CFATS Cyber Reporting Requirements

The Cybersecurity and Infrastructure Security Agency (CISA) has released a new webpage and fact sheet to provide guidance to Chemical Facility Anti-Terrorism Standards (CFATS)-regulated facilities regarding how and when to report cybersecurity incidents.

Through these resources, CISA provides that reportable significant cybersecurity incidents at a CFATS facility may include, but are not limited to:

  • Known security issues, vulnerabilities, and exploits that impact a CFATS Chemical of Interest (COI) asset or system;
  • Attempts to gain unauthorized access to a critical cyber system;
  • Threats to Operational Technology (OT) systems;
  • Ransomware incidents;
  • Phishing, malware, trojan horse, or virus attacks that were not contained;
  • Structured Query Language (SQL) injections where malicious code is injected into a server and forces it to disclose private data;
  • Attempts to gain unauthorized access to a system’s wireless network or mobile devices on the network;
  • Changes to a system’s firmware, software, or hardware without the system owner’s consent;
  • Disruption or Denial of Service (DOS) or Distributed Denial of Service (DDOS) attempts; and
  • Impacts to national security, economic security, or public health and safety systems.

Cyber systems that CISA considers critical are systems related to controlling, processing, ordering, and/or accessing CFATS COIs – including control systems, business systems, access control systems, Enterprise Resource Planning (ERP) systems, sales systems, and safety instrumented systems.

Once a cyber incident has been detected and response measures have been initiated, CFATS facilities are now required to report significant cybersecurity incidents to CISA via CISA Central at [email protected].

When contacting CISA Central, facilities should indicate they are “critical infrastructure” within the Chemical Sector. Facilities should also include a description of the incident, indicate that they are CFATS regulated, and include their CFATS facility identification number.


More Posts

Reduced Cost for Online TWIC Renewal

In August 2022, the Transportation Security Administration (TSA) implemented an online renewal process for Transportation Worker Identification Credential (TWIC) applicants. This new capability permits eligible

Online TWIC Renewal Program

On August 11, 2022, the Transportation Security Administration (TSA) began allowing most current TWIC holders to renew their credentials online without needing to visit an enrollment center.

Send Us A Message