The need for cybersecurity in chemical logistics
Within the project, business, industry association and cyber specialists are working together. And the need for a structured approach is great. Chairman of the IFCL Luciën Govaert: "Cyber threats are a growing risk for the chemical chain; from attacks on production processes at manufacturing companies to attacks on chemical storage and intermediate transport. Incidents such as ransomware attacks on supply chains, manipulation of industrial control systems and data breaches can not only threaten business continuity, but also cause physical damage and environmental problems. And this is just when there is a need for greater connectivity and far-reaching automation. This project therefore focuses on strengthening digital and operational security throughout the chemical chain."
One of the distinguishing features of this project is its emphasis on OT (Operational Technology) and ICS (industrial control systems). Traditional cybersecurity focuses primarily on IT infrastructures, such as corporate networks and databases. OT and ICS, on the other hand, control industrial processes, such as temperature regulation in chemical storage tanks. Or as one ethical hacker at the Chemiebeurs 2024 put it as an example, "What if I manage to turn on the foam system at one of your storage companies for a few seconds and call an hour later to ask if money can be transferred because otherwise I'll move on?" This is an example that could be devastating to a company and pose a direct threat to the company and the surrounding area.
What distinguishes the world of professional hackers from non-professionals is that it is not about small issues. "These types of hackers are mostly not in African countries where the hacks in private often come from, but are all over the world. It is a billion-dollar business with a call center, websites where hacked companies can find themselves with behind their name the files that are going to be opened. If no payment is made, customer data and personal information can be offered through the darkweb (a hidden part of the Internet). These are professionals who sometimes spend a year mapping everything about the company to be hacked before striking. A list on the darkweb keeps track of which companies are currently hacked. Every week fifty new companies in the Netherlands and Belgium are added. These are not data that are blocked or changed, but mainly vital data of the company that will be sold if not paid," said Govaert .
Collaboration and innovation
The success of this project depends on close cooperation between various stakeholders:
- Logistics and manufacturing companies: they are implementing new security protocols in their operational processes.
- Technology developers: they provide innovative security solutions, such as advanced firewall technologies and secure communication systems.
- Cybersecurity experts: they identify vulnerabilities and develop Best Practices for protection against cyber attacks.
An important first step within the project is to identify the risks within the chain. An ethical hacker will attempt to "break into" two sample companies and identify weaknesses. Following this, a risk analysis will be prepared and an advisory list developed. What is already certain is that constant innovation and adaptation to new threats will be necessary. In any case, the chemical sector will need to invest in proactive cybersecurity strategies, such as:
- AI-driven detection systems that can detect anomalies in industrial processes.
- 'Zero Trust Architecture' where no entity within the network is automatically trusted.
- Regular cybersecurity exercises with simulations of cyber attacks to test the company's response and resilience.
The project, which began in January 2025, has a lead time until February 2026.