Operators of industrial facilities, particularly those that operate critical, potentially dangerous processes or produce product for consumer consumption, are rightfully concerned about the potential for cyber threats that can accidentally or intentionally manipulate their industrial control systems (ICS). Modern ICS are highly vulnerable to cyber threats due to their increased use of commercial IT technology and extensive network connectivity. In the last few years, there have been numerous documented attempts to hack or inject a virus into an ICS to intentionally cause harm or destruction.
This presentation explores the challenges that most industrial companies face in understanding the true risk of cyber threats to their industrial processes and introduces Cyber PHA as a solution. Based on Process Hazard Analysis (PHA), which has been used in the process industries for decades to assist in understanding and ranking operational risks so they can be properly mitigated, a Cyber PHA is an organized and systematic assessment of the potential cyber threats to an ICS. It aids in understanding the true risk by identifying and qualifying threats, vulnerabilities and consequences.