S4: Getting a Handle on Consequences

John Cusimano, vice president of cybersecurity at aeSolutions, was recently featured in a panel at the S4X19 conference exploring the strengths and benefits of conducting a Cyber Process Hazard Analysis (CyberPHA) or Consequence-driven Cyber-informed Engineering (CCE) process.  A recent article on isssource.com highlighted some takeaways from that panel:


“In a CyberPHA we leverage processes we had around process safety to bring it into cybersecurity,” Cusimano said. “How do we decide on what consequences could be caused by cyber and drill down on how that could happen. No one person in a facility will understand threats and consequences, it takes a team.”

In a CyberPHA, the user can:
• Document the system
• Conduct a vulnerability assessment
• Partition the system
• Conduct a risk assessment
• Create mitigation planning

“We identify the worst case consequences and understand how that could happen,” Cusimano said. “That presents a nice picture of an attack scenario.”

The entire ISS Source article can be found below:

S4: Getting a Handle on Consequences

Leave a Reply

Your email address will not be published. Required fields are marked *