How chemical engineers are helping to strengthen cybersecurity
With chemicals playing a role in 96 per cent of manufactured goods, safeguarding chemical companies against cyber threats is a top priority[1]. As digital transformation integrates operational technology (OT) with information technology (IT), chemical companies face increased exposure to sophisticated cyber threats. Cybersecurity is not just a technical issue, it requires a shift in culture, mindset and awareness of overlooked areas like physical security and supply chain integrity. Here, Duncan Lugton, Head of Policy & Impact at the Institution of Chemical Engineers (IChemE) explores how chemical engineers are uniquely positioned to take the lead in addressing these security challenges.
Our economy and society rely on a wide range of digital infrastructure, yet these critical systems are under unprecedented threat. Recent government research reveals that approximately half of UK businesses have faced a cyber-attack in the past year, drawing attention to the critical need for enhanced cybersecurity strategies [2].
A fundamental challenge in this area is the mismatch between OT and IT systems. OT systems are built for longevity, safety and reliability, while IT systems prioritise flexibility, scalability and frequent updates. Unlike IT, OT was not initially designed with cybersecurity in mind, leaving legacy OT equipment vulnerable to cyber threats, an ongoing issue in the UK given the prevalence of legacy equipment. Without built-in protections like encryption, these systems can be compromised through simple attack vectors, such as infected USB devices or unguarded access points. Cybersecurity awareness across the engineering sector remains inconsistent, with many organisations underestimating the risks associated with physical security, supply chains and outdated infrastructure. As digital technologies reshape the sector, these vulnerabilities demand urgent attention.
The unique contribution of chemical engineers
Chemical engineers design, operate and optimise a wide range of critical infrastructure where cybersecurity is paramount, ranging from nuclear power plants to biochemical reactors.The continued security and safe operation of these facilities is critical both to public confidence and to wider environmental and public wellbeing. Chemical engineers’ deep knowledge of OT environments means they can bridge the divide between IT and engineering operations, identifying vulnerabilities others might miss.
IChemE highlighted the importance of embedding this skillset into cybersecurity strategies in a recent roundtable, and this has been reinforced by a variety of recent incidents (such as on M&S and the Co-op).
From risk awareness to action
Chemical engineers can drive change by embedding cybersecurity into everyday operations. This includes identifying weak points in legacy systems, strengthening physical and supply chain security and promoting a culture of vigilance. As part of this transformation, engineers must also take an active role in training initiatives, ensuring that cybersecurity is understood and prioritised across all levels of operation.
Key challenges and skills gaps
Despite growing involvement, chemical operations still face significant cybersecurity gaps in some organisations. IChemE points to a lack of knowledge at senior levels, complacency around risk, and a shortage of skilled professionals, all of which hinder progress. Chemical and process engineers successfully drove a culture change to embed safety within their profession and we need to see a similar shift to prioritise cybersecurity. Bridging this divide requires upskilling chemical engineers, improving cross-functional collaboration and ensuring cybersecurity becomes a core component of engineering education and professional development.
To support this shift, IChemE is promoting cybersecurity awareness and embedding it into its training and development pathways. Initiatives include incorporating cybersecurity into HAZOPs, fostering a proactive safety culture and collaborating with industry partners to share best practice. This work is aligned with a broader commitment to protect critical national infrastructure, ensuring that chemical engineers are prepared to tackle 21st-century risks head-on.
As AI-driven IoT continues to transform the chemical sector, the role of chemical engineers in cybersecurity will only grow. Their expertise will be essential in identifying vulnerabilities, designing resilient systems and fostering a culture of risk awareness from the control room to the boardroom. With the right training, tools, and institutional support, chemical engineers can become leaders in securing our most vital infrastructure, ensuring that innovation and safety go hand in hand in the digital age.
Learn more about the roundtable discussion around AI and machine learning or cybersecurity. Find out more about IChemE’s training opportunities.
[1] https://www.americanchemistry.com/chemistry-in-america/news-trends/press-release/2021/us-specialty-chemical-markets-end-second-quarter-on-a-solid-note
[2] https://commonslibrary.parliament.uk/research-briefings/cbp-9821/
