Abstract
The petro-chemical industry is a critical infrastructure that is vulnerable to cybercrime. In particular, industrial process control systems contain many vulnerabilities and are known targets for hackers. A cyberattack to a chemical facility can cause enormous risks to the economy, the environment, and public health and safety. This gives rise to the question how corporate cybersecurity has developed; how it is governed; and whether it should be subject to public oversight. This paper presents a case study of the governance of cybersecurity in the petrochemical industry in the Rotterdam Mainport area in the Netherlands, which reflects the ‘new governance’ view that cybersecurity can best be governed through voluntary public-private partnerships. The paper finds however that actual collaborative governance is not developing in the petrochemical industry in the port of Rotterdam; that corporate awareness and investment in cybersecurity stay behind standards, and that cybersecurity is not included in regulatory inspections. The paper places these findings in the context of three problems often associated with ‘new governance’ particularly pressing in cybersecurity governance: a weak role of government in public-private collaborative arrangements; an expectation that businesses will invest in self-regulation even in the absence of incentives to do so, and a lack of information exchange. In the port of Rotterdam, these problems result in a lack of obligations and accountability pressure on petrochemical corporations, leaving on of the most important chemical industrial hazards of today, largely unregulated.
Highlights
Chemical corporations as potential targets of cybercrimeThe risk of becoming the target of a cyberattack is one of the most prominent security risks for corporate actors in the modern world
The survey was based on two checklists for SCADA security developed by the Dutch National Cyber Security Centre (NCSC). 2 These checklists reflect emerging Process Control Systems (PCS) security standards and best practices in PCS cybersecurity as they are being developed by public-private cybersecurity networks, in particular in the US and in Europe [7]
Experts agree that there is a considerable risk that a cyberattack against process control systems of chemical facilities may result in chemical incidents causing harm to people, the economy, and the environment
Summary
Chemical corporations as potential targets of cybercrimeThe risk of becoming the target of a cyberattack is one of the most prominent security risks for corporate actors in the modern world. In the United States, in 2014 alone, prominent corporations such as Target, Home Depot, Yahoo, Google, and Apple are well-known targets of cyberattacks [2]. Many of these attacks involve identity theft – cybercriminals stealing digitally stored personal data, such as credit card data, of customers of these corporations, that they can sell online or capitalize in other ways. Another mode of cybercrime targets the internet itself, when corporate websites are attacked and rendered inaccessible for their clients. The difference is that whereas DDOS attacks render companies websites or services inaccessible and block access to companies, this form of cybercrime enables cybercriminals to enter business processes and take control of them
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
