people in cybersecurity positions, with approximately 350,000 current cybersecurity openings, according to CyberSeek, a project supported by the National Initiative for Cybersecurity Education (NICE), a program of the National Institute of Standards and Technology (NIST) in the U.S. Department of Commerce. The current number of U.S. cybersecurity job openings is up from 209,000 in 2015. At that time, job postings were already up 74 percent over the previous five years, according to a Peninsula Press analysis of numbers from the Bureau of Labor Statistics.

Cyber Incidents:
The
Repository of Industrial Security Incidents (RISI: http://risidata.com) is a database of incidents of a cyber security nature that have (or could have) affected process control, industrial automation or Supervisory Control and Data Acquisition (SCADA) systems. Unfortunately, this website was last updated in January 2015.

Another source, the
Center for Strategic and International Studies (CSIS) has offered a listing of Significant Cyber Incidents since 2006 at https://www.csis.org/programs/cybersecurity-and-governance/technology-policy-program/other-projects-cybersecurity.

For 2018, there were a number of reports affecting industrial sectors:

March 2018.  The FBI and Department of Homeland Security issued a joint technical alert to warn of Russian cyber attacks against US critical infrastructure. Targets included energy, nuclear, water, aviation, and manufacturing facilities.

May 2018.  Researchers reveal that a hacking group connected to Russian intelligence services had been conducting reconnaissance on the business and industrial control systems (ICS networks) of electric utilities in the US and UK since May 2017.

July 2018.  Ukrainian intelligence officials claim to have thwarted a Russian attack on the network equipment of a chlorine plant in central Ukraine.

July 2018. Security researchers report that an Iranian hacking group had been targeting the ICS of electric utility companies in the U.S., Europe, East Asia, and the Middle East.

David Deutsch, Webmaster
AIChE,Metro NY Section


Back to Homepage