Process plants need to be protected against physical consequences generated from cyber-attack. The starting point for developing a program for cyber-security is the assessment of the risk posed by cyber-attacks. Instead of starting with a blank sheet for paper for this analysis, use of the existing PHA documentation and process will provide optimal results with minimal additional work, and also ensuring that risk tolerance criteria and risk management methods are consistently applied. This paper will explain how existing methods for process hazards analysis (PHA) of process industry plants can be expanded with an additional "cyber review". The purpose of the cyber review is to determine if there are any cyber-attack vectors that can cause significant physical damage to the facility, and if so, make recommendations for modifying one or more of the safeguards in a cyber-vulnerable vector so that they are not vulnerable to cyber-attack, or assigning an appropriate level of performance to cyber-security measures. The same way that definition of safety integrity levels (SIL) flow from HAZOP through LOPA to a safety instrumented system specifications, the definition of "security levels" as defined in ISA 99 (IEC 62443) can flow from the PHA through a "cyber review" to industrial control network specifications.
The approach that will be discussed includes analysis of the causes of safety incidents, the safeguards that prevent the causes from resulting in consequences, and the magnitude of the consequences that might result from the realization of these hazards. The discussion will include an example of a batch chemical reactor where a Hazards and Operability (HAZOP) study was assessed using a PHA cyber review in order to determine whether or not the facility was inherently cyber-safe, and if not, make cyber-safe recommendations and define IEC 62443 Security Level specifications.
See more of this Group/Topical: Global Congress on Process Safety