Happy Friday. The chemical industry is considered a critical piece of U.S. infrastructure. But federal cybersecurity standards for the sector haven’t been updated in a decade, leaving it at risk for devastating cyberattacks, according to a new assessment from the Government Accountability Office.

The GAO said hackers could seize control of industrial systems to release hazardous substances and inflict mass casualties, WSJ Pro’s James Rundle reports.

Other news: U.S. senators to propose bill sanctioning Chinese officials over Hong Kong security law; three states commit to Apple-Google technology for coronavirus tracking; and breaches mar rollout of pandemic assistance websites.

Weekend Listening: Check out The WSJ Tech News Briefing podcast, where in a couple of episodes this week your faithful cyber team talks about coronavirus privacy and cloud security (links below).

Note: Readers, we are taking a break Monday in observance of Memorial Day in the U.S. We’ll see you again on Tuesday. 

Federal cyber standards for chemical plants criticized by watchdog. High-risk facilities that produce dangerous chemicals or explosives are at increased risk of cyberattack because of outdated federal security guidelines, the U.S. Government Accountability Office said.

A failure to fix these issues could leave chemical facilities more vulnerable to hackers, who could seize control of industrial systems to release hazardous substances and inflict mass casualties, the GAO said in a report this month.

These cybersecurity standards haven’t been updated by the Department of Homeland Security in more than 10 years. There were also significant gaps in oversight and a lack of formal processes to track cybersecurity skills or training among inspectors.

Read the full article at our website.

Senators to propose bill sanctioning Chinese officials over Hong Kong security law. Sen. Chris Van Hollen (D., Md.) and Sen. Pat Toomey (R., Pa.) are introducing a bipartisan bill that would sanction Chinese officials and entities that enforce the new national-security laws in Hong Kong, and penalize banks that do business with the entities. On Thursday, China signaled it will impose new national-security laws on Hong Kong, dealing a blow to the territory’s autonomy as Beijing moves to stop widespread pro-democracy protests that have challenged Chinese President Xi Jinping, The Wall Street Journal reports. Sens. Toomey and Van Hollen said they had been working on the bill, which aims to defend human rights in Hong Kong and pressure China to preserve the territory’s special status. They said Thursday’s developments made the legislation more urgent.

Three states commit to the Apple-Google tech for contact tracing. Alabama, North Dakota and South Carolina plan to use the decentralized, Bluetooth technology from Apple Inc. and Alphabet Inc.’s Google in statewide apps to track the spread of the new coronavirus, CNBC reports. The technology was included in mobile-operating system updates that Apple and Google issued this week.

Breaches mar rollout of pandemic assistance for the self-employed in some states. Illinois and Arkansas experienced data breaches related to implementing online systems where the self-employed can apply for financial benefits during the coronavirus pandemic, the Journal reports. Illinois’s website made public the personal information of some applicants. The Illinois Department of Labor said in a statement it was working with Deloitte to “run a full-scale investigation into the matter.” A spokeswoman for Arkansas’s Labor Department said it “took the system offline” upon discovery of the incident last Friday.

Tech troubles: More broadly, state labor departments have struggled to process the surge in claims because of the volume and faulty computer systems.

Write to the WSJ Pro Cybersecurity Team: Kim S. Nash, James Rundle, Catherine Stupp and David Uberti.

Follow us on Twitter: @knash99, @JimRundle, @catstupp and @DavidUberti. 

Contact Enterprise Technology Editor Steve Rosenbush at steven.rosenbush@wsj.com or follow him on Twitter: @Steve_Rosenbush.