US chemical plants risk disastrous cyberattacks relying on guidance a decade out of date

Thousands of US chemical facilities rely on badly outdated cybersecurity guidance, making them vulnerable to hacking attacks that could not only cause economic damage but also chemical spills or explosions, a Government Accountability Office (GAO) audit has found.

3300 chemical facilities in the US are classed as high-risk, meaning they use at least one of the 300 chemicals of interest. Included on this list are toxic and explosive compounds like chlorine and cyclopropane, but also chemicals that might not be immediately dangerous if released but could be converted into weapons if stolen.