In today’s world, we are more connected than ever before. Twenty-four-hour global communication comes with greater opportunities for malicious actors to access stored sensitive information and personal data.
The chemical distribution industry is no stranger to fending off cybercriminals to protect their products and facilities. This industry not only serves as a major component of the U.S. economy, but plays an important role in the day-to-day well-being of American lives. As a result, cybercriminals regularly target these businesses and the chemicals they oversee.
As a leader in the chemical distribution sector, the Alliance for Chemical Distribution (ACD) upholds the highest standards of responsibility to protect our members, customers, and communities from these evolving threats. This Cybersecurity Awareness month, its important to examine the increasingly advanced tactics, developing technologies, and policy changes that have required the industry to remain even more alert against fraud.
Phishing and Spoofing Attempts
In recent years, our members have experienced an increase in fraudulent activity, with cybercriminals using more sophisticated tactics. These include posing as legitimate companies to purchase various chemicals and utilizing new methods to make it more challenging for victims to recognize fraud.
Companies are trying to determine the impact of artificial intelligence (AI) as this technology grows in capability and usage, companies in our sector must ensure they remain vigilant in the way these tools are used for malicious purposes. Bad actors have increasingly used developing technology, like AI, to correct poor grammar, which has been a red flag, and to change the product delivery location at the last minute. This has made it even more difficult to catch these schemes.
It’s paramount that companies train their employees on due diligence to keep up to date on the latest trends so individuals can identify suspicious activity and ask the right questions when a request seems abnormal. Employees are the most vulnerable targets for hackers, so ensuring that they are well informed is critical to businesses’ security.
Recent Trade Fraud
More recently, several ACD members who import chemical products have alerted us about the growing trend that specific chemicals, like citric acid, which is predominately used in the food, beverage, and pharmaceutical sectors, are being sold by bad actors within the U.S. with fraudulent country of origin listings. This is an evasion of existing law and places American consumers and businesses at risk.
Another concerning fraudulent trade practice is the repackaging and relabeling of citric acid from China and other countries subject to U.S. duties or tariffs. Other schemes involve counterfeiting the names and logos of reputable foreign manufacturers and suppliers. This type of fraud poses a serious threat to law-abiding American businesses, many of which are small, multi-generational companies. Due to the potential dangers on our members and their partners in the supply chain, ACD has held meetings with administration officials to address these concerns.
CFATS
With the rapid adoption of advanced technology in recent years, ACD members have experienced an uptick in cyber-related incidents where impersonators have tried to acquire legitimate, regulated substances. One program – the Chemical Facility Anti-Terrorism Standards (CFATS) regulation– provided key safeguards against the latest threats to our nation’s sensitive chemical facilities for over 16 years. CFATS was the first regulatory program to explicitly focus on physical and cyber security at chemical sites.
Since the program expired last year, chemical facilities have had to remain cautious of increasing security gaps and the potential threat of criminal activity without the regulatory support from government partners like the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. ACD continues to urge Congress to reinstate CFATS before the industry – and our nation – are put at further risk.
The growing complexity of cyber-challenges businesses must now face underscores the importance of cyber hygiene, including strong passwords, multifactor authentication, software updates, and installing strong anti-malware software. By staying up to speed on the range of tactics used by bad actors, companies have a strong foundation from which to counter even the most complex cyberattacks. In fact, the more obstructions an opponent faces, the more likely they will abandon their attempted breach. This month gives us incentive to focus on these issues and serves as a powerful reminder that vigilance is essential in safeguarding against both the threats we face today and those on the horizon. Cybersecurity is not just a priority—it’s a necessity for survival in the digital age.