Cybersecurity has received a lot of attention in 2014. We have had a Cybersecurity
Subcommittee under the Plant Automation and Decision Support Committee since 2005.
This subcommittee has provided technical feedback on legislation and regulatory
efforts. However, many of the cybersecurity issues we have presently (e.g. Executive
Order on Improving Critical Infrastructure Cybersecurity) need not only technical
feedback, but feedback from higher levels in our companies also. While there are
members of the AFPM Government Regulations Committee who also receive our emails
on cybersecurity issues, they are very much engaged with other industry issues.
Cybersecurity is an issue that is increasing in importance for the refining and
petrochemical industries. Cybersecurity demands proactive thinking by IT, industry
control systems, physical security and executive level staff. To that end, we suggest
a standing ad hoc group of Chief Information Officers and those at the level from
our membership, both regular and associate members, to review draft legislation,
proposed regulatory requirements, and to help us engage more fully in these efforts.
We believe that by having this ad hoc group, along with the existing Cybersecurity
Subcommittee, we will be able to fully cover both technical and advocacy issues
AFPM also supports legislation that will allow member companies to freely share information with the government and other private companies—in a timely manner and secure environment—while also being provided with adequate liability and antitrust protections. Importantly, cybersecurity legislation should not impose mandatory standards on the private sector nor duplicate existing requirements already being implemented.
Recognizing that the national and economic security of the United States depends
on the reliable functioning of critical infrastructure, the President issued Executive
Improving Critical Infrastructure Cybersecurity, in February 2013. It directed
NIST to work with stakeholders to develop a voluntary framework – based on existing
standards, guidelines, and practices - for reducing cyber risks to critical infrastructure.
NIST released the first version of the
Framework for Improving Critical Infrastructure Cybersecurity on February 12,
2014. The Framework, created through collaboration between industry and government,
consists of standards, guidelines, and practices to promote the protection of critical
infrastructure. The prioritized, flexible, repeatable, and cost-effective approach
of the Framework helps owners and operators of critical infrastructure to manage
© 2015 AFPM. All rights reserved
American Fuel & Petrochemical Manufacturers
1667 K Street NW Washington, DC 20006